memory_map 未在 Linux 中给出预期结果

Question

Linux 系统上的查询 .all memory_map 给出了意想不到的结果，因为所有属性的起始内存位置 = 0x00000000 以及结束内存位置 = 0x00000000。是不是觉得很奇怪？

操作系统： Kali Linux

osquery 版本： 4.0.2（当前）

上搜索问题

CLI 上代码的精确复制是：

osqueryi
.all memory_map

与以下结果相同：

osqueryi
SELECT * FROM memory_map

osqueryi 的输出只不过是一条消息，表明它正在使用虚拟数据库，如下所示。

Using a virtual database. Need help, type '.help'

而.all memory_map的输出如下：

+-------------------------------+------------+-------------+
| name                          | start      | end         |
+-------------------------------+------------+-------------+
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| Video ROM                     | 0x00000000 | 0x00000000  |
| Adapter ROM                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System ROM                    | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| ACPI Tables                   | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| Graphics Stolen Memory        | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:03               | 0x00000000 | 0x00000000  |
| 0000:03:00.0                  | 0x00000000 | 0x00000000  |
| iwlwifi                       | 0x00000000 | 0x00000000  |
| PCI Bus 0000:02               | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| r8169                         | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| rtsx_pci                      | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:14.0                  | 0x00000000 | 0x00000000  |
| xhci-hcd                      | 0x00000000 | 0x00000000  |
| intel_xhci_usb_sw             | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.2                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:15.0                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.0              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| 0000:00:15.1                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.1              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| 0000:00:16.0                  | 0x00000000 | 0x00000000  |
| mei_me                        | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:1f.4                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI MMCONFIG 0000 [bus 00-ff] | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| IOAPIC 0                      | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| HPET 0                        | 0x00000000 | 0x00000000  |
| PNP0103:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| dmar0                         | 0x00000000 | 0x00000000  |
| dmar1                         | 0x00000000 | 0x00000000  |
| Local APIC                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| INT0800:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Kernel code                   | 0x00000000 | 0x00000000  |
| Kernel data                   | 0x00000000 | 0x00000000  |
| Kernel bss                    | 0x00000000 | 0x00000000  |
| RAM buffer                    | 0x00000000 | 0x00000000  |
+-------------------------------+------------+-------------+

Answer 1

memory_map table 需要 root 权限。您是否使用 root 进行测试？

（如果我不运行提升权限，我可以复制它）

Answer 2

更新：是的，我使用的是 root 用户。我最终将我的系统更改为 Kubuntu 19.04，它在那里工作得很好。

memory_map 未在 Linux 中给出预期结果

memory_map does not give expected results in Linux

osquery