I'm teaching a Linux device driver development course this week. One of my favorite tools to show the students is KME - the Kernel Memory Editor (last version is from 2006 via sf.net/projects/kme). KME has some problems (not being 64-bit compatible is the biggest).
Essentially it's a spreadsheet that reads /dev/kmem and displays the results of address expressions (and their contents) with realtime updates (think "top" for kernel memory).
KME can modify kernel memory as well, which is obviously dangerous, but quite acceptable for my purposes.
I've been Google'ing for the last couple of hours looking for some discussion of what I should replace /dev/kmem with but it's not obvious. Since kmem provides virtual addresses it's perfect for KME, but the kernel function read_kmem() returns EPERM in all cases and mmap_kmem() doesn't work as corbet points out above.
A hex dump of /proc/kcore shows that it's discontiguous but docs for it seem to be quite sparse (or my Google-fu is weak right now) so I have little chance of updating KME in the very near-term (such as before this class is over on Friday!!).
(PS: I'm glad I'm not the one to resurrect this thread! :))
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds