rhit-frantzag
commented
2 weeks ago System.map is a map of various kernel symbols and their physical addresses. It is mainly used by ps, though many other services use /proc/kallsyms which is created at runtime and serves a similar function. System.map is an actual file (meaning stored in the filesystem statically), and tends to be located in one of the following locations: "/boot/", "/lib/modules/{kernel version}/", "/usr/src/linux/", and the root folder.
This will be useful context for writing the usermode and plugin components.