Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write memory #41

Merged
merged 13 commits into from Aug 23, 2020
Merged

Write memory #41

merged 13 commits into from Aug 23, 2020

Conversation

nbaksalyar
Copy link
Member

@nbaksalyar nbaksalyar commented Jul 24, 2020
edited

Implements #7

  • Write memory using process_vm_write on Linux.
  • Write memory using ptrace on Linux.
  • Automatically choose mem write strategy on Linux.
  • Write memory using mach_vm_write on macOS.
  • Add tests for writing to write-protected pages.

@nbaksalyar nbaksalyar changed the title Write memory Write memory [WIP] Jul 24, 2020
bjorn3
bjorn3 reviewed Jul 24, 2020
View reviewed changes
src/target/linux/mod.rs Outdated Show resolved Hide resolved
bjorn3
bjorn3 reviewed Jul 27, 2020
View reviewed changes
src/target/linux/writemem.rs Outdated
}

/// Executes the memory write operation.
pub unsafe fn apply(self) -> Result<(), Box<dyn std::error::Error>> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is safe as it can only crash the remote process, right?

@JJendryka
Copy link
Contributor

I can help with adding test for writing to write-protected pages if you want?

@nbaksalyar
Copy link
Member Author

I can help with adding test for writing to write-protected pages if you want?

No worries, I should finish this today. :) Thanks!

@JJendryka JJendryka mentioned this pull request Aug 4, 2020
Merged
2 tasks
@nbaksalyar nbaksalyar mentioned this pull request Aug 7, 2020
Merged
@nbaksalyar nbaksalyar mentioned this pull request Aug 17, 2020
Closed
nbaksalyar and others added 9 commits August 19, 2020 00:17
@nbaksalyar
Implement basic memory write routines
4ca05a1
@nbaksalyar @bjorn3
Apply suggestions from code review
144d89d 
- Use immutable ref for lifetime invariance in WriteMemory
- Allow to pass slices to write

Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>
@nbaksalyar
Implement ptrace memory writer for Linux targets
dab293c
@nbaksalyar @bjorn3
Address code review points
1e19c33 
- Use ptr::read_volatile for volatile read operations
- Simpler capacity calc expression

Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>
@nbaksalyar
Move target::macos::ReadMemory into separate module
446e7c2
@nbaksalyar
Add naive WriteMemory impl for macOS
6821c24
@nbaksalyar @bjorn3
Add private documentation
37308a5 
Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>
@nbaksalyar
Split memory write operations on Linux
0bae8e0 
Memory write operations are split into those which are applicable
to memory pages which are writable, and those which need to resort to ptrace for
writing to write-protected memory pages.
@nbaksalyar
Unify memory operations
ee64b1e 
Use a single type for both writing and reading memory instead of a trait.
This approach simplifies generic memory operations (like splitting memory ops
based on page permissions or splitting memory ops on page boundary), while
still leaving place for introducing write- or read- specific functions in the
future.

This commit also changes the approach used for splitting write operations into
word-sized groups. Instead of allocating a new vector, we now use a custom iterator.
This should reduce a number of unnecessary allocations.

Finally, this commit also introduces a delay before reading written values in
ptrace writing tests.
@nbaksalyar
Add WriteMem::write_slice function
01545fa 
- Add `LinuxTarget::write()`
- Also make `WriteMem::apply` safe as it operates only on the debuggee process.
@nbaksalyar nbaksalyar changed the title Write memory [WIP] Write memory Aug 22, 2020
bjorn3
bjorn3 requested changes Aug 22, 2020
View reviewed changes
src/target/linux/memory.rs Outdated Show resolved Hide resolved
src/target/linux/memory.rs Outdated Show resolved Hide resolved
src/target/linux/writemem.rs Outdated Show resolved Hide resolved
src/target/linux/writemem.rs Outdated Show resolved Hide resolved
src/target/linux/writemem.rs Outdated Show resolved Hide resolved
src/target/macos/writemem.rs Outdated Show resolved Hide resolved
src/target/macos/writemem.rs Outdated Show resolved Hide resolved
@nbaksalyar @bjorn3
Address review comments - improve docs, API uniformity
80c2ee8 
- Reduce `linux::MemoryOp` visibility to `pub(crate)`
- Improve doc comments.
- Make macOS `WriteMem` conforming to Linux API.

Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>
@nbaksalyar
Copy link
Member Author

nbaksalyar commented Aug 22, 2020
edited

Hmm, writemem tests fail sporadically. This seems to be caused by fork deadlock (pthread_cond_wait originating in LinuxTarget::memory_maps -> procfs -> lazy_static). I'm fixing this.

Edit:
This is caused by std::sync::Once being fork-unsafe, ref: rust-lang/rust#43448

@nbaksalyar
Fix fork & lazy_static erroneous behaviour
93cd4c1 
lazy_static can fail if it's used in a forked process, so this commit uses
an explicit apply_ptrace() instead of reading debuggee memory maps and determining
what memory write operation to use.
This is a temporary workaround until we find a better approach.
@nbaksalyar
Copy link
Member Author

This is caused by std::sync::Once being fork-unsafe

It looks like there's no quick fix for this. I've used a workaround - the test that was failing now uses an explicit apply_ptrace() instead of reading memory maps to determine which memory write operation to use. This is a bit fragile though, and we should keep an eye on this. Probably, a better long-term solution would be not to rely on fork for tests.

@bjorn3 bjorn3 merged commit 8222149 into headcrab-rs:master Aug 23, 2020
@nbaksalyar nbaksalyar deleted the writemem branch August 23, 2020 11:15
@nbaksalyar nbaksalyar mentioned this pull request Aug 23, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjorn3 bjorn3 bjorn3 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nbaksalyar @JJendryka @bjorn3