Copying kernel stack in a generic way
Muli Ben-Yehuda
mulix at mulix.org
Sun Dec 21 09:27:57 IST 2014
On Fri, Dec 19, 2014 at 02:19:07PM +0000, Elazar Leibovich wrote:
> I know where the stack ends, but how can I know where it begins?
What assumptions can you make? Can you run kernel code in the VM
(e.g., by cloning and restarting it)? Can you assume it's running
Linux and/or Windows? Can you assume the kernel was compiled with
frame pointers? Or is it a completely black box VM and you can't make
any assumptions about what's running inside?
> I can check the memory mapping, and assume nothing would take the
> virtual address before the start of the kernel's stack, but I don't
> know if I can count on it for most mainstream OSes.
That's a pretty good heuristic but see questions above.
By the way, some OS's have separate interrupt stacks, so you may be on
an interrupt stack or on a regular stack.
> Maybe there's a known method I'm missing, I'll be happy for any
> comments.
Cheers,
Muli
More information about the Linux-il
mailing list