Re: Panic writing kernel memory?
Re: Panic writing kernel memory?
- Subject: Re: Panic writing kernel memory?
- From: Brian Doyle <email@hidden>
- Date: Thu, 24 Jan 2008 13:39:11 -0800
Answered my own question.
Turns out moving bar to an
IOBufferMemoryDescriptory::inTaskWithPhysicalMask() and using
bcopy_phys() gets the job done.
Hooray for having the source to the O/S.
-b
ps. - I still understand "why I shouldn't do this" but I have yet to
come up with a better approach that doesn't require polling.
On Jan 24, 2008, at 1:09 AM, Brian Doyle wrote:
Hello,
I've written a kext which, quite simply, does this:
typedef void (*CFunctionPointer)(void);
CFunctionPointer *foo = <some location containing a function
pointer>;
CFunctionPointer bar = <&some function>;
CFunctionPointer baz;
baz = *foo; // read ok
*foo = bar; // write panic
The panic log states "Memory access exception (1,0,0)".
I'm guessing the memory I'm trying to write to has VM_PROT_WRITE
disabled, but I'm not sure how to verify that (vm_region() on the
address foo causes a different panic, namely a null-pointer
dereference crash down in vm_map_lookup_entry()).
I've noticed that when I'm two-machine debugging with gdb I can set
the value *foo directly from the gdb command line with no problem.
This is all well-and-good, but I need to be able to replace this
function pointer from my kext. I gave vm_protect() a try but that
crashed too, in the same place as vm_region().
Can anyone help? I would certainly appreciate it!
Thanks,
Brian
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden