hexdump /dev/mem
00fffd0 0000 0000 0000 0000 0000 0000 e800 fe93
00fffe0 00cb 0000 0be9 008c 0000 0000 0000 0000
00ffff0 5bea 00e0 30f0 2f37 3932 312f 0039 d7fc
hexdump: /dev/mem: 不允许的操作
0100000
发现只能访问到1MB的地方。
https://superuser.com/questions/562249/attempting-to-access-ram-dev-mem-says-operation-not-permitted
The linux kernel on your Ubuntu installation ship with a setting* which limits RAM extraction to has 1 MB.
If you do not wish that you can either recompile the kernel without it (obvious caveeat: you are lowering security!) or you can download and insmod the forensic kernel module fmem to work around this. That provides a /dev/fmem device without any security.
As mentioned by Opello: you can also use strict-devmem=0 in the kernel cmdline.
vim /etc/default/grub
然后更改:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
至:
GRUB_CMDLINE_LINUX_DEFAULT="iomem=relaxed strict-devmem=0 quiet splash"Run sudo update-grub
Type reboot
发现修改了没作用,只能编译代码或者hook方式了
CONFIG_STRICT_DEVMEM
试了systemtap方法,虚拟机ubuntu没成功。。。。
https://github.com/NateBrune/fmem
devmem2 相关链接: