我想通过lldb调试远程计算机驱动程序(kext)时从kdp读取用户空间地址。我知道在代码中我可以使用copyin来将代码移动到内核空间并轻松读取,所以当我试图直接读取用户内存时它会失败:
(lldb) memory read 0x000070000d15a024
error: kdp read memory failed (error 4)
在运行时调试会话期间是否有copyin的替代方法可以将我的数据转换到可以从调试器中读取的地方?
谢谢
答案 0 :(得分:1)
假设您为您使用的特定内核加载调试脚本(应该在适当的KDK中),您有printuserdata命令。
这是它的描述:
printuserdata:
Read userspace data for given task and print based on format provided.
Syntax: (lldb) printuserdata <task_t> <uspace_address> <format_specifier>
params:
<task_t> : pointer to task
<uspace_address> : address to user space memory
<format_specifier> : String representation for processing the data and printing it.
e.g Q -> unsigned long long, q -> long long, I -> unsigned int, i -> int
10i -> 10 ints, 20s -> 20 character string, s -> null terminated string
See: https://docs.python.org/2/library/struct.html#format-characters
options:
-X : print all values in hex.
-O <file path>: Save data to file
示例调用:
(lldb) printuserdata 0xffffff8013257d80 0x00007fff941f5000 10c