For anyone using the Arch Linux distro, I recommend you use the pre-built version instead of build the bash from source. I spent hours figuring out how to build a static library for libtinfo as it's not available on the distro (yeah, I know, there's definitely a way to build it; I just lack knowledge and need to learn more ^^).
That's a good point, I haven't tried this on Arch but I'll pin this comment so it could help others as well, additionally here are instructions for downloading a prebuilt static bash on Ubuntu/Debian, after running this you will have bash-static in /tmp/bash-files/bin: "apt download bash-static && mkdir /tmp/bash-files && dpkg -x bash-static*.deb /tmp/bash-files"
@@CryptAmine no, by prebuilt, I mean download the bash's binary from somewhere.. I recommend to pull it from the debian distro (the package name is bash-static), and extract it with dpkg-deb command. (it seems my comment was flagged as spam or smth, I need to rephrase it multiple times, so it passed the comment filter and finally visible to the public)
I just built the bash for just less than a minute, following the simple steps from the README file, I use Arch, and I downloaded the source code from the GNU site, maybe the problem is not in Arch, but in the specific settings of your system
I like these videos because it it gives a good cross sectional exposure of knowledge: +GDB +C +Linux Kernel Hacking +Binary +Assembly +VMs +Unix commands Informative to me and sharing it with my friend who is getting spun up in computers. Alright nicely with the learning I am doing building the Ben Eater 6502 computer. Thank you!
Ya, I tried to grasp all this, but I need to learn how to use GDB properly, kernel building and then run this kernel in some VM. But he gives a nice simple example about how the kernel loads binary programs into memory. Thanks Nir Lichtman.
@LinuxIsBetter43 yes, because the core stuff remained similar and the book is high quality, but that is good point to keep in mind that the book is quite old and that the source of truth is always the source so it is a good idea to also examine the relavent source along with the according section in the book and to keep in mind that some information may be outdated
I've been learning about kernel development lately, and every day I'm reminded how complicated and intricate the Linux kernel is. Incredible video as always, thank you!
your knowledge about kernel and debugging is brutal :D I use Linux over 30 years and everytime I look your videos, I feel like a noob, please more videos
Fantastic video! I learned so much in so little time. I learned a ton about using GDB, and seeing the internals work like this is fascinating. Thanks for doing this!
Amazing, this is a very great way to learn something by practice. I see many videos explaining this with theoric approach, but you bring a completly different way to explain that topic. Thanks a lot !
@@NistenTahiraj over my few years as a software engineer, I've really realised that the setup/tools senior engineers use are just what they feel comfortable with. I've seen cracked linux devs on windows, and shitty devs on openbsd/nixos.
Don't matter how good linux is, windows still has better out-of-the-box experience and comes pre-installed, maybe in a future with more atomic Linux distros and better support that start changing(and btw 40% of devs uses Linux, so it's growing and windows becoming annoying lol)
Very accurate (indeed no other hard currency other than the source code!) and enjoyable, thank you very much! One small addition would be to show the stack before and after iretq ;)
@nirlichtman Thanks, yes I know - MS removed the 16-bit subsystem from the x64 OS line, so the original wouldn‘t run, and also not support long file names 😉 But I‘m sure you know.
Yup very deep dive. Bro how did you study so deep dive. I have 8 years of experience in coding but I don't have deeper knowledge like you. Very nice. Hope I can also achieve that level of knowledge
I happened to just research how the Windows kernel runs .exe programs yesterday and found that the two are very similar in their overall ideas. The difference is the specific function names.
@LinuxIsBetter43 Windows NT was made way before Linux had any semblance of popularity and the concept of "open source" as it's known today didn't exist back then. It was only a thing in hacker communities, corporations still used only proprietary or in-house solutions.
@LinuxIsBetter43 WindowsNT was designed and written by an experienced team that already had VMS and the MICA project to its credit. Dave Cluter was in charge and the NT project took off in 1988. By 1993 it was a ready-to-sell project. Linux at that time was completely underdeveloped. E.g. threads didn't appear on Linux until 2000, and dynamic modules in 2003. Windows had these basic things since 1993. Linux was years behind.
Is there a reason as to why the first page of code isn't loaded as soon as the new process is "started" ? (why wait for it to immediately page fault instead ?)
@@Sadiinso my best guess is that it wouldn't save that much performance, and the page fault handling is a very generic mechanism that applies to a lot of cases outside of this one too
Yah, that's a good point, I thought about it as well, @art0007i makes a good point, indeed it probably wouldn't be much of a performance gain, especially considering that execve is a relatively "uncommon" operation
q stands for quad-word since this is x64 (addresses are 64bit so "quad" bytes), I actually wanted to also show the instruction documentation in the Intel SDM but in the end decided not to since the video got longer than I anticipated
Are you referring to the START_THREAD macro? in the flow demonstrated in the video it just passes through almost all the arguments to start_thread, except the first argument.
Wow but how do windows exe executed in kernel and what is used in the kernel for it to ran because the kernel it self in sys32 folder is an exe so how do it ran?
A combination of reading docs, sections from books, watching videos/lectures, articles and alongside that working with debuggers and the source code to see things in practice. I have a list of recommended learning resources BTW on my welcome link on the channel.
Nah, I recommend the exact opposite. Familiarize yourself with debugging in general, ideally with a very graphically visible and user-friendly debugger a-la VSCode. When you understand these things, gdb will make perfect sense, albeit having very limited visibility. CLI gdb feels like driving a car, but with a terminal, rather than with my eyes and hands
You probably forgot to call the exit system call, it's important since now the entry point is your main function and not the standard library C entry point, so it's your responsibility to exit from the program.
@@nirlichtmanThanks for your answer, but I have used _exit(0xa4). Everything works fine without --entry main. BTW. I'm using Ubuntu 22.04.3 LTS in WSL as my environment.
This is amazing content. So much information with almost no "magic" happening. However, I couldn't follow completely regarding the ip register 😅 the kernel loads the virtual address of the programs code section into the ip register of a task struct associated with the hello process that's not yet running right? But is there something happening before returning to user mode? I would have expect that the scheduler runs first and picks a task struct(which hello is now one of them) and in case it picks hello we end up in user mode where you end up but we could also end up at another user mode process. So I don't completely got where the scheduler schedules the hello process and writes it's register values to the HW. I guess what you showed was only writing to a task struct that will be written to hw when the process is scheduled?
Thanks! Regarding the instruction pointer, a few corrections, first notice that the kernel loads the address of the entry point function to the instruction pointer (and not the address of the beginning of the text section). secondly, an important clarification regarding execve, it does not create a new process but rather "switches" the process that called execve to be a different program, so the kernel does not need to create a new process in this flow (new process creation can be done with fork or clone for example, but both of them do not switch the process to be a totally different program, so a common flow is to first fork/clone and then execve). The scheduler will eventually kick in and re-estimate which process to run next, but after the kernel finishes handling the system call and the iret instruction is executed, control is returned back to the last user mode process that was run, which is now starting with the completely new program and with the instruction pointer set to the entry point
i am having trouble compiling the linux kernel on my machine: when running `make` after doing all configs and getting everything downloaded the build process terminates on libelf headers because there are macros that are undefined, and linux includes them with `-Werror` which turns warnings into errors. is there any easy way to fix this issue? i searched online and found this was a common issue but did seem to find any fix for it
Interesting haven't stumbled upon a problem like this, but in general you can config the kernel to not treat warnings as errors by going to the menuconfig -> general settings and unchecking that box, not an optimal solution since it wouldn't treat the source of the problem, but it can help you at least get past this right now and successfully build the kernel before investigating further if you would want.
@@nirlichtman i tried doing just that and with `defconfig` configuration and it seems to ignore that - still passes `-Werror=undef` to the compiler. just tried with `tinyconfig` instead and everything seems to work now. i checked and tinyconfig by default doesnt check warnings as errors Edit: checking the `64-bit kernel` option seems to trigger this no matter what
@@FintMC Hmm, may be a bug in the kernel, are you using the upstream master from torvalds? I would recommend trying to pinpoint the exact location in the makefiles where it still passes the warning as error flag, from what you have sent so far seems the problem is around ELFs so maybe it is related to the fs/ Makefiles, if you have an idea how to fix, you can submit a patch if you want
@@nirlichtman the errors seem to occur anywhere any libelf header is included, i tried to edit those directly to define undefined macros with 0s (bad solution but it works), now i get more other errors from the actual kernel code. i tried to edit the config to see whether there was the warning->error option and it appeared unset so i set it to 'n' and all warnings are still errors after rerunning make E: the config seems to update and unset the CONFIG_WERROR option, which still doesnt apply
If you use defconfig, but uncheck the ELF format support option in the executable formats supported menu in the menuconfig, does it build successfully?
What is "misc_format"? There is elf_format, script_format and misc_format. He explain two of this. But what is misc_format? Something from older kernerls?
Misc format is a binary format that enables loading other custom binary formats that are not supported in the kernel, it does so by recognizing the type of the format and loading the appropriate kernel module that can handle it (more info about this in the kernel docs)
Correction, it doesn't load an appropriate kernel module, but rather just invokes the appropriate interpreter binary, for more: docs.kernel.org/admin-guide/binfmt-misc.html
@ thanks! I have watched and enjoyed those videos too. At some point, when you have time, make a video on using windbg to debug applications and read application memory dumps? The existing videos are focused towards windows internals
@suzukiaccess5022 oh you mean a source level application debugging video, and a video about analyzing crash dumps of apps that crashed? good ideas i'll consider those for future vids
You mean split screen? I like using Vim built-in window managment commands (I have a vid on that). And to search functions in GDB, check out "info func" (help info)
For anyone using the Arch Linux distro, I recommend you use the pre-built version instead of build the bash from source. I spent hours figuring out how to build a static library for libtinfo as it's not available on the distro (yeah, I know, there's definitely a way to build it; I just lack knowledge and need to learn more ^^).
That's a good point, I haven't tried this on Arch but I'll pin this comment so it could help others as well, additionally here are instructions for downloading a prebuilt static bash on Ubuntu/Debian, after running this you will have bash-static in /tmp/bash-files/bin: "apt download bash-static && mkdir /tmp/bash-files && dpkg -x bash-static*.deb /tmp/bash-files"
You mean we should use pacstrap instead of building from source ? Cuz I've never seen someone building bash before anyways ( till now )
@@CryptAmine no, by prebuilt, I mean download the bash's binary from somewhere.. I recommend to pull it from the debian distro (the package name is bash-static), and extract it with dpkg-deb command. (it seems my comment was flagged as spam or smth, I need to rephrase it multiple times, so it passed the comment filter and finally visible to the public)
I just built the bash for just less than a minute, following the simple steps from the README file, I use Arch, and I downloaded the source code from the GNU site, maybe the problem is not in Arch, but in the specific settings of your system
@@reyuki-i why would you download the binary from elsewhere? You should just do "pacman -S bash" to install it on Arch
Just what I needed 1.5h after I should've gone to bed.
@@cubeman5303 and here I am, 1:20am, watching this video and reading comments. we are doomed
@@bastawa actually, my recommendation in 1:30am
00:00 here
and i gotta wake up in 5 hours for work
@@ynav949 This is so painful!!! Yesterday at 1:20 I just finished my work, but at least I didn't have to wake up so early!
@@cubeman5303 literally watching at 1:50 am, i need to wake up in 5 hours
Is it even legal to have such a cool explanation?
@@ASSASSIN2143 No, the FBI is on its way to protect those of us working in higher education.
I don't even need to do debugging right now, but interesting to watch as a C addict.
I like these videos because it it gives a good cross sectional exposure of knowledge:
+GDB
+C
+Linux Kernel Hacking
+Binary
+Assembly
+VMs
+Unix commands
Informative to me and sharing it with my friend who is getting spun up in computers.
Alright nicely with the learning I am doing building the Ben Eater 6502 computer. Thank you!
Ya, I tried to grasp all this, but I need to learn how to use GDB properly, kernel building and then run this kernel in some VM. But he gives a nice simple example about
how the kernel loads binary programs into memory. Thanks Nir Lichtman.
This is the coolest video I saw in quite a while, How do you even get started learning all this?
Exactly what I keep asking myself
Thanks! If you wanna get started I recommend taking a look at the learning resources I maintain in the welcome link on my channel
@LinuxIsBetter43 yes, because the core stuff remained similar and the book is high quality, but that is good point to keep in mind that the book is quite old and that the source of truth is always the source so it is a good idea to also examine the relavent source along with the according section in the book and to keep in mind that some information may be outdated
@LinuxIsBetter43 i will add this disclaimer in the welcome page later, its a good point
While I often watch other YT videos on 1.5 speed, I feel like I should watch Nir's videos on 0.75 speed. So dense, so good. Thank you.
sorry 😂
I've been learning about kernel development lately, and every day I'm reminded how complicated and intricate the Linux kernel is. Incredible video as always, thank you!
That's why kernel development is devided in subsystems, and deve usually only specialize in one of them
@vilian9185 and then there is Linus Torvalds
@@BabaTova no, he also only review code of the subsystems that he knows, he never reviewed something from file system for example
I love you that when an ad starts i read the comments instead of skipping
use uBlockOrigin extension
nice!
😂
Thank God you included a newlineI hate when comments aren't formatted correctly
your tutorials are by far the most valuable ones for me (and trust me I have seen a lot others). Keep up the hard work! Really appreciate it!
your knowledge about kernel and debugging is brutal :D I use Linux over 30 years and everytime I look your videos, I feel like a noob, please more videos
Wow! I am so glad youtube recommended this to me. The knowledge here is worth several years of reading docs! Thank you!
I rarely comment on videos, but I need to say it here: this is a really good explanation. Congratulations on achieving such a nice and clear video.
Thanks!
Fantastic video! I learned so much in so little time. I learned a ton about using GDB, and seeing the internals work like this is fascinating. Thanks for doing this!
This is the exact type of content UA-cam needs. Thx 👍
This is so insanely cool! Just to see how the Kernel works on a deep level, really fun to watch!
Amazing, this is a very great way to learn something by practice. I see many videos explaining this with theoric approach, but you bring a completly different way to explain that topic. Thanks a lot !
it will never cease the bother me that the cracked linux dev I know that I learned the most from still uses a windos terminal
@@NistenTahiraj over my few years as a software engineer, I've really realised that the setup/tools senior engineers use are just what they feel comfortable with. I've seen cracked linux devs on windows, and shitty devs on openbsd/nixos.
It gives you an advantage, if you just broke the entire system, you can reinstall Ubuntu from scratch really easily
Don't matter how good linux is, windows still has better out-of-the-box experience and comes pre-installed, maybe in a future with more atomic Linux distros and better support that start changing(and btw 40% of devs uses Linux, so it's growing and windows becoming annoying lol)
@@williandamascenomusicsame thing if you use Ubuntu is a VM on linux, WSL is a VM after all
I have no idea what I just watched, yet it was amazing.
Amazing, such a clear explanation ❤ from India🇮🇳
You never fail to make me realize how little I know about this stuff!🤣 keep up the great work!
Exactly what I have been wondering but not enough to research myself !
Very interesting, this gives me a starting point to examine the linux kernel
Very nice explanation indeed. Thanks for such informative content.
This is so interesting and insightful, thank you for making such videos! I would so want to see more of these, please!
It’was really interesting tho I lack soo muck knowledge
I need to learn more, you’re giving me some nice motivation
Dude this was amazing. I will be looking into more of your videos. You seem to know what you're talking about.
Wow, just wow. This is wonderful work. Thank you.
אלוף! 😊 הסרטונים שלך מדהימים! ברכות מהלינוקס הפולני שלי! 😊
תודה!
Very accurate (indeed no other hard currency other than the source code!) and enjoyable, thank you very much! One small addition would be to show the stack before and after iretq ;)
That's a good point!
It is a crime that you only have 55k subscribers
it really is tbh he def deserves more but on the bright side at least he will be putting out vids lol
How cute - Win 3.x file manager in the task bar 😄 The epiphany alone how simple it is to create a minimalist Linux is golden and amazing! 👍
It's actually the open source continuation of it called winfile, Microsoft released the source a couple of years ago :)
@nirlichtman Thanks, yes I know - MS removed the 16-bit subsystem from the x64 OS line, so the original wouldn‘t run, and also not support long file names 😉 But I‘m sure you know.
nice video, ill see more from this channel, very interesting, i feel like if ill watch many of this ill know more about systems
Yup very deep dive. Bro how did you study so deep dive. I have 8 years of experience in coding but I don't have deeper knowledge like you. Very nice. Hope I can also achieve that level of knowledge
Great Video!! Wonderful explanation.
Niiiiiiiiiiir!!!!! How could you leave us for sooooooo long? 😢😢💔💔. Please don't ever disappear for so long. 🥰🥰
Awesome explanation in a small video 😊😊😊
Thanks a huge ..
I happened to just research how the Windows kernel runs .exe programs yesterday and found that the two are very similar in their overall ideas. The difference is the specific function names.
@LinuxIsBetter43 Windows NT was made way before Linux had any semblance of popularity and the concept of "open source" as it's known today didn't exist back then. It was only a thing in hacker communities, corporations still used only proprietary or in-house solutions.
@LinuxIsBetter43 WindowsNT was designed and written by an experienced team that already had VMS and the MICA project to its credit. Dave Cluter was in charge and the NT project took off in 1988. By 1993 it was a ready-to-sell project.
Linux at that time was completely underdeveloped. E.g. threads didn't appear on Linux until 2000, and dynamic modules in 2003. Windows had these basic things since 1993. Linux was years behind.
its like a brain surgeon explaining how they do it with a POV explanation. love it.
Very good! Very informative! Love it!
Great work!
In 6:48 how did you split gdb terminal to contain a vim window on the same path?
thanks! using Vim's windowing feature (I have a vid about multiple windows tips with Vim)
אח שלי, אתה מדהים! תוכן ברמה גבוהה!
תודה!
אלוף! 😊
make -j0 will adjust to the number of your CPU cores. Your NVMe SSD is fast enough to keep up with the I/O, even on a 24 threads processor.
Thanks for the tip!
Is there a reason as to why the first page of code isn't loaded as soon as the new process is "started" ? (why wait for it to immediately page fault instead ?)
@@Sadiinso my best guess is that it wouldn't save that much performance, and the page fault handling is a very generic mechanism that applies to a lot of cases outside of this one too
Yah, that's a good point, I thought about it as well, @art0007i makes a good point, indeed it probably wouldn't be much of a performance gain, especially considering that execve is a relatively "uncommon" operation
14:39 "iret" is interrupt-return, yes. But this is iretQ. what's the 'q' for?
q stands for quad-word since this is x64 (addresses are 64bit so "quad" bytes), I actually wanted to also show the instruction documentation in the Intel SDM but in the end decided not to since the video got longer than I anticipated
@@nirlichtman interesting. kind of like "NEAR"/"FAR" but for x64?
One of the greatest vids I saw!
can you talk about how wine picks up the windows executables you run on linux? pretty sure its a similar mechanism
that is really cool, great video! my only complaint is that you're not using the TUI mode of gdb, it's so much nicer in my opinion!
Thanks! I haven't used the TUI mode in a long time, maybe I'll give it another look some time
Excellent video. Loved it.
Very useful inormation about a lot of stuff, thank you!
nobody:
nir in every video: lets build the linux kernel
12:00 what does this macro do? (other than calling a function with the same name)
Are you referring to the START_THREAD macro? in the flow demonstrated in the video it just passes through almost all the arguments to start_thread, except the first argument.
@@nirlichtman So it just omits the 1st argument & nothing else? my thinking is, if there's a macro, there's often a reason for a macro.
Nice! :) Thankyou for the amazing video and concice explanation!
Thank you. Really interesting. I must try this out myself.
understood barely anything of it, still hella cool video 🙏🙏🙏
Just curious. Why aren’t you daily driving linux instead of windows?
Check out the common questions on the welcome link on my channel
Wow but how do windows exe executed in kernel and what is used in the kernel for it to ran because the kernel it self in sys32 folder is an exe so how do it ran?
very great video, but I have One question what is your process to learn, go deeper and more ?
