Comments for Truth, Computing and Fail http://anomit.com Sun, 07 Aug 2011 08:30:12 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Democracy and freedom: We don’t deserve it by TANUSHREE CHOPRA http://anomit.com/2008/11/23/democracy-and-freedom-we-dont-deserve-it/comment-page-1/#comment-8499 TANUSHREE CHOPRA Sun, 07 Aug 2011 08:30:12 +0000 http://anomit.com/?p=72#comment-8499 I think that they r saying right that we don't deserve it I think that they r saying right that we don’t deserve it

]]> Comment on Examining the Linux VDSO by Brandon Potter http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-8062 Brandon Potter Thu, 21 Jul 2011 19:57:40 +0000 http://anomit.com/?p=200#comment-8062 I looked at using the "dd" command for a bit. I couldn't figure out how to get it to work with the /proc/pid/mem file. I don't know what "dd" is using internally to read from the file, but I ended up getting output similar to Ezra; dropping to root does nothing to resolve the issue. I know that for /proc/pid/pagemap that you can extract the page frame numbers using lseek and read which is similar to the python script above; I could be that "mem" uses something similar. It probably only has a few methods defined and "dd" might use something that is not supported. This is just speculation for /proc/pid/mem as I don't have any proof. For /proc/pid/pagemap, see the following LXR link for its operations: http://lxr.linux.no/linux+v2.6.39/fs/proc/task_mmu.c#L854 It would be interesting to see if anyone has a method that works directly from a command line and doesn't require a script or C program. I looked at using the “dd” command for a bit. I couldn’t figure out how to get it to work with the /proc/pid/mem file. I don’t know what “dd” is using internally to read from the file, but I ended up getting output similar to Ezra; dropping to root does nothing to resolve the issue.

I know that for /proc/pid/pagemap that you can extract the page frame numbers using lseek and read which is similar to the python script above; I could be that “mem” uses something similar. It probably only has a few methods defined and “dd” might use something that is not supported. This is just speculation for /proc/pid/mem as I don’t have any proof. For /proc/pid/pagemap, see the following LXR link for its operations:
http://lxr.linux.no/linux+v2.6.39/fs/proc/task_mmu.c#L854

It would be interesting to see if anyone has a method that works directly from a command line and doesn’t require a script or C program.

]]> Comment on Examining the Linux VDSO by Brandon Potter http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-8056 Brandon Potter Thu, 21 Jul 2011 18:29:17 +0000 http://anomit.com/?p=200#comment-8056 You probably have Address Space Layout Randomization (ASLR) turned on. It randomizes the virtual addresses within the kernel for security reasons. To check to see if it is enabled, try: sudo cat /proc/sys/kernel/randomize_va_space If it returns 2, the default, then ASLR is turned on. To turn it off, try: sudo su sudo echo 0 > /proc/sys/kernel/randomize_va_space This overcomes the need to write a clever script to extract the virtual address; the address will remain constant on subsequent runs. I am not sure what you're doing with the "dd" command because you're opening up a snapshot of the "dd" process internals. Previously, you were opening up the "cat" internals. The two should be completely different. You might try to write a small C program that contains an infinite loop; you can look at the process ID of that program and then look in /proc/PID/maps for the VDSO page offset. I think that "dd" uses the decimal offset for the number of pages, the reason why you used "4096". The "dd" command becomes: dd if=/proc/PID_C_PROGRAM/mem of=linux-gate.dso bs=4096 skip=CALCULATED_OFFSET_IN_PAGES count=1 objdump -d linux-gate.dso You might try something like the above. I don't really use objdump for anything other than looking at ELF executables. I don't really know what /proc/PID/mem contains so I have no idea what the output would look like. It might work though. You probably have Address Space Layout Randomization (ASLR) turned on. It randomizes the virtual addresses within the kernel for security reasons.

To check to see if it is enabled, try:
sudo cat /proc/sys/kernel/randomize_va_space

If it returns 2, the default, then ASLR is turned on.

To turn it off, try:
sudo su
sudo echo 0 > /proc/sys/kernel/randomize_va_space

This overcomes the need to write a clever script to extract the virtual address; the address will remain constant on subsequent runs.

I am not sure what you’re doing with the “dd” command because you’re opening up a snapshot of the “dd” process internals. Previously, you were opening up the “cat” internals. The two should be completely different.

