0

I'm using EDK2 to write a System Management Mode (SMM) driver. I think it uses "Pure C", given the fact that I'm not able to use standard C library like stdio. Even if I #include <stdio.h> it throws me an error undefined reference to "fopen" when I use any function like fopen("/proc/kallsyms", "rb").

In my understanding, this SMM driver (btw I'm writing code inside PiSmmCore.c) doesn't run on top of the OS, it runs on a different layer (correct me if I'm wrong, please). So given that context, if I can't use fopen, fread etc how can I access files like /proc/kallsyms?

Any help would be appreciated (even if it's just to say "hey man, you're wrong in your assumptions, try reading this article" or something). Thank you!

Allan Almeida
  • 13
  • 2
  • Yeah, OS drivers don't use the usual libraries, they operate near or at the metal, and make the syscalls possible. SMM drivers, being outside an OS, aren't going to be talking to OSes at all, I think, save that they can probably look at the memory and figure out whatever they'd like, as long as they know what they are looking for. – Hack Saw Oct 26 '22 at 20:55
  • @HackSaw That makes a lot of sense! And there lives the problem: I’m already able to look at the physical memory from the SMM driver but I don’t know where to look at, that’s why I need `/proc/kallsyms` , to tell the SMM driver the addresses of certain symbols so it’ll read the values of those symbols. Any ideas on how to achieve that? – Allan Almeida Oct 27 '22 at 12:32
  • To be honest, I'm not sure there is, because of address space layout randomization. This paper from 2016 might have clues, but was written before ASLR, and importantly Kernel ASLR was implemented: https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-016-0038-z – Hack Saw Oct 28 '22 at 13:40
  • 1
    Thanks, @HackSaw . Will definitely take a look at that article! Best regards! – Allan Almeida Oct 29 '22 at 16:25

0 Answers0