Daniel Roberson - runtimekmempatching-cesare1998

Daniel Roberson

runtimekmempatching-cesare1998

2025-04-18

Runtime Kernel KMEM Patching

by Silvio Cesare

November 1998

https://spthvx.github.io/ezines/mtx1/articles/kmem.htm

Notes
kernel
Linux
LKM
System.map
ELF
kmem
hot patching
lsmod
Linux kernel
symbol
compiler
/proc/ksyms
/dev/kmem
get_kernel_syms
/dev/mem
memory addressing
virtual memory
swap space
random access
string searching
build-ksysms-keys.sh
/usr/include/linux/module.h
struct module
string
MOD_RUNNING
cleanup_module()
struct task_struct
struct kernel_stat
system call
sys_call_table
SMP
instructions
objdump
machine code
search key
kroot
NULL pointer
kmalloc
padding
C
printk
relocation
elf.h
ELF header
ELF section
symbol table
kmem-src.tgz

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit