内核态单步调试会被网络或者时钟中断打断执行流程
set $eflags=$elfags & 0xfffffdff
set $eflags=$elfags | 0x200
# debugger
gdb
file vmlinux
target remote: 1234
set disassembly-flavor intel
c
b do_init_module
c
# debuggee
insmod xxx.ko
# debugger
p mod->sect_attrs->attrs[2]->name
p mod->sect_attrs->attrs[11]->name
p mod->sect_attrs->attrs[13]->name
p /x $text = mod->sect_attrs->attrs[2]->address
p /x $data = mod->sect_attrs->attrs[11]->address
p /x $bss = mod->sect_attrs->attrs[13]->address
add-symbol-file xxx.ko $text -s .data $data -s .bss $bss
y
add-symbol-file xxx.ko -s .text $text
add-symbol-file xxx.ko -s .text 0xffffffffa0005000
gdb /boot/vmlinuz /proc/kcore
cat /proc/kallsyms |grep security_mmap_file
ffffffffb333d350 T security_mmap_file
x/10i 0xffffffffb333d350
linux-image-uname -r-dbgsymgdb /usr/lib/debug/boot/vmlinux-$(uname -r) /proc/kcore
(gdb) x/10i commit_creds
0xffffffff810eed50 <commit_creds>: callq 0xffffffff81089f30 <__fentry__>
0xffffffff810eed55 <commit_creds+5>: push %rbp
0xffffffff810eed56 <commit_creds+6>: mov %rsp,%rbp
0xffffffff810eed59 <commit_creds+9>: push %r13
info address init_nsproxy