Symbols

---

KERNEL BASE ADDRESS ASLR

There is a fixed gap between /boot/System.map and /proc/kallsyms. And the gap changes on every reboot.

Is there something like layout randomization?

For example,

> cat /boot/System.map
ffffffff81d2b5f0 T x86_64_start_kernel
ffffffff81d2bb33 T start_kernel
ffffffff81d2ee1b T xen_start_kernel
 
> cat /proc/kallsyms | grep start_kernel
ffffffffa4d2b5f0 T x86_64_start_kernel
ffffffffa4d2bb33 T start_kernel
ffffffffa4d2ee1b T xen_start_kernel

Yes, the Linux kernel can use ASLR (address space layout randomization), at least on x86. Actually, only the base address can be randomized at the moment.

https://stackoverflow.com/questions/31854883/symbol-addresses-in-boot-system-map-are-not-identical-to-those-in-proc-kallsy

---

system.map file

https://rlworkman.net/system.map/

https://www.opennet.ru/docs/HOWTO/Kernel-HOWTO-9.html

---

🌱 Back to Garden