NASM - The Netwide Assembler
NASM Forum => Other Discussion => Topic started by: junior_study on July 19, 2012, 01:24:30 PM
-
hi,
In user mode , If I try to access the kernel memory area to get data from there, as you know it is always denied by os,
so How to progamme to get data from kernel memory area??then send it to user application?
if this can be realized, then application debuging will go easy.
some better advice?
Thank you!
-
What would be helpful, if you were to give a specific example of why you'd need to access kernel memory. Generally, what the kernel stores locally is of no real value to you, and those areas where there is data you need for your application can be accessed through SYSCALLs.
If you need to change something in OS one of the 300 SYSCALLs should be sufficient enough to do that too. Kernel memory is protected for a good reason, as modifying it can have adverse affects on other programs running at the time or maybe even other users. This applies equally to all operating systems, Linux, OSX and Windows.
-
Hi junior_study,
As you note, the OS denies us access to some memory. A "protected mode" OS is protected from US! If you found a way to access this memory, it would be a vulnerabilty in the OS. File a bug report! We don't want to discuss it here.
However, an OS will provide an interface... call it an "accessor function"... that will allow you to "get" and "set" certain parameters. That's "supposed" to be all you need.
I'm curious... if you could access anything you wanted, what would you look at that would help with debugging?
Best,
Frank
-
What would be helpful, if you were to give a specific example of why you'd need to access kernel memory. Generally, what the kernel stores locally is of no real value to you, and those areas where there is data you need for your application can be accessed through SYSCALLs.
If you need to change something in OS one of the 300 SYSCALLs should be sufficient enough to do that too. Kernel memory is protected for a good reason, as modifying it can have adverse affects on other programs running at the time or maybe even other users. This applies equally to all operating systems, Linux, OSX and Windows.
thank you!
can I get the current debugged process's task_struct?
can I get the gdt base address through a syscall ?
can you give me some methods to achive them?
thank you