Proposal for empowering PEView - add detection of BSD UNIX kernel modules (.ko) #363
Comments
The ELF support in peviewer is for WSL on Windows 10 and WSL doesn't support kernel modules which is why those modules are unsupported: I fixed the issue but don't expect peviewer to support ELF binaries for platforms other than Windows. |
|
Got it. I just out of habit, I tested for something that is at hand. :) |
|
Where did you get those ELF header structures? |
|
The definitions are split across multiple repositories for Linux and Binutils: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Latest Git revision PEView can success detect some ELF binary like FreeBSD .so modules (dynamic library), but can't detect dynamic loadable kernel modules (.ko).
I think that if there is time, it makes sense to add their detection. Such module for FreeBSD 11.0 AMD64 is available in the tarball of virtualbox-ose-additions-5.1.8.txz - /boot/modules/vboxguest.ko. The difference between this type of module and ordinary .so is that it runs in the address space of the kernel and can contain both dynamic libraries and hardware drivers or installable file systems. In its structure, these are ELF executable modules and, instead of the current message about an unrecognized module type, you can display a message like "Dynamically loadable UNIX kernel module," and analyze them like the same .so modules.
Examples for testing: virtualbox-ose-additions-5.1.8.txz.zip (the .txz extension is equivalent to .tar.xz and is now used for all XZ (LZMA) compressed tarballs on FreeBSD UNIX ports).
The text was updated successfully, but these errors were encountered: