memory_map не дает ожидаемых результатов в Linux

Question

Запрос .all memory_map в системе Linux дает неожиданные результаты в качестве местоположения начальной памяти = 0x00000000, а также местоположения конечной памяти = 0x00000000 для всех атрибутов. Это просто кажется странным?

Операционная система: Kali Linux

версия osquery: 4.0.2 (Текущая версия)

Я попытался выполнить поиск проблем в osquery / Issues /

Точная копия кода в CLI:

osqueryi
.all memory_map

, который дает тот же результатas:

osqueryi
SELECT * FROM memory_map

Вывод osqueryi представляет собой не что иное, как сообщение о том, что он использует виртуальную базу данных следующим образом.

Using a virtual database. Need help, type '.help'

Ивывод .all memory_map выглядит следующим образом:

+-------------------------------+------------+-------------+
| name                          | start      | end         |
+-------------------------------+------------+-------------+
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| Video ROM                     | 0x00000000 | 0x00000000  |
| Adapter ROM                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System ROM                    | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| ACPI Non-volatile Storage     | 0x00000000 | 0x00000000  |
| ACPI Tables                   | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| Graphics Stolen Memory        | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:01               | 0x00000000 | 0x00000000  |
| 0000:01:00.0                  | 0x00000000 | 0x00000000  |
| PCI Bus 0000:03               | 0x00000000 | 0x00000000  |
| 0000:03:00.0                  | 0x00000000 | 0x00000000  |
| iwlwifi                       | 0x00000000 | 0x00000000  |
| PCI Bus 0000:02               | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| 0000:02:00.1                  | 0x00000000 | 0x00000000  |
| r8169                         | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| rtsx_pci                      | 0x00000000 | 0x00000000  |
| 0000:02:00.0                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:14.0                  | 0x00000000 | 0x00000000  |
| xhci-hcd                      | 0x00000000 | 0x00000000  |
| intel_xhci_usb_sw             | 0x00000000 | 0x00000000  |
| 0000:00:1f.3                  | 0x00000000 | 0x00000000  |
| ICH HD audio                  | 0x00000000 | 0x00000000  |
| 0000:00:1f.2                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:15.0                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.0              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| idma64.0                      | 0x00000000 | 0x00000000  |
| 0000:00:15.1                  | 0x00000000 | 0x00000000  |
| lpss_dev                      | 0x00000000 | 0x00000000  |
| i2c_designware.1              | 0x00000000 | 0x00000000  |
| lpss_priv                     | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| idma64.1                      | 0x00000000 | 0x00000000  |
| 0000:00:16.0                  | 0x00000000 | 0x00000000  |
| mei_me                        | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:1f.4                  | 0x00000000 | 0x00000000  |
| 0000:00:17.0                  | 0x00000000 | 0x00000000  |
| ahci                          | 0x00000000 | 0x00000000  |
| 0000:00:02.0                  | 0x00000000 | 0x00000000  |
| PCI MMCONFIG 0000 [bus 00-ff] | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| PCI Bus 0000:00               | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| INT344B:00                    | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| iTCO_wdt                      | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| pnp 00:00                     | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| IOAPIC 0                      | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| HPET 0                        | 0x00000000 | 0x00000000  |
| PNP0103:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| MSFT0101:00                   | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| dmar0                         | 0x00000000 | 0x00000000  |
| dmar1                         | 0x00000000 | 0x00000000  |
| Local APIC                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| pnp 00:07                     | 0x00000000 | 0x00000000  |
| INT0800:00                    | 0x00000000 | 0x00000000  |
| Reserved                      | 0x00000000 | 0x00000000  |
| System RAM                    | 0x00000000 | 0x00000000  |
| Kernel code                   | 0x00000000 | 0x00000000  |
| Kernel data                   | 0x00000000 | 0x00000000  |
| Kernel bss                    | 0x00000000 | 0x00000000  |
| RAM buffer                    | 0x00000000 | 0x00000000  |
+-------------------------------+------------+-------------+

Answer 1

Для таблицы memory_map требуются права доступа root. Используете ли вы root для теста?

(я могу повторить это, если я не запускаю с повышенными разрешениями)