This dir contains how to start kernel-pwn mainly for beginners including me.
We can refer to Linux kernel source code on the Internet such as on bootlin. However, having them locally is not bad for quick and detailed reference.
- Clone repo.
- checkout on any tag or commit as you like.
You can build kernel from source code cloned above, or you can use buildroot for convenience.
- Download buildroot
- untar it and make config
- use default config for x64:
-
make list-defconfigs make qemu_x86_64_defconfig
-
- custom config by yourself:
-
make allnoconfig make menuconfig
- Example of config is here.
-
- use default config for x64:
- make config for kenerl
- You can choose any version of kernel to build.
- don't forget to choose below settings
-
Toolchain -> Kernel Headers -> Same as kernel being built Kernel -> Kernel Version -> <As you want> Kernel -> Kernel configuration -> Use the architecture default configuration
-
- don't forget to choose below settings
- type
make linux-menuconfigand custom as you like. - Example of config is here
- You can choose any version of kernel to build.
- finally, build the kernel.
make -j<your max logical core number>- the outputs are placed on
output/images/.
I explore kernel on vscode with ms-vscode.cpptools-extension-pack + Vim + CTag + CScope + C/C++ Intellisence.
For better experience, I recommend to follow below instructions:
- Compile your kernel.
make menuconfig # or, just make defconfig
make -j8- Generate
compile_commands.json.
python3 ./scripts/clang-tools/gen_compile_commands.py- If your directory is for browsing-only purpose, remove compiled objects (I mean you use different dirs/sources for browsing and building kernel). Before removing them, make sure that you backuped your generated
compile_commands.json.
make clean- Edit VSCode config.
- Edit config for
C/C++ Extensions. Config file isc_cpp_properties.json. The config file would look like below. Make sure that/arch/x86/is your target arch.{ "configurations": [ { "name": "Linux", "includePath": [ "${workspaceFolder}/include/**", "${workspaceFolder}/arch/x86/**", "${default}" ], "defines": [ "__GNUC__", "__KERNEL__" ], "compilerPath": "/bin/clang-11", "cStandard": "c17", "cppStandard": "c++14", "intelliSenseMode": "linux-clang-x64", "compileCommands": "${workspaceFolder}/compile_commands.cp.json" } ], "version": 4 } - Edit config for Intellisence if needed. Config file is
compile_commands.jsonyou generated. Specify the path inc_cpp_properties.jsonas above.- In theory if you use
compile_commands.json, you don't need to specifyincludePath,defines, and so on inc_cpp_properties.json. If you define them both inc_cpp_properties.jsonandcompile_commands.json, the latter is used.
- In theory if you use
- Edit config for
- Play Smash bros, change your theme into gruvbox, which is the best theme in the world, and just wait til everything is indexed.
Sample QEMU run script is here.
qemu-system-x86_64 \
-kernel ./bzImage \
-initrd ./rootfs.cpio \
-nographic \
-monitor none \
-cpu qemu64 \
-append "console=ttyS0 nokaslr panic=1" \
-no-reboot \
-s \
-m 256Mnow writing... also refer to here...