pahole使用
$ pahole -V timer_list ./vmlinux
struct timer_list {
struct hlist_node entry; /* 0 16 */
long unsigned int expires; /* 16 8 */
void (*function)(struct timer_list *); /* 24 /
u32 flags; /* 32 4 */
/* size: 40, cachelines: 1, members: 4 */
/* padding: 4 */
/* last cacheline: 40 bytes */
};
设置同一核上运行
#define _GNU_SOURCE
#include <sched.h>
cpu_set_t cpu_set;
CPU_ZERO(&cpu_set);
CPU_SET(0,&cpu_set);
sched_setaffinity(0,sizeof(cpu_set),&cpu_set);
gdb插件
//peda
git clone https://github.com/longld/peda.git peda
//echo "source ~/peda/peda.py" >> ~/.gdbinit
//Gef
//wget -q -O- https://github.com/hugsy/gef/raw/master/gef.sh | sh
wget -q -O ~/.gdbinit-gef.py https://github.com/hugsy/gef/raw/master/gef.py
echo source ~/.gdbinit-gef.py >> ~/.gdbinit
//Pwndbg
git clone https://github.com/pwndbg/pwndbg.git
cd pwndbg
//./setup.sh
查看地址
在没有kaslr的情况下可查看 /proc/kallsyms和/proc/modules 文件来找到他们的地址
驱动加载与卸载命令
-
insmod 加载模块
-
rmmod 卸载模块
-
lsmod 列出已安装模块
gdb调试增加驱动符号
# 首先查找ko加载的地址
$ grep target_ko_mode /proc/modules
0xffffffffc0000000
# gdb中使用 add-symbol-file 命令增加符号
$ pwngdb> add-symbol-file ./vuln.ko 0xffffffffc0000000
add symbol table from file "./vuln.ko" at .text_addr = 0xffffffffc0000000
Reading symbols from ./vuln.ko