Open
Description
mmiotrace can be useful in RE'ing closed-source kernel modules. It works by marking pages mapped for MMIO (via ioremap) as invalid in the pagetable, and catching the resulting page faults. The implementation is spread over a few files:
- kernel/trace/trace_mmiotrace.c: general entrypoint, interface with the trace subsystem
- arch/x86/mm/kmmio.c: page table manipulation
- arch/x86/mm/mmio-mod.c: fault handler
- arch/x86/mm/pf_in.c: Instruction decoder for MMIO instructions
- arch/x86/mm/testmmiotrace.c: test case for mmiotrace
mmiotrace is currently tied to x86, but it doesn't have to be.
Action plan
- Move testmmiotrace.c to common code, as it isn't x86-specific
- Copy kmmio.c and mmio-mod.c to ARM, with a few adjustments
- Write instruction decoder for ARM
Other considerations
- Not sure about the use of
DR_STEP(single stepping mode) - avoid too much code duplication :)
Metadata
Metadata
Assignees
Labels
No labels