Author Topic: How to get data from kernel memory area??then send it to user applicati  (Read 4220 times)

Offline junior_study

  • Jr. Member
  • *
  • Posts: 4

hi,

In user mode , If I  try to access  the  kernel  memory  area to  get  data  from  there, as you know it is always denied  by  os,
 so  How to  progamme  to  get data from kernel  memory  area??then  send it  to  user application?

if this can be realized, then application debuging  will go easy.

some better advice?

Thank  you!

Offline TightCoderEx

  • Full Member
  • **
  • Posts: 103
What would be helpful, if you were to give a specific example of why you'd need to access kernel memory.  Generally, what the kernel stores locally is of no real value to you, and those areas where there is data you need for your application can be accessed through SYSCALLs.

If you need to change something in OS one of the 300 SYSCALLs should be sufficient enough to do that too.  Kernel memory is protected for a good reason, as modifying it can have adverse affects on other programs running at the time or maybe even other users.  This applies equally to all operating systems, Linux, OSX and Windows.

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2451
  • Country: us
Re: How to get data from kernel memory area??then send it to user appli
« Reply #2 on: July 19, 2012, 03:07:10 PM »
Hi junior_study,

As you note, the OS denies us access to some memory. A "protected mode" OS is protected from US! If you found a way to access this memory, it would be a vulnerabilty in the OS. File a bug report! We don't want to discuss it here.

However, an OS will provide an interface... call it an "accessor function"... that will allow you to "get" and "set" certain parameters. That's "supposed" to be all you need.

I'm curious... if you could access anything you wanted, what would you look at that would help with debugging?

Best,
Frank


Offline junior_study

  • Jr. Member
  • *
  • Posts: 4
What would be helpful, if you were to give a specific example of why you'd need to access kernel memory.  Generally, what the kernel stores locally is of no real value to you, and those areas where there is data you need for your application can be accessed through SYSCALLs.

If you need to change something in OS one of the 300 SYSCALLs should be sufficient enough to do that too.  Kernel memory is protected for a good reason, as modifying it can have adverse affects on other programs running at the time or maybe even other users.  This applies equally to all operating systems, Linux, OSX and Windows.

thank  you!
can I  get  the  current  debugged  process's  task_struct?
can I get  the  gdt base address through  a syscall ?
can you give me some  methods to  achive  them?

thank you