You might try to write a small C program that contains an infinite loop; you can look at the process ID of that program and then look in /proc/PID/maps for the VDSO page offset. I think that “dd” uses the decimal offset for the number of pages, the reason why you used “4096″.

The “dd” command becomes:
dd if=/proc/PID_C_PROGRAM/mem of=linux-gate.dso bs=4096 skip=CALCULATED_OFFSET_IN_PAGES count=1
objdump -d linux-gate.dso

You might try something like the above. I don’t really use objdump for anything other than looking at ELF executables. I don’t really know what /proc/PID/mem contains so I have no idea what the output would look like. It might work though.

]]> Comment on Examining the Linux VDSO by Igor http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-5540 Igor Thu, 14 Apr 2011 18:18:48 +0000 http://anomit.com/?p=200#comment-5540 For readability /proc//mem see very good explanation here: http://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux For readability /proc//mem see very good explanation here: http://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux

]]> Comment on Examining the Linux VDSO by Igor http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-5539 Igor Thu, 14 Apr 2011 18:14:56 +0000 http://anomit.com/?p=200#comment-5539 Suresh's on-liner doesn't work, because there are different 'selfs' there. 'cat /proc/self/maps | ...' produces mapping for 'cat', not necessarily identical to that of 'dd'. Suresh’s on-liner doesn’t work, because there are different ‘selfs’ there.

‘cat /proc/self/maps | …’ produces mapping for ‘cat’, not necessarily identical to that of ‘dd’.

]]> Comment on Apologies by Zubin Mithra http://anomit.com/2010/12/27/apologies/comment-page-1/#comment-4529 Zubin Mithra Thu, 06 Jan 2011 02:59:23 +0000 http://anomit.com/?p=207#comment-4529 Loved this post. Loved this post.

]]> Comment on Apologies by Anomit http://anomit.com/2010/12/27/apologies/comment-page-1/#comment-4355 Anomit Mon, 27 Dec 2010 03:30:27 +0000 http://anomit.com/?p=207#comment-4355 Zed, thanks a lot for dropping by and leaving a comment. It means a lot. Zed, thanks a lot for dropping by and leaving a comment. It means a lot.

]]> Comment on Apologies by Tweets that mention Apologies- Why pride of being a hacker is bad - - [Hacker News FH] -- Topsy.com http://anomit.com/2010/12/27/apologies/comment-page-1/#comment-4348 Tweets that mention Apologies- Why pride of being a hacker is bad - - [Hacker News FH] -- Topsy.com Sun, 26 Dec 2010 21:03:57 +0000 http://anomit.com/?p=207#comment-4348 [...] This post was mentioned on Twitter by Hacker News YC, News Bloom and others. News Bloom said: Apologies- Why pride of being a hacker is bad - http://bit.ly/ee85aj - [Hacker News Top] [...] [...] This post was mentioned on Twitter by Hacker News YC, News Bloom and others. News Bloom said: Apologies- Why pride of being a hacker is bad – http://bit.ly/ee85aj – [Hacker News Top] [...]

]]> Comment on Apologies by Zed Shaw http://anomit.com/2010/12/27/apologies/comment-page-1/#comment-4347 Zed Shaw Sun, 26 Dec 2010 20:59:27 +0000 http://anomit.com/?p=207#comment-4347 Very well said. I appreciate it when someone admits their faults and acts with humility, something very few people refuse to do. Sadly, in the modern world people (especially young men) only listen to the egomaniac blowhards rather than the peaceful and kind. Thanks, Zed Very well said. I appreciate it when someone admits their faults and acts with humility, something very few people refuse to do. Sadly, in the modern world people (especially young men) only listen to the egomaniac blowhards rather than the peaceful and kind.

Thanks,

Zed

]]> Comment on Examining the Linux VDSO by Ezra Gilbert http://anomit.com/2010/04/18/examining-the-linux-vdso/comment-page-1/#comment-3629 Ezra Gilbert Wed, 01 Sep 2010 14:04:18 +0000 http://anomit.com/?p=200#comment-3629 The code in the last comment did not come out very well. Here is a link to a fork of anomit's gist above that works with python 2.4.3: http://gist.github.com/560719 The code in the last comment did not come out very well. Here is a link to a fork of anomit’s gist above that works with python 2.4.3: http://gist.github.com/560719

]]>