Copying kernel stack in a generic way
Elazar Leibovich
elazarl at gmail.com
Fri Dec 19 16:19:07 IST 2014
I'm given a stopped virtual machine, with access to the CPU and the memory.
It is now running a kernel function.
I want to copy the entire kernel stack.
How can I do that in a generic way, that would hopefully work across
multiple kernels.
For simplification, let's discuss x64.
I know where the stack ends, but how can I know where it begins?
I can check the memory mapping, and assume nothing would take the virtual
address before the start of the kernel's stack, but I don't know if I can
count on it for most mainstream OSes.
Maybe there's a known method I'm missing, I'll be happy for any comments.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20141219/5e745ec9/attachment.html>
More information about the Linux-il
mailing list