| OSDev.org https://forum.osdev.org/ |
|
| Wanted to look at IDT and other structs in memory https://forum.osdev.org/viewtopic.php?f=15&t=33082 |
Page 1 of 1 |
| Author: | ggodw000 [ Tue Jul 24, 2018 12:03 pm ] |
| Post subject: | Wanted to look at IDT and other structs in memory |
Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR. https://en.wikipedia.org/wiki/Address_s ... tion#Linux It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it? |
|
| Author: | Brendan [ Wed Jul 25, 2018 3:42 am ] |
| Post subject: | Re: Wanted to look at IDT and other structs in memory |
Hi, ggodw000 wrote: Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR. https://en.wikipedia.org/wiki/Address_s ... tion#Linux For slightly older CPUs, you should be able to use the "SIDT" or "SGDT" instructions in user-space (they are not privileged instructions) to determine where the IDT and GDT are (with or without ASLR the CPU must know the right addresses). Recently (maybe only a few years ago) Intel added a feature they call "User-Mode Instruction Prevention" which is just a flag in CR4 that can be used to disallow the execution of various instructions (SIDT, SGDT, ..) in user-space. In this case you just need a slightly older CPU that doesn't support it or a slightly older kernel that doesn't support it. ggodw000 wrote: It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it? For emulators (e.g. Qemu) there's a monitor you can use to inspect the IDT and GDT, without caring which kernel it is, without caring if the kernel uses ASLR or not, and without caring if "User-Mode Instruction Prevention" is supported and used. Cheers, Brendan |
|
| Author: | Desiderata [ Thu Sep 13, 2018 5:05 am ] |
| Post subject: | Re: Wanted to look at IDT and other structs in memory |
"SIDT" or "SGDT" lauren findley https://athletesphysiques.com/lauren-findley/ you should be able to "SIDT" or "SGDT" if it is a little older |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|