问题
I'm try to do some nasty hacky things with dynamically generated code, and I want the OS to send me a SIGILL when it reaches an unknown opcode. This would let me add a layer of meta-information about my program and so on.
However, for my little test program, it seems the OS is not sending the SIGILL, but rather sends either a SIGBUS, or a SIGSEGV. I'm guessing this means that the page in which the memory is located has an NX bit set on it.
Any tips on how to make memory executable?
For reference, here is my test program:
#include <stdio.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
void SIGILL_handler(int sig)
{
printf("Handling SIGILL\n");
}
typedef void(*FUNC)(void);
int main()
{
signal(SIGILL, SIGILL_handler);
int *bad = malloc(16);
memset(bad, 255, 16);
((FUNC)bad)();
printf("Returning like it's no big deal\n");
return 0;
}
回答1:
mprotect is your friend here. It is POSIX compatible (SVr4, POSIX.1-2001), so it should work under OS X and Linux.
int pagesize = sysconf(_SC_PAGE_SIZE);
if (pagesize == -1) {
perror("sysconf");
exit(1);
}
/* allocate 16 aligned pages */
void *bad = memalign(pagesize, 16 * pagesize);
if (NULL == bad) {
fprintf("aah, out of mem :-(\n");
exit(1);
}
if (-1 == mprotect(bad, 16 * pagesize, PROT_READ | PROT_WRITE | PROT_EXEC)) {
perror("mprotect");
exit(1);
}
should do it.
2nd edit: The compatibility of memalign seems not to be that easy. I'd try memalign, valloc under OS X and Linux and if neither work, just use regular malloc and add enough bytes to the returned pointer so that it is aligned :-).
回答2:
I realize this is old, but if anyone else is trying to force SIGILL generation then another alternative is to use inline assembly like the following:
asm(".byte 0x0f, 0x0b");
or
asm("ud2");
来源:https://stackoverflow.com/questions/9314270/how-do-i-force-a-sigill-to-be-sent-to-my-program