简体繁体 English

如何从内核模块扫描用户空间内存

[英]How to scan user-space memory from a kernel module

原文 2017-06-17 10:54:47 5 1 c/ linux/ memory-management/ module/ kernel

I want to make a kernel module that scans a user-run process' memory and changes some values. 我想制作一个内核模块，该模块扫描用户运行进程的内存并更改一些值。 I'm having some trouble figuring out the proper way to interface with user-memory. 我在找出与用户内存进行交互的正确方法时遇到了一些麻烦。

I found the copy_to_user and copy_from_user functions from the IBM article User space memory access from the Linux kernel . 我从IBM文章Linux内核中的用户空间内存访问中找到了copy_to_user和copy_from_user函数。 But they take a user-space pointer. 但是它们采用了用户空间指针。 Since I'm not sure where the variable is that I want to change, I would like to scan the memory of the user-process but can't seem to find how. 由于我不确定要在哪里更改变量，因此我想扫描用户进程的内存，但似乎找不到方法。

I was thinking of reading /proc/$(pidof process)/maps for the address since the variable I want to change is in a shared object there. 我正在考虑读取/proc/$(pidof process)/maps地址/proc/$(pidof process)/maps ，因为要更改的变量位于共享对象中。 However, I read online that it's not good practice to read files in from a kernel module. 但是，我在线阅读了从内核模块读取文件的好习惯。

I was also thinking perhaps I could rig the copy_from_user function to copy the entire thing but didn't think that was a good idea since it's really big. 我也在想，也许我可以绑定copy_from_user函数来复制整个内容，但由于它很大，所以认为这不是一个好主意。

Any suggestions would be appreciated. 任何建议，将不胜感激。 Thanks. 谢谢。

1 个解决方案

What are you scanning the memory for and why can't you just do that from userspace? 您要扫描内存的内容是什么，为什么不能仅从用户空间进行内存扫描呢？ This is easily doable with accessing the mem file in proc. 通过在proc中访问mem文件，可以轻松做到这一点。

As for the answer to the question, I'm afraid this is one of the things that if you have a reason to do it, you can easily find out how to do it on your own. 至于问题的答案，恐怕这是如果您有理由这样做的一件事，那么您可以轻松地找到自己的方法。