Common Pitfalls and Solutions in Linux Kernel Driver Debugging

This article is an excellent post from the Kanxue Forum

Kanxue Forum Author ID:Vinadiak

0x00 Background

Recently, I have been learning Linux kernel debugging and after setting up the QEMU environment following the tutorial by Chao Sir, I was excited to start my kernel debugging journey. However, I encountered many obstacles that I couldn’t resolve after searching for a long time on Baidu. Eventually, through trial and error, I managed to solve these issues. I believe these problems are common among many forum users, so I will share the problems I encountered and the solutions I found.

0x01 Address Zero

To debug a driver, you must have the driver load address. However, when I ran the provided shell script, it surprisingly returned an address of zero. Here, I will take the 2019 STARCTF/CTF hackme as an example:

Reason: Not running with root privileges, unable to see the address. (Although the problem provided an address, the same issue can still occur)

Solution: Since I don’t have root privileges, I will just log in with root privileges.

Specific Steps:

Unzip the provided cpio file -> Enter the file -> Find init -> Open and modify it (since hackme provided the address, I will use the init from another problem for demonstration).

Change this 1000 to 0 to grant root privileges.

0x02 GDB shows error Can not find ELF BASE

When you run target remote:1234, and see a bunch of CAN NOT FIND ELF BASE errors, it can be quite distressing.

Reason: GDB was not run with ROOT privileges.

Solution: sudo su, and you know what to do next.

0x03 Set a breakpoint but cannot debug

At this point, running the poc file will allow you to see the debugging at your breakpoints. Some may say that debugging is just for POCs, but I am not sure how to write a POC either, as I am also a beginner. For now, it is most important to learn how to debug, and I will update later.

0x04 Cannot place files in the image

cpio is our file system, and at first, I had trouble figuring this out, but eventually, I stumbled upon the answer.

Solution:

Unzip cpio -> Place the desired files into the unzipped files -> Run the following command:

find . | cpio -o –format=newc > ../core.cpio (If fs.sh is provided, just use that, no need to run this command)

Of course, this core.cpio is up to you; if you change the name, remember to modify the command for running the image accordingly.

Finally, these are the troubles and obstacles I encountered. I hope this helps you with Linux kernel debugging. If I encounter more issues, I will update this here, and I welcome everyone to share their experiences with Linux kernel debugging.

– End –

Kanxue ID:Vinadiak

https://bbs.pediy.com/user-855782.htm

* This article is original by Kanxue Forum Vinadiak, please indicate the source from the Kanxue community when reprinting

Reason: Not running with root privileges, unable to see the address. (Although the problem provided an address, the same issue can still occur)

Solution: Since I don’t have root privileges, I will just log in with root privileges.

Reason: GDB was not run with ROOT privileges.

Solution: sudo su, and you know what to do next.

Solution:

Related posts

Leave a Comment Cancel reply