> > Yes, but how can I know what is offset of any specific structure I want to
> > read??
> generally, under UNIX you would use nlist(3C) on /stand/unix. Under Linux
> you get the offset by looking at System.map file or, much better, by
> using:
> ksymoops -s map < /dev/null
>
> and examining the map file which contains addresses of the modules'
> symbols also. If you look at lsof(8) source code, I vaguely remember it
> has some very nice interface that does the symbol manipulation for you
> which can be cut-and-pasted into your own program. Also, the MCL crash I
> mentioned contains a useful set of functions that manipulate kernel
> symbols - can be "borrowed" too as all this stuff is GPL.
thanks, this is information I needed...
> > > versions of ps(1) used to use /dev/kmem - nowadays it is much better to
> > > access kernel data structures via well-defined interfaces exported by
> > > /proc.
> > Yes, but as I wrote in my previous mail: using /dev/kmem for process list
> > may be useful in finding some well-hidden backdoors - so I'd like to know
> > how to do it...
> your question is strange. Having access to /dev/kmem allows one to write
> garbage to kernel data structures which will render system useless - what
> can be worse than that?
You didn't understand me. First of all such kmem_ps would need write
access but only read access to /dev/kmem. Second thing is that I can allow
using kmem-ps only from root account - only to test if its result is the
same as normal /proc ps...
-- Michal Kosek You should pay homage to my homepage http://www.v-lo.krakow.pl/klasa4e/dziady3.html (For Polish Linux lovers - rest won't understand...;)- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:17 EST