Skip to content

Dwarf kernel module to get some help in userland debugging from kernel

Notifications You must be signed in to change notification settings

iGio90/Dwarf-LKM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

My kernel module for ARM / ARM64 to get some help from the kernel while debugging analysing userspace malware / apps packed. The logic is simple and could sound stupid as it's my first work on the linux kernel. I'm hijacking execve syscall, it give us 3 arguments which we can parse and do stuffs if conditions are met. To provide data back to the user space program (dwarf debugger) we allocate a buffer which we provide in the 3rd argument. This buffer is feeded by the kernel with the needed data.

The final goal is to expose api to Dwarf debugger to use ftrace and kprobes dynamically from within a debugging session. It obviously required a kernel with modules enabled which flags to disable signature and maps verification as it's meant to works on different system maps.

About

Dwarf kernel module to get some help in userland debugging from kernel

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages