Closed k4lizen closed 2 weeks ago
k4lizen
commented
2 weeks ago Oh I looked at the source and thought it would be a simple implementation, but it's leveraging gdb's add-symbol-file, which doesn't really have a way to overwrite symbols from what I can see.
k4lizen
commented
2 weeks ago Oh nevermind! It is possible to properly get all the debugging info including source code lines from a vmlinux with.
~> gdb
gef> target remote :1234
gef> kbase
[+] Wait for memory scan
kernel text: 0xffffffff8e800000-0xffffffff8f804000 (0x1004000 bytes)
kernel rodata: 0xffffffff8fa00000-0xffffffff8feab000 (0x4ab000 bytes)
kernel data: 0xffffffff90000000-0xffffffff907ab000 (0x7ab000 bytes)
gef> add-symbol-file ./vmlinux 0xffffffff8e800000
add symbol table from file "./vmlinux" at
.text_addr = 0xffffffff8e800000
Reading symbols from ./vmlinux...
gef> p commit_creds
$1 = {int (struct cred *)} 0xffffffff8e89c6f0 <commit_creds>
gef>An important point was to not start gdb with gdb ./vmlinux.
I'll close this issue then, hopefully it ends up being useful to someone :3
Currently when I try to debug a kernel with KASLR, the symbols get resolved to wrong addresses.
To reproduce compile kernel v6.1 from source with debug info and gdb scripts, run qemu with the generated bzimage and kaslr, run gdb with the generated vmlinux
gdb vmlinuxand connect to qemu.Here it would be really useful if there was a flag to give to ks-apply so it would correct the symbols locations. This is useful because the vmlinux file with debugging info has other neat information, like for example line numbers, so one can see the linux source code while debugging which doesn't seem possible with ks-apply from what I can see.
Related: https://github.com/bata24/gef/issues/91