VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Runtime kernel kmem patching

Silvio Cesare
Matrix Zine [1]
November 1998

[Back to index] [Comments]


This paper documents runtime (on the fly) kernel patching on a running system under Linux using direct access to kernel memory. The same algorithms may equally be applicable to other systems. Examples of kernel patching for use by an attacker is provided showing patching of kernel structures to remove a lkm's visibility to lsmod and even the addition of kernel code ala loadable kernel modules (lkm) to a running system without native lkm support in the kernel. Discussion of rebuilding the appropriate sections of the system symbol map ( is provided implemented.

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka