c++ - How to trap memory reads and writes using sigsegv? -

-

how trick linux thinking memory read/write successful? writing c++ library such reads/writes redirected , handled transparently end user. anytime variable written or read from, library need catch request , shoot off hardware simulation handle data there.

note library platform dependent on:

linux ubuntu 3.16.0-39-generic #53~14.04.1-ubuntu smp x86_64 gnu/linux

gcc (ubuntu 4.8.2-19ubuntu1) 4.8.2

current approach: catch sigsegv , increment reg_rip

my current approach involves getting memory region using mmap() , shutting off access using mprotect(). have sigsegv handler info containing memory address, export read/write elsewhere, increment context reg_rip.

void handle_sigsegv(int code, siginfo_t *info, void *ctx) {     void *addr = info->si_addr;     ucontext_t *u = (ucontext_t *)ctx;     int err = u->uc_mcontext.gregs[reg_err];     bool is_write = (err & 0x2);     // send data read/write simulation...     // continue execution of program incrementing rip     u->uc_mcontext.gregs[reg_rip] += 6; }

this works simple cases, such as:

int *num_ptr = (int *)nullptr; *num_ptr = 10;                          // write segfault

but more complex, receive sigabrt:

30729 illegal instruction (core dumped) ./$target

using mprotect() within sigsegv handler

if not increment reg_rip, handle_sigsegv() called on , on again kernel until memory region becomes available reading or writing. run mprotect() specific address, has multiple caveats:

  • subsequent memory access not trigger sigsegv due memory region having prot_write ability. have tried create thread continuously marks region prot_none, not elude next point:
  • mprotect() will, @ end of day, perform read or write memory, invalidating use case of library.

writing device driver

i have attempted write device module such library can call mmap() on char device, driver handle reads , writes there. makes sense in theory, have not been able (or not have knowledge to) catch every load/store processor issues device. have attempted overwrite mapped vm_operations_struct and/or inode's address_space_operations struct, call reads/writes when page faulted or page flushed backing store.

perhaps use mmap() , mprotect(), explained above, on device writes data (similar /dev/null), have process recognizes reads/writes , routes data there (?).

utilize syscall() , provide restorer assembly function

the following pulled segvcatch project1 converts segfaults exceptions.

#define restore(name, syscall) restore2(name, syscall) #define restore2(name, syscall)\ asm(\     ".text\n"\     ".byte 0\n"\     ".align 16\n"\     "__" #name ":\n"\     "   movq $" #syscall ", %rax\n"\     "   syscall\n"\ ); restore(restore_rt, __nr_rt_sigreturn) void restore_rt(void) asm("__restore_rt") __attribute__ ((visibility("hidden")));  extern "c" {     struct kernel_sigaction {         void (*k_sa_sigaction)(int, siginfo_t *, void *);          unsigned long k_sa_flags;         void (*k_sa_restorer)(void);         sigset_t k_sa_mask;     };   }  // within main ... struct kernel_sigaction act; act.k_sa_sigaction = handle_sigegv; sigemptyset(&act.k_sa_mask); act.k_sa_flags = sa_siginfo|0x4000000; act.k_sa_restorer = restore_rt; syscall(sys_rt_sigaction, sigsegv, &act, null, _nsig / 8);

but ends functioning no different regular sigaction() configuration. if not set restorer function signal handler not called more once, when memory region still not available. perhaps there other trickery kernel signal here.

again, entire objective of library transparently handle reads , writes memory. perhaps there better way of doing things, maybe ptrace() or updating kernel code generates segfault signal, important part end-user's code not require changes. have seen examples using setjmp() , longjmp() continue after segfault, require adding calls every memory access. same goes converting segfault try/catch.

1 segvcatch project

you can use mprotect , avoid first problem note having sigsegv handler set t flag in flags register. then, add sigtrap handler restores mprotected memory , clears t flag.

the t flag causes processor single step, when segv handler returns execute single instruction, , trap.

this still leaves second problem -- read/write instruction occur. may able around problem modifying memory before and/or after instruction in 2 signal handlers...


Comments

Post a Comment

Popular posts from this blog

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops', ...
Read more

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null ...
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens ...
Read more