Shulou(Shulou.com)06/01 Report--

This article introduces you how to combine Linux crash tools / dev/mem to modify memory arbitrarily, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Linux kernel programmers confront a variety of problems almost every day:

The kernel crashed and the cause needs to be investigated.

The system parameters are not appropriate and need to be changed, but there is no interface.

If you change a variable or an if statement, you will recompile the kernel.

Want to adjust the logic slightly, but there is no source code, can not compile.

Solving each type of problem takes a lot of time, especially when recompiling the kernel. As a result, every Linux kernel programmer will more or less master some Hack skills to save time and improve productivity.

However, their own Hack kernel is very error-prone, a little careless will hurt the innocent (panic, step on memory …) Then you will get caught up in endless details, such as looking up a page table.

As the saying goes, if you want to do good work, you must first sharpen its tools. Linyuan envies the fish, it is better to retreat and form a net.

But if you use off-the-shelf tools, you will find that sometimes tools are difficult to expand. The marginal niche features you need are often not provided, and you still need to do it yourself, but you don't know how to do it.

What shall I do? Why not combine the two?

As a Linux kernel developer, proficiency in the use of these tools is required.

/ dev/mem is almost always claimed to be mmap to the process address space as an entire physical memory image, and many people do mmap / dev/mem device files to their programs, but get almost nothing. It's not the programmer's fault. After all, as a flat memory address space, the content of / dev/mem seems to have no structure, and the average DIY program can't parse it at all.

/ dev/mem is a treasure, it exposes the entire memory, but only if you have strong analytical power, it is a treasure, otherwise it is just a flat space full of zeros or ones. All kernel real-time data is in / dev/mem, so it makes sense to find them, but it's not easy to find them.

The crash & gdb tool will do this very well. The rest of this article will focus on the crash tool, similar to gdb.

Crash can be used not only to analyze and debug vmcore memory images of dead Linux corpses, but also to analyze and debug living Linux Live memory images, such as / dev/mem and / proc/kcore. It is also a memory image, so debugging a living memory image is more interesting.

On the Linux crash tool how to combine / dev/mem to make any changes to memory to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.