patching kernels with dd
Alexander Dupuy
dupuy at cs.columbia.edu
Wed Jan 30 13:14:02 AEST 1991
We have an ancient 3b2 on our local ethernet, and since it doesn't understand
the new-style (net.255.255) broadcast addresses, it creates a micro ARP-storm
every time another machine sends out a broadcast. Since the TCP/IP code on
this creaking box is the TWG TCP/IP, which is an adaptation of the Berkeley
code, I thought, "no problem, I'll just patch _ipforwarding to 0 using adb".
After getting onto the beast and running "nm /unix" (yep, no VM on this 'un),
and seeing that ipforwarding did exist, I tried "adb -w /unix /dev/kmem".
No joy in mudville. 3b2 System V has something called "sdb", but no tried and
true "adb". I asked the fine net.people on comp.sys.att how to patch the
kernel, and only came up with this:
I would get the address from nm for the variable, ipforwarding and then
do an fseek into /dev/kmem to the address and write the value required.
A small piece of c -code should do the job. Microport Unix used to come
with a utility called 'patch' with which you could patch into obj files
or the kernel. I had lifted patch from microport unix and tried on AT&T
Unix SYS V 3.2 and it did work.
Unfortunately, Microport only runs on 386 boxes, and there's a slight hardware
incompatibility with the WE32000 processor. So I was faced with the ugly task
of writing a program using nlist et al. (actually, all the COFF-routines, if I
wanted to do this right, and patch /unix as well as /dev/kmem) on a system
which only had a lobotomized debugger.
As I was explaining this to someone (this always seems to help) I realized that
there was no need to write a program to do an fseek when good old "dd" could
do the dirty deed itself.
So I added the following two lines to one of the rc.files, and now the poor
user of the 3b2 has to wait an extra minute for the snail-fast machine to nlist
/unix, but more importantly, the broadcasts have been stopped. (Note that the
incantation /ipforwardingB0 refers to a file with 4 zero bytes in it).
set `nm /unix | grep ipforwarding | tr \| ' '`
dd bs=1 count=4 seek=$2 of=/dev/kmem if=/ipforwardingB0
I guess if I were a real System V guru, I could figure out the offset of the
ipforwarding variable in /unix using six different invocations of dump with the
appropriate flags and then patch /unix using dd, but frankly, my dear, I don't
give a damn.
@alex
--
--
inet: dupuy at cs.columbia.edu
uucp: ...!rutgers!cs.columbia.edu!dupuy
More information about the Comp.sys.att
mailing list