A combination of reading docs, sections from books, watching videos/lectures, articles and alongside that working with debuggers and the source code to see things in practice. I have a list of recommended learning resources BTW on my welcome link on the channel.
@@nirlichtman Great thank you 😊
Why we need to download bash src code and build it?
great as always! 😊
hmm this is interesting. I just knew that i have to learn gdb more deeply
Nah, I recommend the exact opposite. Familiarize yourself with debugging in general, ideally with a very graphically visible and user-friendly debugger a-la VSCode. When you understand these things, gdb will make perfect sense, albeit having very limited visibility. CLI gdb feels like driving a car, but with a terminal, rather than with my eyes and hands
I got a segmentation fault when I compiled hello.c with the --entry main argument. Do you know what's going on?"
You probably forgot to call the exit system call, it's important since now the entry point is your main function and not the standard library C entry point, so it's your responsibility to exit from the program.
@@nirlichtmanThanks for your answer, but I have used _exit(0xa4). Everything works fine without --entry main.
BTW. I'm using Ubuntu 22.04.3 LTS in WSL as my environment.
Interesting, you can use GDB catchpoints feature to help figure out what's going on by catching the seg fault, take a look at "help catch" in GDB
@@nirlichtman
It's weird that I got SIGSEGV here. Should I reinstall glibc-static?
mov eax, dword ptr fs:[0x18]
This channel is golden!
God damn, at the end I just noticed that he's using WSL. It's just so funny 😂
Welcome back
This is amazing content. So much information with almost no "magic" happening. However, I couldn't follow completely regarding the ip register 😅 the kernel loads the virtual address of the programs code section into the ip register of a task struct associated with the hello process that's not yet running right? But is there something happening before returning to user mode? I would have expect that the scheduler runs first and picks a task struct(which hello is now one of them) and in case it picks hello we end up in user mode where you end up but we could also end up at another user mode process. So I don't completely got where the scheduler schedules the hello process and writes it's register values to the HW. I guess what you showed was only writing to a task struct that will be written to hw when the process is scheduled?
Thanks! Regarding the instruction pointer, a few corrections, first notice that the kernel loads the address of the entry point function to the instruction pointer (and not the address of the beginning of the text section). secondly, an important clarification regarding execve, it does not create a new process but rather "switches" the process that called execve to be a different program, so the kernel does not need to create a new process in this flow (new process creation can be done with fork or clone for example, but both of them do not switch the process to be a totally different program, so a common flow is to first fork/clone and then execve). The scheduler will eventually kick in and re-estimate which process to run next, but after the kernel finishes handling the system call and the iret instruction is executed, control is returned back to the last user mode process that was run, which is now starting with the completely new program and with the instruction pointer set to the entry point
Nice video.
Make us a video where you show how the kernel handles the algorithm to kill random proccess when it is out of memory
Thanks! I have a video on OOM, it's called something like what happens when Linux is out of memory
על איזה דיסטרו אתה אחי?
עריכה: כאילו אני רואה שזה WSL, אבל איזה בחרת?
דביאן
@@tomershechner arch Linux??, maybe
Gibberish writing.
This sounds like it's straight out of some made-up Star Wars language. If not, I apologise for my ignorance.
@@comradepeter87 It's Hebrew
Wonderful as always
i am having trouble compiling the linux kernel on my machine:
when running `make` after doing all configs and getting everything downloaded the build process terminates on libelf headers because there are macros that are undefined, and linux includes them with `-Werror` which turns warnings into errors.
is there any easy way to fix this issue? i searched online and found this was a common issue but did seem to find any fix for it
Interesting haven't stumbled upon a problem like this, but in general you can config the kernel to not treat warnings as errors by going to the menuconfig -> general settings and unchecking that box, not an optimal solution since it wouldn't treat the source of the problem, but it can help you at least get past this right now and successfully build the kernel before investigating further if you would want.
