Sparc Solaris Hacking Notes

2 References have been doing me wonders for learning about Solaris kernel hacking. I definitely am leaning towards looking for exploit in the Solaris 8 kernel. A slab overflow.

Learning about the Solaris memory architecture is important. The following:
1) Seperated Kernel vs. Userland memory map (cannot reference userland address from kernel land)
Phrack 64 has a great article on how to embed shellcode in argv[1] and get an address to it in kernel land by use of thread_t struct and offsets to it that point directly to that argv I want.
2) Shell Coders Handbook (SCH) focuses on heap overflow, and phrack details slab overflow.