LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-30-2011, 01:43 AM   #1
jestinjoy
Member
 
Registered: May 2004
Location: India
Distribution: Ubuntu 9.04, Debian Lenny
Posts: 121

Rep: Reputation: 22
Disassembling Linux Kernel


Looking for a way to disassemble the running kernel. Can I do it through /dev/kmem? I am running linux 2.6.32. Or can I use a kernel module to run through the kernel. I am beginner to this. Please help.

All I want to do is check the kernel image for some malicious module, by looking at the whether some specific instruction occured or not.
 
Old 01-30-2011, 03:35 AM   #2
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 14,848

Rep: Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823
Good luck - let's say (round number) 14 Million lines of code ...
That's a lot of disassembly.
 
Old 01-30-2011, 07:41 AM   #3
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,078

Rep: Reputation: 195Reputation: 195
If you're paranoid about what's in your kernel get the kernel source, build your own kernel containing only code which you have examined and use that.
 
Old 01-30-2011, 09:05 AM   #4
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,549
Blog Entries: 23

Rep: Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943Reputation: 1943
Hi,

Why disassemble? You have the 'config' along with the source on most installs of a Gnu/Linux (big plus the source is commented). The 'config' will provide the means to understand your kernel overall via menuconfig. Look at your kernel source to see what's going on. Linux Kernel Interactive Map will provide a generalized map that may help.

You can see what modules are loaded via 'lsmod'.
Plus don't forget '/proc'.

Be sure to use the logs in '/var/log' & 'dmesg' to get a feel of what's going on.

I suggest that you would benefit by looking at things in general then narrow the scope or you will get confused fast.

Linux Kernel has several useful links to information.

Links to aid you to gaining some understanding. Sure some may seem beyond a newbie skill level but you must start somewhere;



Linux Documentation Project
Rute Tutorial & Exposition
Linux Command Guide
Utimate Linux Newbie Guide
LinuxSelfHelp
Bash Beginners Guide
Bash Reference Manual
Advanced Bash-Scripting Guide
Linux Home Networking



The above links and others can be found at 'Slackware-Links'. More than just SlackwareŽ links!

 
Old 01-31-2011, 01:47 AM   #5
jestinjoy
Member
 
Registered: May 2004
Location: India
Distribution: Ubuntu 9.04, Debian Lenny
Posts: 121

Original Poster
Rep: Reputation: 22
Is there any way to disassemble the loaded kernel. Through /dev/kmem using gdb?
 
  


Reply

Tags
kernel, linux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl Disassembling DNS Packet Help. mpapet Programming 7 05-13-2010 04:15 PM
gdb disassembling of a binary from C++ on RHEL biswatosh2001 Programming 11 10-30-2009 07:33 AM
disassembling a kernel jowski Linux - Kernel 12 12-16-2008 09:25 PM
LXer: Disassembling the Oracle Data Block on Linux LXer Syndicated Linux News 0 07-19-2007 06:16 AM
Disassembling .a and .o files jasonar79 Programming 1 02-25-2004 07:55 PM


All times are GMT -5. The time now is 11:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration