My purpose is to modify kernel function instructions directly through memory at runtime.
First I use "objdump -S kernel" to see the function names and their addresses. And then I use pointers to peek into the content at certain function address area (.text segment). However, their content is different from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel, which has no ASLR supported as I know. Is it because that the kernel function addresses are relocated? Or some kernel functions are not loaded into memory? Or is it not suitable to peek kernel ".text" content from a kernel module? I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files. _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
