Login or Register to Ask a Question and Join Our Community


Programming

Access process memory from kernel space

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Access process memory from kernel space
# 1  
Old 09-30-2008
Access process memory from kernel space
Hi,

I'm currently working on a project to help the analysis of malware from inside the kernel to avoid any kind of detection.

So I need to be able to read the process memory from my kernel module.

As of now, I'm stuck at converting a virtual memory address (for example 0x080483e8 found with gdb) to a kernel readable address.

I have found a way to track this address down to a page and then find the physical address of this page, but I get kernel oops every time I try to access it.

I have been reading and googling for days and I can't find the answer..

Thanks for you help !
# 2  
Old 10-06-2008
I suggest you re-post this in the OS-specific forum.
# 3  
Old 10-06-2008
What is the oops that you are getting. Can you post the error message here.
# 4  
Old 10-12-2008
Need more information
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Process holding /tmp space, need to know the process details

Hi , In a server /tmp has almost reached 75% and i can see the File system utilization is 48Mb only , so i believe some process is using the /tmp space. I would like to know which process is using /tmp space. # df -h /tmp Filesystem size used avail capacity Mounted on swap ... (9 Replies)
Discussion started by: chidori
9 Replies

2. Solaris

[DOUBT] Memory high in idle process on Solaris 10 (Memory Utilization > 90%)

Hi Experts, Our servers running Solaris 10 with SAP Application. The memory utilization always >90%, but the process on SAP is too less even nothing. Why memory utilization on solaris always looks high? I have statement about memory on solaris, is this true: Memory in solaris is used for... (4 Replies)
Discussion started by: edydsuranta
4 Replies

3. Emergency UNIX and Linux Support

CPU and memory utilization of a process, by process name

Can someone please help me with a script that will help in identifying the CPU & memory usage by a process name, rather than a process id.This is to primarily analyze the consumption of resources, for performance tweaking. G (4 Replies)
Discussion started by: ggayathri
4 Replies

4. UNIX for Dummies Questions & Answers

kernel giving access for multiple users to access files

hi all, i want to know y kernel is giving access for multiple users to access a file when one user may be the owner is executing that file. Because other user can manipulate that file when the other user is executing that file, it will give the unexpected result to owner . plz help me... (1 Reply)
Discussion started by: jimmyuk
1 Replies

5. UNIX for Advanced & Expert Users

wake up user space thread from kernel space ISR

Hello, I'm searching for a proper way to let the kernel space ISR(implemented in a kernel module) wake up a user space thread on a hardware interrupt. Except for sending a real-time signal, is it possible to use a semaphore? I've searched it on google, but it seems impossible to share a... (0 Replies)
Discussion started by: aaronwong
0 Replies

6. UNIX for Advanced & Expert Users

Can kernel process access user address space ?

Can kernel process access user address space ? (2 Replies)
Discussion started by: subhotech
2 Replies

7. UNIX for Advanced & Expert Users

kernel: Out of Memory: Killed process 2990

There is a tomcat webserver running that is used to host a java application. Sometime the service goes down with error logs. I see the following error messages in /var/log/messages: kernel: Out of Memory: Killed process 2990 (co). Out of Memory: Killed process 25671 (httpd) Out of Memory:... (7 Replies)
Discussion started by: bsandeep_80
7 Replies

8. UNIX for Dummies Questions & Answers

Revoke Kernel Access..

Hi, I need to know how to revoke the access/permission of Kernel for a group. In details, one of the group 'X' is having kernel access/permission and this group can control the Kernel at anytime. How can we revoke this permission/access ? Thanks, Rohit.. (13 Replies)
Discussion started by: ronix007
13 Replies

9. UNIX for Dummies Questions & Answers

upper limit of accessible memory space for a single process in Unix/Linux

Hellp all, if there is 3G memory in my Unix server I want to know if all the 3G space can be used by ong sigle process. As i know, in Windows, one process can only access at most 1G memory despite there is probably more than 1G memory is equipped. (1 Reply)
Discussion started by: cy163
1 Replies

10. AIX

Kernel use of real memory

Hello AIX gurues... In order to present the statistics of real memory usage I need to know how much real memory is used by the AIX 5L kernel. No the exact figures of course but some close to the reality. The AIX is running in a 7GB real machine, it has a HACMP configuration and my concern is... (1 Reply)
Discussion started by: daniels
1 Replies
Login or Register to Ask a Question