0

Linux 系统上的查询.all memory_map给出了意外的结果,因为所有属性的 start memory location =0x00000000以及 end memory location = 0x00000000。只是看起来很奇怪吗?

操作系统: Kali Linux

osquery 版本: 4.0.2(当前)

我尝试在osquery/issues/上搜索问题

CLI 上代码的准确复制是:

osqueryi
.all memory_map

这给出了相同的结果:

osqueryi
SELECT * FROM memory_map

的输出osqueryi只是一条消息,表明它正在使用虚拟数据库,如下所示。

Using a virtual database. Need help, type '.help'

的输出.all memory_map如下:

+-------------------------------+------------+-------------+
| name                          | start      | end         |
+-------------------------------+------------+-------------+
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| Video ROM                     | 0x00000000 | 0x00000000  |
| Adapter ROM                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System ROM                    | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| ACPI Tables                   | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| Graphics Stolen Memory        | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:03               | 0x00000000 | 0x00000000  |
| 0000:03:00.0                  | 0x00000000 | 0x00000000  |
| iwlwifi                       | 0x00000000 | 0x00000000  |
| PCI Bus 0000:02               | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| r8169                         | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| rtsx_pci                      | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:14.0                  | 0x00000000 | 0x00000000  |
| xhci-hcd                      | 0x00000000 | 0x00000000  |
| intel_xhci_usb_sw             | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.2                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:15.0                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.0              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| 0000:00:15.1                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.1              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| 0000:00:16.0                  | 0x00000000 | 0x00000000  |
| mei_me                        | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:1f.4                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI MMCONFIG 0000 [bus 00-ff] | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| IOAPIC 0                      | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| HPET 0                        | 0x00000000 | 0x00000000  |
| PNP0103:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| dmar0                         | 0x00000000 | 0x00000000  |
| dmar1                         | 0x00000000 | 0x00000000  |
| Local APIC                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| INT0800:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Kernel code                   | 0x00000000 | 0x00000000  |
| Kernel data                   | 0x00000000 | 0x00000000  |
| Kernel bss                    | 0x00000000 | 0x00000000  |
| RAM buffer                    | 0x00000000 | 0x00000000  |
+-------------------------------+------------+-------------+
4

2 回答 2

1

memory_map表需要 root 权限。您是否使用root进行测试?

(如果我不以提升的权限运行,我可以复制它)

于 2019-10-30T13:52:15.773 回答
0

更新:是的,我使用的是 root 用户。我最终将我的系统更改为 Kubuntu 19.04,它就像一个魅力。

于 2021-06-16T18:57:28.083 回答