| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Sep 2009 16:41:55 +0800
From: Hui Zhu <teawater@...il.com>
To: linux-kernel@...r.kernel.org
Subject: [Demo/lkm] Kcoredump -- Do coredump in any where of kernel(not same
with kcore)
Hi guys,
Kcoredump do a coredump in most part of kernel (it use kprobe, it can
be set most of part of kernel). For example:
insmod kcoredump.ko name=do_fork offset=11
gdb ./vmlinux /proc/kcoredump
Core was generated by `'.
[New process 0]
#0 do_fork (clone_flags=18874385, stack_start=3219612376, regs=0xc6c8ffb4,
stack_size=0, parent_tidptr=0x0, child_tidptr=0xb764b758)
at /home/teawater/kernel/linux-2.6/kernel/fork.c:1343
warning: Source file is more recent than executable.
1343 if (clone_flags & CLONE_NEWUSER) {
(gdb) bt
#0 do_fork (clone_flags=18874385, stack_start=3219612376, regs=0xc6c8ffb4,
stack_size=0, parent_tidptr=0x0, child_tidptr=0xb764b758)
at /home/teawater/kernel/linux-2.6/kernel/fork.c:1343
#1 0xc01016d5 in sys_clone (regs=0xc6c8ffb4)
at /home/teawater/kernel/linux-2.6/arch/x86/kernel/process_32.c:445
#2 0xc0102da1 in system_call ()
at /home/teawater/kernel/linux-2.6/arch/x86/kernel/entry_32.S:529
#3 0x00000000 in ?? ()
Now, it is just a demo version. It just support x86_32. But make it
support other arch is not very hard.
Thanks,
Hui
View attachment "kcoredump.c" of type "text/x-csrc" (9542 bytes)
Download attachment "Makefile" of type "application/octet-stream" (248 bytes)
Powered by blists - more mailing lists