Not login
0

[143]  Linux `lm` 不工作,可能是因为Read module entry failed

asked 2020-06-26 10:08:20 +0800

xyl gravatar image

updated 2020-06-26 16:17:37 +0800

运行lm,列不出modules。

lm start end module name

用的是内置的kernel,加了个参数nokaslr

geduer@gdk:~$ uname -a Linux gdk 5.0.0-23-generic #24~18.04.1-Ubuntu SMP Mon Jul 29 16:12:28 UTC 2019 x8664 x8664 x8664 GNU/Linux geduer@gdk:~$ cat /proc/cmdline BOOTIMAGE=/boot/vmlinuz-5.0.0-23-generic root=UUID=fa675f11-698d-4d70-a28f-eac0617cdd5b ro nokaslr

log:

File View Output
Nano Debugger (NDB) 1.0.258
Starting...
Starting KD session type=usb3,proto=dcid,ipc=open,opt=rxs

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

All logic CPU threads detected: 1000 1001 1002 1003
Switched to processor 0, its device id is 0x1000
Kernel Debugger connection established
Found NGB marker in target memory at ffffffffff5ff000
Found NGB marker in target memory at ffffffffff5ff000
Found NGB marker in target memory at ffffffffff5ff000
**Read module entry failed** Connected to Windows 7 7601 x64 target at (Fri Jun 26 09:57:57.466 2020 (UTC + 8:00)), ptr64 TRUE
Symbol search path is: srv*
Executable search path is:
Unable to create shared user data image
Found NGB marker in target memory at ffffffffff5ff000
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
Unable to read KTHREAD address 00000000000000b8
Unable to get PEB pointer

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
KdDebuggerData.KernBase < SystemRangeStart
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
Found NGB marker in target memory at ffffffffff5ff000
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
Windows 7 Kernel Version 7601 MP (4 procs) Free x64
Machine Name:
Kernel base = 0xffeeffee`80000000 PsLoadedModuleList = 0xfffd0000`00004028
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
Found NGB marker in target memory at ffffffffff5ff000
Unable to read KTHREAD address 00000000000000b8
System Uptime: not available
Found NGB marker in target memory at ffffffffff5ff000
ffffffff`81a36897 65488b0425005c0100 mov rax,qword ptr gs:[15C00h]
lm
start end module name
0: kd>
0%100%
edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-06-26 16:17:17 +0800

xyl gravatar image

updated 2020-06-26 22:13:04 +0800

[update] 更新了udb.ko, 好了。应该是随机带的ndb的bug。

depmod也运行了。 用了网站上提供的nbd代码,重新编译个ndb.ko来替换,效果更差。 lsmod显示ko已经加载了。但是用nanodebug,能断住,但连ndb都连不上。

Nano Debugger (NDB) 1.0.258
Starting...
Starting KD session type=usb3,proto=dcid,ipc=open,opt=rxs

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

All logic CPU threads detected: 1000 1001 1002 1003
Switched to processor 0, its device id is 0x1000
Kernel Debugger connection established
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
Debug API version does not match system version
64-bit machine not using 64-bit API
Debugger data list address is NULL
Connected to eXDI Device 0 x64 target at (Fri Jun 26 16:07:59.989 2020 (UTC + 8:00)), ptr64 TRUE
Symbol search path is: srv*
Executable search path is:
Unable to create shared user data image
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
eXDI Device Kernel Version 0 UP Free x64
Machine Name:
Primary image base = 0x00000000`00000000 Loaded module list = 0x00000000`00000000
System Uptime: not available
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
ffffffff`81a36897 65488b0425005c0100 mov rax,qword ptr gs:[15C00h]
lm
start end module name
g
Switched to processor 0, its device id is 0x1000
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
ffffffff`81a36897 65488b0425005c0100 mov rax,qword ptr gs:[15C00h]
kv
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
Could not fetch any stack frames
k
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
Could not fetch any stack frames
k
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
Could not fetch any stack frames
kv
Failed to find NDB marker in target memory after scanning 5 pages from base ffffffffff5fe000
ReadSysPara failed with 0x80004005.
If you are debugging Linux kernel, please make sure ndb.ko is loaded.
It can be loaded by: sudo modprobe ndb
Could not fetch any stack frames
g

看了下kernel log,有错

[ ...
(more)
edit flag offensive delete link more

Comments

更新log,在新的机器上用实验。

xyl gravatar image xyl  ( 2020-06-26 19:26:18 +0800 ) edit
add a comment
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2020-06-26 10:08:20 +0800

Seen: 24 times

Last updated: Jun 26 '20

Related questions

调试Linux内核如何加载模块符号?

nano code 连接Linux调试一直卡在starting session

如何调试Linux内核模块(驱动)

如何删除多余的GRUB启动项

gdk7 用dci open进行Linux内核调试时无法查看栈回溯

关闭