[Crash-utility] Crash support for kASLR
Kees Cook
keescook at google.com
Wed Oct 16 19:37:30 UTC 2013
On Wed, Oct 16, 2013 at 9:02 AM, Andrew Honig <ahonig at google.com> wrote:
> I'm talking about working with a vmlinux/vmcore pair. To get crash
> working with the current version of kASLR that doesn't have the offset
> data specifically in the VMCOREINFO I could use another symbol in the
> VMCOREINFO to calculate the offset. For example _stext is already in
> the VMCOREINFO. I could get the offset of _stext from the VMCOREINFO,
> then get the offset of _stext from the vmlinux and subtract them to
> get the ASLR offset.
Doing this math seems like a good approach. Are there any downsides to
inferring the kASLR offset this way?
-Kees
--
Kees Cook
Chrome OS Security
More information about the Crash-utility
mailing list