patching kernels with dd

Alexander Dupuy dupuy at cs.columbia.edu
Wed Jan 30 13:14:02 AEST 1991 

We have an ancient 3b2 on our local ethernet, and since it doesn't understand
the new-style (net.255.255) broadcast addresses, it creates a micro ARP-storm
every time another machine sends out a broadcast.  Since the TCP/IP code on
this creaking box is the TWG TCP/IP, which is an adaptation of the Berkeley
code, I thought, "no problem, I'll just patch _ipforwarding to 0 using adb".

After getting onto the beast and running "nm /unix" (yep, no VM on this 'un),
and seeing that ipforwarding did exist, I tried "adb -w /unix /dev/kmem".

No joy in mudville.  3b2 System V has something called "sdb", but no tried and
true "adb".  I asked the fine net.people on comp.sys.att how to patch the
kernel, and only came up with this:

	I would get the address from nm for the variable, ipforwarding and then
	do an fseek into /dev/kmem to the address and write the value required.
	A small piece of c -code should do the job. Microport Unix used to come
	with a utility called 'patch' with which you could patch into obj files
	or the kernel. I had lifted patch from microport unix and tried on AT&T
	Unix SYS V 3.2 and it did work.

Unfortunately, Microport only runs on 386 boxes, and there's a slight hardware
incompatibility with the WE32000 processor.  So I was faced with the ugly task
of writing a program using nlist et al. (actually, all the COFF-routines, if I
wanted to do this right, and patch /unix as well as /dev/kmem) on a system
which only had a lobotomized debugger.

As I was explaining this to someone (this always seems to help) I realized that
there was no need to write a program to do an fseek when good old "dd" could
do the dirty deed itself.

So I added the following two lines to one of the rc.files, and now the poor
user of the 3b2 has to wait an extra minute for the snail-fast machine to nlist
/unix, but more importantly, the broadcasts have been stopped.  (Note that the
incantation /ipforwardingB0 refers to a file with 4 zero bytes in it).

	set `nm /unix | grep ipforwarding | tr \| ' '`
	dd bs=1 count=4 seek=$2 of=/dev/kmem if=/ipforwardingB0

I guess if I were a real System V guru, I could figure out the offset of the
ipforwarding variable in /unix using six different invocations of dump with the
appropriate flags and then patch /unix using dd, but frankly, my dear, I don't
give a damn.

@alex
--
-- 
inet: dupuy at cs.columbia.edu
uucp: ...!rutgers!cs.columbia.edu!dupuy

More information about the Comp.sys.att mailing list