Re: Accessing a process structure in the processes link list
From: Jim Nelson
Date: Sun Nov 28 2004 - 18:59:36 EST
A M wrote:
How would you know the offset (location of index 0 if
it was an array or the head of link list) of that
variable in memory, in this case it is the process
table named task of type a pointer to task_struct?
Any recommendation for references will be appreciated.
Thanks,
Ali
http://www.securityfocus.com/infocus/1811
is about identifying hooked syscalls, but the principles involved in locating the
system call table could be applied to finding the process table.
P. S. You can locate the process in memory with read access to /proc/kmem or
/proc/mem (that's a lot tougher, though), but to modify it requires write access.
--- Doug McNaught <doug@xxxxxxxxxxxx> wrote:
A M <alim1993@xxxxxxxxx> writes:
Would it be possible for a program running as root
that wasn't compiled with the kernel to access a
process structure in the processes link list?
Yes, but see below.
I've read an article about hiding processes and
the
article made sound so easy to access the link list
and
hide a process, how easy is it?
You need read access to /dev/kmem and a fairly
intimate knowledge of
the kernel data structures in question.
Is it possible to a process to access its own
entry in
the processes link list?
Not without read access to the kmem device...
-Doug
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/