Feb 11 · 11 min read · What is the Linux Kernel? Think of the Linux Kernel as the "boss" of your computer. It’s the core software that bridges the gap between your apps and the actual physical hardware. Here is a summary of how it works and what it does: The Basics: What i...
Join discussion
Feb 6 · 5 min read · 在 eBPF 开发中,辅助函数(Helper Functions)是连接沙箱代码与内核原生的唯一桥梁, 辅助函数既不是动态加载的插件,也不是脆弱的符号引用。它们是在内核启动那一刻,由引导代码根据链接脚本的‘施工图’,强行焊接在内存只读区域的物理基石。 本文起源于我在开发ebpf程序时思考辅助函数到底是什么?它和内核提供的其他函数有什么区别? 。 本文记录了我是如何通过源码分析、逆向思考和底层调试,一步步打通 eBPF 辅助函数逻辑的全过程。所有的代码均出自于5.15.0-139内核源码 第一...
Join discussionFeb 3 · 3 min read · Overview The Linux kernel is the core component of the Linux operating system, serving as an intermediary between hardware and software. Developed by Linus Torvalds and released in 1991, it has evolved significantly over the years and is now maintain...
Join discussion
Feb 1 · 3 min read · Linux is built around a small set of powerful components. Understanding these core concepts helps you use Linux confidently and debug real systems faster. 1. Core Components of Linux The diagram below shows how Linux components are layered and intera...
Join discussion
Jan 27 · 3 min read · 📝 Quick Summary: Singularity is a stealthy Linux Kernel Module (LKM) rootkit for modern 6.x kernels, utilizing ftrace for advanced system call hooking. It offers comprehensive features for hiding processes, files, and network connections, alongside ...
Join discussionJan 10 · 3 min read · Fedora KDE (Plasma), modern Linux dünyasının en dengeli dağıtımlarından biridir. Hem en güncel paketleri sunar hem de kurumsal bir ciddiyetle kararlılığı korur. Ancak, sistemden tam verim almak için kurulumdan hemen sonra yapılması gereken bazı kriti...
Join discussionJan 10 · 4 min read · 0.前期准备 我们知道在x86架构下的linux操作系统中,地址变化一直是一个头痛(?)的问题,虚拟地址到物理地址的映射离不开段页式管理,而在早期的内核版本中分段式管理占据主要地位,分页式管理作为可选机制(CR0.PG = 1)。而在现代版本中,段式管理极度弱化,只剩下页式管理。 在虚拟化的环境下,外部如何实现对一块内存进行监控会遇到三个问题: 1.EPT修改权限只能按照gpa修改,然而我们面对的是gva/gla(由于分段式弱化,这俩个可以看成是一个东西),比如说某个对象的某个字段/某个模块的某...
Join discussionJan 9 · 5 min read · The Core The Kernel is the sovereign of the operating system. It is the only program that has full access to the hardware (Ring 0). Everything else—your shell, your browser, Docker—lives in "User Space" (Ring 3) and must politely ask the Kernel to do...
Join discussion
Jan 9 · 4 min read · The Philosophy "C assumes you know what you are doing." It does not have Garbage Collection. It does not stop you from accessing invalid memory. It is a razor-sharp tool that gives you direct access to the hardware. If you want to build a Web App, u...
Join discussion
