通过mprotect去修改内存页权限的疑问

Question

通过mprotect去修改内存页权限的疑问

yangzhijia opened this issue 4 years ago · 2 comments

在stub.h代码中，会通过 mprotect(pageof(pstub->fn), m_pagesize * 2, PROT_READ | PROT_WRITE | PROT_EXEC)去修改函数指针所在的内存页的读写权限，在这里我有个疑惑，请教下您，函数指针所在的页应该属于代码段，属于不可修改的部分，为什么这里会修改成功呢？

Answer 1 · 2021-06-02T08:55:10.000Z

Linux系统加载程序，给进程分配内存，按ELF段（Segment ）加载到内存里，每个段都有对应的权限，代码段就是可读可执行，但之后是可以通过系统调用mprotect改变内存属性的，如你所看到的把代码段加上了可写权限。

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                 0x00000000000002d8 0x00000000000002d8  R      0x8
  INTERP         0x0000000000000318 0x0000000000000318 0x0000000000000318
                 0x000000000000001c 0x000000000000001c  R      0x1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000728 0x0000000000000728  R      0x1000
  LOAD           0x0000000000001000 0x0000000000001000 0x0000000000001000
                 0x00000000000004a5 0x00000000000004a5  R E    0x1000
  LOAD           0x0000000000002000 0x0000000000002000 0x0000000000002000
                 0x0000000000000280 0x0000000000000280  R      0x1000
  LOAD           0x0000000000002d90 0x0000000000003d90 0x0000000000003d90
                 0x0000000000000280 0x0000000000000288  RW     0x1000
  DYNAMIC        0x0000000000002da0 0x0000000000003da0 0x0000000000003da0
                 0x0000000000000200 0x0000000000000200  RW     0x8
  NOTE           0x0000000000000338 0x0000000000000338 0x0000000000000338
                 0x0000000000000020 0x0000000000000020  R      0x8
  NOTE           0x0000000000000358 0x0000000000000358 0x0000000000000358
                 0x0000000000000044 0x0000000000000044  R      0x4
  GNU_PROPERTY   0x0000000000000338 0x0000000000000338 0x0000000000000338
                 0x0000000000000020 0x0000000000000020  R      0x8
  GNU_EH_FRAME   0x0000000000002044 0x0000000000002044 0x0000000000002044
                 0x0000000000000074 0x0000000000000074  R      0x4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x10
  GNU_RELRO      0x0000000000002d90 0x0000000000003d90 0x0000000000003d90
                 0x0000000000000270 0x0000000000000270  R      0x1

 Section to Segment mapping:
  Segment Sections...
   00
   01     .interp
   02     .interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.versio
n_r .rela.dyn .rela.plt
   03     .init .plt .plt.got .plt.sec .text .fini
   04     .rodata .eh_frame_hdr .eh_frame
   05     .init_array .fini_array .dynamic .got .data .bss
   06     .dynamic
   07     .note.gnu.property
   08     .note.gnu.build-id .note.ABI-tag
   09     .note.gnu.property
   10     .eh_frame_hdr
   11
   12     .init_array .fini_array .dynamic .got

Answer 2 · 2024-06-28T06:48:27.000Z

我也存在个问题，在qnx系统中，执行mprotect函数权限会被拒绝，我查询了qnx文档，所述需要通过procmgr_ability函数来赋予权限，但是当执行到procmgr_ability函数时，会发生memory fault，请问这是什么原因导致的？该如何解决？