-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow mapped memory blocks to be marked NX #68
Comments
yes lets temporarily use UC_HOOK_MEM_INVALID & UC_MEM_NX for now. will be be able to comment further when your code is out. thanks. |
NX is usually a global setting that is applied to the whole virtual machine. imho, as long as we are using uc_mem_* apis to allocate memory and use it, and the only way to allow code running in unicorn to allocate more memory is via syscalls (which needs to be emulated by the host code) i dont see much reason into marking the mem pages with this permission. So, if we use normal RWX permission logic we can handle mprotect syscalls and restrict whatever W^X, NX or any other custom thing we want to handle. Also, malware and other magic software overlaps two memory maps on the same address, or concatenating them in order to have two maps at different virtual address with different permissions, but same physical address, and therefor bypassing those kernel page protection restrictions. Is this possible with the current uc_mem api? Btw, qemu also supports configuring the MMU in assembly, how's that handled by unicorn? |
PR merged, thanks. |
At this point I can instrument and segregate instruction fetches from data reads. How would people like to receive this notification? New callback type? Overload the UC_HOOK_MEM_INVALID type to and UC_MEM_NX type code?
The text was updated successfully, but these errors were encountered: