Comments on: Examining the Linux VDSO http://anomit.com/2010/04/18/examining-the-linux-vdso/ Wed, 01 Sep 2010 14:04:18 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Ezra Gilbert http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3629 Ezra Gilbert Wed, 01 Sep 2010 14:04:18 +0000 http://anomit.com/?p=200#comment-3629 The code in the last comment did not come out very well. Here is a link to a fork of anomit's gist above that works with python 2.4.3: http://gist.github.com/560719 The code in the last comment did not come out very well. Here is a link to a fork of anomit’s gist above that works with python 2.4.3: http://gist.github.com/560719

]]> By: Ezra Gilbert http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3628 Ezra Gilbert Wed, 01 Sep 2010 13:57:45 +0000 http://anomit.com/?p=200#comment-3628 Here is a version of the python script that works with python 2.4.3 (maybe 2.4.x). I basically removed the un-supported "with" statements and replaced os.SEEK_SET with 0 (per http://docs.python.org/library/os.html) Also, I think the reason Suresh's 1-line script does not work is because the address read for vdso is for process 'cat' and it is not a valid address when process 'dd' tries to read from /proc/self/mem. For it to work, the same process that reads the vdso address from /proc/self/maps needs to read linux-gate.so from /proc/self/mem. -Ezra [python] #!/usr/bin/python """ http://anomit.com/2010/04/18/examining-the-linux-vdso/ http://gist.github.com/369785 This script writes the VDSO to the file linux-gate.dso.1 . Use `objdump -d linux-gate.dso.1` to examine it. You might also want to play around more with the other objdump options and the readelf tool :) LICENSE: MIT License ( http://www.opensource.org/licenses/mit-license.php ) """ #from __future__ import with_statement import os import re ## regex pattern for finding out the memory address range from the output line pattern = re.compile(r'[\w\d]+-[\w\d]+') file = open('/proc/self/maps', 'r') for line in file: line = line.rstrip() if '[vdso]' in line: addr_range = pattern.findall(line)[0] start_addr, end_addr = [int(addr, 16) for addr in addr_range.split('-')] break fd = os.open('/proc/self/mem', os.O_RDONLY) os.lseek(fd, start_addr, 0) buf = os.read(fd, (end_addr-start_addr)) file = open('linux-gate.dso.1', 'w') file.write(buf) file.close() os.close(fd) [/python] Here is a version of the python script that works with python 2.4.3 (maybe 2.4.x). I basically removed the un-supported “with” statements and replaced os.SEEK_SET with 0 (per http://docs.python.org/library/os.html)

Also, I think the reason Suresh’s 1-line script does not work is because the address read for vdso is for process ‘cat’ and it is not a valid address when process ‘dd’ tries to read from /proc/self/mem. For it to work, the same process that reads the vdso address from /proc/self/maps needs to read linux-gate.so from /proc/self/mem.

-Ezra

#!/usr/bin/python

"""
http://anomit.com/2010/04/18/examining-the-linux-vdso/
http://gist.github.com/369785

This script writes the VDSO to the file linux-gate.dso.1 .
Use `objdump -d linux-gate.dso.1` to examine it.
You might also want to play around more with the other objdump options and
the readelf tool :) 

LICENSE: MIT License ( http://www.opensource.org/licenses/mit-license.php )
"""
#from __future__ import with_statement
import os
import re

## regex pattern for finding out the memory address range from the output line
pattern = re.compile(r'[\w\d]+-[\w\d]+')
file = open('/proc/self/maps', 'r')
for line in file:
    line = line.rstrip()
    if '[vdso]' in line:
        addr_range = pattern.findall(line)[0]
        start_addr, end_addr = [int(addr, 16)
                                for addr in addr_range.split('-')]
        break

fd = os.open('/proc/self/mem', os.O_RDONLY)
os.lseek(fd, start_addr, 0)
buf = os.read(fd, (end_addr-start_addr))

file = open('linux-gate.dso.1', 'w')
file.write(buf)
file.close()
os.close(fd)
]]> By: anomit http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3627 anomit Wed, 01 Sep 2010 13:09:01 +0000 http://anomit.com/?p=200#comment-3627 Ezra, you need Python version 2.5 and above to support the context manager concept used by the `with' statement. More here: http://docs.python.org/release/2.5.2/lib/typecontextmanager.html Sorry for that. You can create just a simple file object using the normal open() and work with it :). Ezra, you need Python version 2.5 and above to support the context manager concept used by the `with’ statement. More here: http://docs.python.org/release/2.5.2/lib/typecontextmanager.html

Sorry for that. You can create just a simple file object using the normal open() and work with it :) .

]]> By: Ezra Gilbert http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3626 Ezra Gilbert Wed, 01 Sep 2010 13:05:20 +0000 http://anomit.com/?p=200#comment-3626 Suresh, Your dd 1-liner gives me the following error: dd if=/proc/self/mem of=vdso skip=$((0x`cat /proc/self/maps | grep vdso | cut -d'-' -f1`/0x1000)) count=1 bs=$((0x1000)) dd: reading `/proc/self/mem': Input/output error 0+0 records in 0+0 records out 0 bytes (0 B) copied, 0.000162585 seconds, 0.0 kB/s Do I need to do something to make /proc/self/mem readable? I am on 2.6.18 kernel. Thanks. Suresh,

Your dd 1-liner gives me the following error:

dd if=/proc/self/mem of=vdso skip=$((0x`cat /proc/self/maps | grep vdso | cut -d’-’ -f1`/0×1000)) count=1 bs=$((0×1000))
dd: reading `/proc/self/mem’: Input/output error
0+0 records in
0+0 records out
0 bytes (0 B) copied, 0.000162585 seconds, 0.0 kB/s

Do I need to do something to make /proc/self/mem readable? I am on 2.6.18 kernel.

Thanks.

]]> By: Ezra Gilbert http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3625 Ezra Gilbert Wed, 01 Sep 2010 13:03:28 +0000 http://anomit.com/?p=200#comment-3625 Thanks for posting this article. I read the original posting and was stuck on these very same issues. But when I try to run your script I get error: [root@asm-99 ~]# ./vdso.py File "./vdso.py", line 20 with open('/proc/self/maps', 'r') as file: ^ SyntaxError: invalid syntax Do I need a particular version of python ? I am using 2.4.3. Thanks Thanks for posting this article. I read the original posting and was stuck on these very same issues. But when I try to run your script I get error:

[root@asm-99 ~]# ./vdso.py
File “./vdso.py”, line 20
with open(‘/proc/self/maps’, ‘r’) as file:
^
SyntaxError: invalid syntax

Do I need a particular version of python ? I am using 2.4.3.

Thanks

]]> By: Suresh Kumar http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3465 Suresh Kumar Wed, 21 Jul 2010 12:12:10 +0000 http://anomit.com/?p=200#comment-3465 Updated Seem to have missed objdump <code> dd if=/proc/self/mem of=- skip=$((0x`cat /proc/self/maps | grep vdso | cut -d'-' -f1`/0x1000)) count=1 bs=$((0x1000)) | objdump -d --start-address=0xffffe000 - </code> Updated

Seem to have missed objdump


dd if=/proc/self/mem of=- skip=$((0x`cat /proc/self/maps | grep vdso | cut -d'-' -f1`/0x1000)) count=1 bs=$((0x1000)) | objdump -d --start-address=0xffffe000 -

]]> By: Suresh Kumar http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3464 Suresh Kumar Wed, 21 Jul 2010 12:09:11 +0000 http://anomit.com/?p=200#comment-3464 hmm, why not <code> dd if=/proc/self/mem of=vdso skip=$((0x`cat /proc/self/maps | grep vdso | cut -d'-' -f1`/0x1000)) count=1 bs=$((0x1000)) </code> hmm, why not
dd if=/proc/self/mem of=vdso skip=$((0x`cat /proc/self/maps | grep vdso | cut -d'-' -f1`/0x1000)) count=1 bs=$((0x1000))

]]> By: Stupid tricks at the userspace/kernelspace boundary, part 1 « syskblogd http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3453 Stupid tricks at the userspace/kernelspace boundary, part 1 « syskblogd Mon, 19 Jul 2010 09:41:36 +0000 http://anomit.com/?p=200#comment-3453 [...] this blog post from Johan Petersson for another treatment of the first 3/5 of this, and this blog post from Anomit Ghosh for a Python version of [...] [...] this blog post from Johan Petersson for another treatment of the first 3/5 of this, and this blog post from Anomit Ghosh for a Python version of [...]

]]> By: Yago Mouriño Mendaña http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3162 Yago Mouriño Mendaña Mon, 17 May 2010 20:23:21 +0000 http://anomit.com/?p=200#comment-3162 Great post. I've been looking for something like that for weeks. Thank you. Great post. I’ve been looking for something like that for weeks. Thank you.

]]> By: Tweets that mention Truth, Computing and Fail » Examining the Linux VDSO -- Topsy.com http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3000 Tweets that mention Truth, Computing and Fail » Examining the Linux VDSO -- Topsy.com Sun, 18 Apr 2010 01:08:08 +0000 http://anomit.com/?p=200#comment-3000 [...] This post was mentioned on Twitter by Anomit Ghosh, PlanetManipal. PlanetManipal said: Examining the Linux VDSO: I have been recently looking into the sysenter/sysexit way of implementing system calls ... http://bit.ly/dBrTcP [...] [...] This post was mentioned on Twitter by Anomit Ghosh, PlanetManipal. PlanetManipal said: Examining the Linux VDSO: I have been recently looking into the sysenter/sysexit way of implementing system calls … http://bit.ly/dBrTcP [...]

]]>