I'm given a stopped virtual machine, with access to the CPU and the memory. It is now running a kernel function.
I want to copy the entire kernel stack. How can I do that in a generic way, that would hopefully work across multiple kernels. For simplification, let's discuss x64. I know where the stack ends, but how can I know where it begins? I can check the memory mapping, and assume nothing would take the virtual address before the start of the kernel's stack, but I don't know if I can count on it for most mainstream OSes. Maybe there's a known method I'm missing, I'll be happy for any comments. Thanks,
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il