Conversation
pwndbg/aglib/kernel/__init__.py
Outdated
|
|
||
| def modules() -> pwndbg.dbg_mod.Value: | ||
| if arch_symbols() is not None: | ||
| return arch_symbols().modules() |
There was a problem hiding this comment.
Can we do this?:
if syms := arch_symbols() is not None:
return syms.modules()There was a problem hiding this comment.
I believe it is cached so would be the same
There was a problem hiding this comment.
Sure but it's still Python which cannot into nice optimisations (hopefully yet?)
Not like it matters a lot in this case but still :)
There was a problem hiding this comment.
Pull Request Overview
This PR improves the kmod command by supporting kernel module operations without requiring debug type information, expanding compatibility to all kernel versions >= 5.0, and adding functionality to load module symbol files automatically. The changes also integrate kernel module symbols into the kallsyms system for better symbol lookup.
Key changes:
- Enhanced
kmodcommand to work without debug type information by implementing fallback mechanisms - Added support for loading module symbol files with automatic base address detection
- Integrated kernel module symbols into the kallsyms system for comprehensive symbol lookup
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
pwndbg/commands/kmod.py |
Enhanced to support both typeinfo and non-typeinfo modes, added module loading functionality |
pwndbg/aglib/kernel/kmod.py |
New module providing kernel module parsing utilities without requiring debug symbols |
pwndbg/aglib/kernel/symbol.py |
Added modules() method and architecture-specific implementations for finding module lists |
pwndbg/aglib/kernel/kallsyms.py |
Integrated kernel module symbols into the kallsyms system |
pwndbg/dbg/__init__.py |
Added abstract add_symbol_file method to the debugger interface |
pwndbg/dbg/gdb/__init__.py |
Implemented GDB-specific add_symbol_file functionality |
pwndbg/commands/kbase.py |
Refactored to use the new debugger interface for adding symbol files |
tests/library/qemu_system/tests/test_commands_kernel.py |
Updated test to check for specific debug symbols instead of general debug info |
docs/commands/kernel/kmod.md |
Updated documentation to reflect new -l/--load option |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| self.kernel_addresses = self.get_kernel_addresses() | ||
| self.parse_symbol_table() | ||
| for sym_name, sym_addr, sym_type in pwndbg.aglib.kernel.kmod.all_modules_kallsyms(): | ||
| self.kallsyms[sym_name] = (sym_addr, sym_type) |
There was a problem hiding this comment.
Can we do it like this?:
self.kallsyms = {
sym_name: (sym_addr, sym_type) for sym_name, sym_addr, sym_type in pwndbg.aglib.kernel.kmod.all_modules_kallsyms()
}There was a problem hiding this comment.
self.kallsyms is likely not empty by this point
pwndbg/aglib/kernel/kmod.py
Outdated
| return () | ||
| modules = int(modules) | ||
| result = [] | ||
| cur = pwndbg.aglib.memory.read_pointer_width(int(modules)) |
| print(M.warn("Cound not find modules")) | ||
| return None | ||
| module = pwndbg.aglib.memory.read_pointer_width(int(modules)) | ||
| for i in range(0x100): |
There was a problem hiding this comment.
Why 0x100? is this arbitrary? can we add a comment saying why this number?
| found = False | ||
| break | ||
| size_offset = pwndbg.aglib.arch.ptrsize | ||
| if pwndbg.aglib.kernel.krelease() >= (6, 13): |
pwndbg/aglib/kernel/symbol.py
Outdated
| m = pattern.search(disass) | ||
| if m is None: | ||
| return None | ||
| return sum([int(m.group(i), 16) for i in [2, 3, 4]]) |
There was a problem hiding this comment.
| return sum([int(m.group(i), 16) for i in [2, 3, 4]]) | |
| return sum(int(m.group(i), 16) for i in [2, 3, 4]) |
pwndbg/aglib/kernel/kmod.py
Outdated
| if pwndbg.aglib.memory.peek(symtab) is None: | ||
| continue | ||
| num_symtab = pwndbg.aglib.memory.read_pointer_width( | ||
| kallsyms + pwndbg.aglib.arch.ptrsize * 1 |
There was a problem hiding this comment.
| kallsyms + pwndbg.aglib.arch.ptrsize * 1 | |
| kallsyms + pwndbg.aglib.arch.ptrsize |
pwndbg/aglib/kernel/kmod.py
Outdated
| min_size + 0x38, | ||
| ): | ||
| found = True | ||
| for mem_type in range(mod_mem_type.MOD_MEM_NUM_TYPES.value - 1): |
There was a problem hiding this comment.
The -1 is here because MOD_MEM_NUM_TYPES is just number of all items and we want to skip it, is that right?
There was a problem hiding this comment.
we actually need to skip MOD_RO_AFTER_INIT because the entry might be empty
|
@disconnect3d could you check again |
kmodwithout provided typeinfokmodfor all kernel versions >= 5.0kallsyms(klookup)demo