@@nirlichtman i tried doing just that and with `defconfig` configuration and it seems to ignore that - still passes `-Werror=undef` to the compiler. just tried with `tinyconfig` instead and everything seems to work now.
i checked and tinyconfig by default doesnt check warnings as errors
Edit: checking the `64-bit kernel` option seems to trigger this no matter what
@@FintMC Hmm, may be a bug in the kernel, are you using the upstream master from torvalds? I would recommend trying to pinpoint the exact location in the makefiles where it still passes the warning as error flag, from what you have sent so far seems the problem is around ELFs so maybe it is related to the fs/ Makefiles, if you have an idea how to fix, you can submit a patch if you want
@@nirlichtman the errors seem to occur anywhere any libelf header is included, i tried to edit those directly to define undefined macros with 0s (bad solution but it works), now i get more other errors from the actual kernel code.
i tried to edit the config to see whether there was the warning->error option and it appeared unset so i set it to 'n' and all warnings are still errors after rerunning make
E: the config seems to update and unset the CONFIG_WERROR option, which still doesnt apply
If you use defconfig, but uncheck the ELF format support option in the executable formats supported menu in the menuconfig, does it build successfully?
Nice. BTW, your viewers may enjoy watching your GDB sessions more in TUI mode ("tui enable").
Thanks, I think I tried it a little bit a couple of years ago, but that is a good idea, I'll look into it again
What is "misc_format"? There is elf_format, script_format and misc_format. He explain two of this. But what is misc_format? Something from older kernerls?
Misc format is a binary format that enables loading other custom binary formats that are not supported in the kernel, it does so by recognizing the type of the format and loading the appropriate kernel module that can handle it (more info about this in the kernel docs)
Correction, it doesn't load an appropriate kernel module, but rather just invokes the appropriate interpreter binary, for more: docs.kernel.org/admin-guide/binfmt-misc.html
@@nirlichtman Thanks
underrated user
Thank you
wow very helpful thanks 😊
Omg, this sh*t is crazy, mind blowing videos
Can you tell me how you use Linux in a Windows terminal? I look forward to you making a video about your development environment.
I use Debian with WSL, I have some info about my setup in the welcome link on my channel
@@nirlichtman That's awesome! What model of laptop do you mainly use?
@王阿哥-q2d lenovo y50
@@nirlichtman Unbelievable! You've created so many amazing videos on a 10-year-old laptop. What hardware are you using for the laptop running OpenBSD?
@王阿哥-q2d yah i am generally a fan of older stuff, but the laptop still runs great :) i am using OpenBSD with a 2009 Sony Vaio P
GDB is a bit difficult to use, I didn't understand the video (maybe it's because my skills aren't up to par)
15:25 Just do some additional research on this and found out that the "demand paging" was actually a cool example of "bug becomes a feature" 😂
how do you know all this? did you read it somewhere? trial & error? taught this? learned on-the-job?
I had the same question, What leads to here?
In general or referring to the demonstration in the video?
@@nirlichtman This video in particular, but yes, but also in general. How do you know so much? are the man pages really that good?
11:15 "to shut gcc up". Gotta love code comments lol
Can you make a video about Kernel exploits?
I don't know a lot about that topic so no videos about that planned in the near future
לאן נעלמת? כבר דאגנו יאח
@nirlichtman how about a tutorial series on windbg?
I have a couple of windbg videos on my Windows diving playlist, and next video will be a Windows topic :)
@ thanks! I have watched and enjoyed those videos too. At some point, when you have time, make a video on using windbg to debug applications and read application memory dumps? The existing videos are focused towards windows internals
@suzukiaccess5022 oh you mean a source level application debugging video, and a video about analyzing crash dumps of apps that crashed? good ideas i'll consider those for future vids
Great job!!
That went *deep*
This is awesome! I mean ... nice!
👍Thanks!
gooooood!!
now _this_ is debugging...
Really cool
I love the content made by you
💖💖💖💖
Love it
😊😊😊😊 always Kernel Security
I didn't understand shit but this is so cool anyway
His fun directory contains bash, mine contains games 😂😂
nir yamelech!!
todaa!!!
nice hacks
Could you tell me how to split the GDB and search for functions?
You mean split screen? I like using Vim built-in window managment commands (I have a vid on that). And to search functions in GDB, check out "info func" (help info)
Are you a wizard?