Description
You receive RAM captures on three machines, and you are looking for the address of the first kernel instruction (using the _stext function) for each of them.
The flag is in the format FCSC{phys-virt-direct} where:
physis the physical address of the first kernel instruction,virtis the virtual address of the first kernel instruction in the kernel text mapping area,directis the virtual address of the first kernel instruction in the direct mapping area.
All addresses are 64 bits, in hexadecimal format with a 0x prefix.
For example: FCSC{0x0123456789abcdef-0x01234567876543210-0xfedcba9876543210}.
Files
-
stripped.mem.xz
36.57 MiB – c9c95c1e000bcd6cac7f3913a36b40a865f32dc8e48ffb641f0f9ed15df8f988
Author
kernx
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.