KPCR -> KDVersionblock -> PsLoadedModuleList
http://memogaki.wordpress.com/2011/10/01/kpcr/
http://stackoverflow.com/questions/10690330/how-do-i-get-the-address-to-kernel-modules-nt-and-win32k
Tuesday, November 27, 2012
Monday, November 26, 2012
How to manually find all of kernel modules on Linux
1. cat /boot/System.map | grep modules
Get the address of modules symbol from system.map file. modules symbol points to a list_head structure, which is the head of double- and circular- linked list of all the modules.
2. take a look at linux-src/include/linux/module.h
struct module {}
contains all the useful information about module structure
3. Here is code in kernel module to print out all the module names.
static int hello_init(void)
{
printk("start list all the modules\n");
// Get this magic address from system.map
struct list_head * module_h = (struct list_head*) 0xc06e1880;
int count = 100;
struct list_head *list_h = module_h->next;
struct module *m;
while(count--)
{
if(list_h == module_h)
break;
m = list_entry(list_h, struct module, list);
printk("name: %s\n", m->name);
list_h = list_h->next;
}
printk("count is %d\n", count);
printk("\nhello, world\n");
return 0;
}
Get the address of modules symbol from system.map file. modules symbol points to a list_head structure, which is the head of double- and circular- linked list of all the modules.
2. take a look at linux-src/include/linux/module.h
struct module {}
contains all the useful information about module structure
3. Here is code in kernel module to print out all the module names.
static int hello_init(void)
{
printk("start list all the modules\n");
// Get this magic address from system.map
struct list_head * module_h = (struct list_head*) 0xc06e1880;
int count = 100;
struct list_head *list_h = module_h->next;
struct module *m;
while(count--)
{
if(list_h == module_h)
break;
m = list_entry(list_h, struct module, list);
printk("name: %s\n", m->name);
list_h = list_h->next;
}
printk("count is %d\n", count);
printk("\nhello, world\n");
return 0;
}
Tuesday, November 20, 2012
Hardware virtualization
Intel Virtualization Technology (VT)
http://software.intel.com/sites/default/files/m/0/2/1/b/b/1024-Virtualization.pdf
http://software.intel.com/sites/default/files/m/0/2/1/b/b/1024-Virtualization.pdf
Saturday, November 3, 2012
Remove file from subversion after svn add but before svn commit
svn revert filename
http://picobit.wordpress.com/2009/05/06/remove-file-from-subversion-after-svn-add-but-before-svn-commit/
http://picobit.wordpress.com/2009/05/06/remove-file-from-subversion-after-svn-add-but-before-svn-commit/
Draw picture using Tikz package
Example: http://www.texample.net/tikz/examples/
Manual: http://paws.wcu.edu/tsfoguel/tikzpgfmanual.pdf
Manual: http://paws.wcu.edu/tsfoguel/tikzpgfmanual.pdf
Latex Basics
http://en.wikibooks.org/wiki/LaTeX/Basics
E.g. documentclass available options:
E.g. documentclass available options:
| article | for articles in scientific journals, presentations, short reports, program documentation, invitations, ... |
| IEEEtran | for articles with the IEEE Transactions format. |
| proc | a class for proceedings based on the article class. |
| minimal | is as small as it can get. It only sets a page size and a base font. It is mainly used for debugging purposes. |
| report | for longer reports containing several chapters, small books, thesis, ... |
| book | for real books |
| slides | for slides. The class uses big sans serif letters. |
| memoir | for changing sensibly the output of the document. It is based on the book class, but you can create any kind of document with it [1] |
| letter | for writing letters. |
| beamer | for writing presentations (see LaTeX/Presentations). |
Enable and Disable maskable Interrrupts
Disable Interrrupts:
eflags &= (0xffffffff-0x200);
Enable Interrupts:
eflags |= (0x200);
http://en.wikipedia.org/wiki/FLAGS_register
eflags &= (0xffffffff-0x200);
Enable Interrupts:
eflags |= (0x200);
http://en.wikipedia.org/wiki/FLAGS_register
Flush the Instruction Cache
// flush the cache, eip is the current eip address
__asm__ __volatile__("wbinvd"); // write back cache and invalidate cache
__asm__ __volatile__(
"CLFLUSH (%0)"
:"=r"(eip));
wbinvd:
Writes back all modified cache lines in the processor’s internal cache to main memory and invalidates (flushes) the internal caches. The instruction then issues a special- function bus cycle that directs external caches to also write back modified data and another bus cycle to indicate that the external caches should be invalidated.
clfush:
Invalidates the cache line that contains the linear address specified with the source operand from all levels of the processor cache hierarchy (data and instruction). The invalidation is broadcast throughout the cache coherence domain. If, at any level of the cache hierarchy, the line is inconsistent with memory (dirty) it is written to memory before invalidation
Please see intel manual instruction volume for more details
Subscribe to:
Posts (Atom)