Skip to content
Permalink
Browse files

Fix a bug in bytePatch which can cause a crash

More detail:
If you have a location at the very end of a page, and it would go onto a new memory page, it would crash because we didn't make the second page RWX.

We now make all pages between start and end of patch RWX, to prevent this from happening ever again
  • Loading branch information...
BenCat07 committed Sep 28, 2019
1 parent 3782c66 commit 8f0465e201374496cc46f051a882c3e34c895c88
Showing with 23 additions and 8 deletions.
  1. +23 −8 include/bytepatch.hpp
@@ -11,6 +11,7 @@ class BytePatch
size_t size;
std::vector<unsigned char> patch_bytes;
std::vector<unsigned char> original;
bool patched{ false };

public:
~BytePatch()
@@ -45,16 +46,30 @@ class BytePatch

void Patch()
{
void *page = (void *) ((uint64_t) addr & ~0xFFF);
logging::Info("mprotect: %d", mprotect(page, 0xFFF, PROT_READ | PROT_WRITE | PROT_EXEC));
memcpy(addr, &patch_bytes[0], size);
logging::Info("mprotect reverse: %d", mprotect(page, 0xFFF, PROT_EXEC));
if (!patched)
{
void *page = (void *) ((uint64_t) addr & ~0xFFF);
void *end_page = (void *) (((uint64_t)(addr) + size) & ~0xFFF);
uintptr_t mprot_len = (uint64_t) end_page - (uint64_t) page + 0xFFF;

logging::Info("mprotect: %d", mprotect(page, mprot_len, PROT_READ | PROT_WRITE | PROT_EXEC));
memcpy(addr, &patch_bytes[0], size);
logging::Info("mprotect reverse: %d", mprotect(page, mprot_len, PROT_EXEC));
patched = true;
}
}
void Shutdown()
{
void *page = (void *) ((uint64_t) addr & ~0xFFF);
logging::Info("mprotect: %d", mprotect(page, 0xFFF, PROT_READ | PROT_WRITE | PROT_EXEC));
memcpy(addr, &original[0], size);
logging::Info("mprotect reverse: %d", mprotect(page, 0xFFF, PROT_EXEC));
if (patched)
{
void *page = (void *) ((uint64_t) addr & ~0xFFF);
void *end_page = (void *) (((uint64_t)(addr) + size) & ~0xFFF);
uintptr_t mprot_len = (uint64_t) end_page - (uint64_t) page + 0xFFF;

logging::Info("mprotect: %d", mprotect(page, mprot_len, PROT_READ | PROT_WRITE | PROT_EXEC));
memcpy(addr, &original[0], size);
logging::Info("mprotect reverse: %d", mprotect(page, mprot_len, PROT_EXEC));
patched = false;
}
}
};

0 comments on commit 8f0465e

Please sign in to comment.
You can’t perform that action at this time.