Menu
I just want to know the difference between System.map file and /proc/kallsyms.
I am using Linux 3.16 generic kernel. I know that both are the kernel symbol table.. When I did a compare on this files, both are having the same content.
So what is the need of having both?
902
/proc/kallsyms have symbols of dynamically loaded modules as well static code and System.map is symbol tables of only static code.
You can not be really sure if System.map will be available on your system. When kernel and system.map mismatch you keep seeing System.map does not match actual kernel warning. So in that case/proc/kallsyms is the symbols of running kernel.
System.map isn't just useful for debugging kernel oopses. A few drivers need System.map to resolve symbols since they're linked against kernel headers instead of glibc). They won't work correctly without the System.map for the particular kernel currently running.
More info on http://dirac.org/linux/system.map/
57
In short, if kaslr is not enabled,
system.map = $(nm vmlinux)
/proc/kallsysms = system.map + loaded modules's kallsyms
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
