Skip to content

Latest commit

 

History

History
80 lines (73 loc) · 4.73 KB

README.md

File metadata and controls

80 lines (73 loc) · 4.73 KB

lkcd

Small pet project to find and dump some linux kernel guts like

etc etc

Sure contains poorly written buggy driver

Sample of checking on x64 5.15.0-52

registered consoles: 1
[0] tty at 0xffffffffbd6fbde0 flags 7 index 0
   write: 0xffffffffbbde6510 - kernel!vt_console_print
   device: 0xffffffffbbde30a0 - kernel!vt_console_device
   unblank: 0xffffffffbbde5a70 - kernel!unblank_screen
...
uprobes: 1
[0] addr 0xffffa008c309bc00 inode 0xffffa008c12d61a0 ino 1043126 clnts 1 offset 4710 flags 0 
 consumer[0] at 0xffffffffc0605100
   handler: 0xffffffffc0603b13 - lkcd
   ret_handler: 0xffffffffc0603af3 - lkcd
...
timers for cpu 1 7:
 0xffff9e5e41049690 flags A000001 0xffffffffa43f5fe0 0xffffffffa43f5fe0 - kernel!blk_stat_timer_fn
 0xffff9e5e5de8c440 wq 0xffff9e5e5de8c420 flags 12600001 0xffffffffa3f345c0 0xffffffffa3f345c0 - kernel!psi_avgs_work
 0xffff9e5e57414440 wq 0xffff9e5e57414420 flags 1A600001 0xffffffffa3f345c0 0xffffffffa3f345c0 - kernel!psi_avgs_work
 0xffff9e5e5025a3c8 wq 0xffff9e5e5025a3a8 flags 1F600001 0xffffffffc0600390 0xffffffffc0600390 - r8169
 0xffff9e5e50c877f0 flags 21C00001 0xffffffffa43e2cd0 0xffffffffa43e2cd0 - kernel!blk_rq_timed_out_timer
 0xffff9e5e50c78a10 wq 0xffff9e5e50c789f0 flags 23E00001 0xffffffffa41c2e80 0xffffffffa41c2e80 - kernel!wb_workfn
 0xffff9e618e45fc20 flags 42D00001 0xffffffffa3e605d0 0xffffffffa3e605d0 - kernel!mce_timer_fn
...
mem at 0xffffffff8b633058 (x86_cpuinit+8) patched to 0xffffffff8a075d50 (kvm_setup_secondary_clock)
mem at 0xffffffff8b6331c0 (i8259A_chip+40) patched to 0xffffffff8a0373a0 (disable_8259A_irq)
mem at 0xffffffff8b6365c8 (machine_check_vector) patched to 0xffffffff8ab74bf0 (do_machine_check)
mem at 0xffffffff8b6365d0 (mce_adjust_timer) patched to 0xffffffff8a04f200 (cmci_intel_adjust_timer)
mem at 0xffffffff8b638848 (__acpi_register_gsi) patched to 0xffffffff8a060d40 (acpi_register_gsi_ioapic)
mem at 0xffffffff8b641a28 (pv_ops+8) patched to 0xffffffff8a075cb0 (kvm_sched_clock_read)
mem at 0xffffffff8b652c08 (alg+8) patched to 0xffffffff8a089550 (crc32c_pcl_intel_update)
mem at 0xffffffff8b652c18 (alg+18) patched to 0xffffffff8a089530 (crc32c_pcl_intel_finup)
mem at 0xffffffff8b652c20 (alg+20) patched to 0xffffffff8a089510 (crc32c_pcl_intel_digest)
mem at 0xffffffff8b7d2d70 (ecap_perms+30) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d2dd0 (ecap_perms+90) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d3230 (cap_perms+10) patched to 0xffffffff8a82f320 (vfio_basic_config_read)
mem at 0xffffffff8b7d3250 (cap_perms+30) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d3290 (cap_perms+70) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d3310 (cap_perms+F0) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d3430 (cap_perms+210) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b7d3490 (cap_perms+270) patched to 0xffffffff8a82f0f0 (vfio_default_config_read)
mem at 0xffffffff8b81f1e0 (pcibios_disable_irq) patched to 0xffffffff8a643760 (acpi_pci_irq_disable)
mem at 0xffffffff8b81f1e8 (pcibios_enable_irq) patched to 0xffffffff8a6434d0 (acpi_pci_irq_enable)

As you can see for uprobes you have only inode number so you should use "find -inum 1043126" to find on which file uprobe was installed

dependencies