tags:

views:

70

answers:

2
+1  Q: 

Accessing any memory locations under Linux 2.6.x

Hey All,

I'm using Slackware 12.2 on an x86 machine. I'm trying to debug/figure out things by dumping specific parts of memory. Unfortunately my knowledge on the Linux kernel is quite limited to what I need for programming/pentesting.

So here's my question: Is there a way to access any point in memory? I tried doing this with a char pointer so that It would only be a byte long. However the program crashed and spat out something in that nature of: "can't access memory location". Now I was pointing at the 0x00000000 location which where the system stores it's interrupt vectors (unless that changed), which shouldn't matter really.

Now my understanding is the kernel will allocate memory (data, stack, heap, etc) to a program and that program will not be able to go anywhere else. So I was thinking of using NASM to tell the CPU to go directly fetch what I need but I'm unsure if that would work (and I would need to figure out how to translate MASM to NASM).

Alright, well there's my long winded monologue. Essentially my question is: "Is there a way to achieve this?".

Anyway...

+5  A: 

If your program is running in user-mode, then memory outside of your process memory won't be accessible, by hook or by crook. Using asm will not help, nor will any other method. This is simply impossible, and is a core security/stability feature of any OS that runs in protected mode (i.e. all of them, for the past 20+ years). Here's a brief overview of Linux kernel memory management.

The only way you can explore the entire memory space of your computer is by using a kernel debugger, which will allow you to access any physical address. However, even that won't let you look at the memory of every process at the same time, since some processes will have been swapped out of main memory. Furthermore, even in kernel mode, physical addresses are not necessarily the same as the addresses visible to the process.

JSBangs  2010-07-13 16:43:06
Ah that was the term I was looking for: Protected mode. The main difference between the type of CPU's I usually deal with.Thank you for the literature, It is quite informative =)
w3b_wizzard  2010-07-13 18:07:09
@JS Bangs: Not really "all of them" -- some RTOSes run in real mode, and what about nommu linux variants?
bstpierre  2010-07-13 21:32:46
This isn't actually true. root processes on Linux can map `/dev/mem` to access physical memory locations.
caf  2010-07-14 06:34:13
+3  A: 

Take a look at /dev/mem or /dev/kmem (man mem) If you have root access you should be able to see your memory there. This is a mechanism used by kernel debuggers.

Note the warning: Examining and patching is likely to lead to unexpected results when read-only or write-only bits are present.

From the man page:

mem  is  a character device file that is an image of
the main memory of the computer.  It may be used, for
example, to examine (and even patch) the system.

Byte  addresses  in  mem  are interpreted as physical 
memory addresses. References to nonexistent locations 
cause errors to be returned.

...

The file kmem is the same as mem, except that the 
kernel virtual memory rather than physical memory is 
accessed.
Paul Rubel  2010-07-13 16:56:50
Interesting utility... thank you =)
w3b_wizzard  2010-07-13 18:07:29

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?