Allow mapped memory blocks to be marked NX

[cseagle]

At this point I can instrument and segregate instruction fetches from data reads. How would people like to receive this notification? New callback type? Overload the UC_HOOK_MEM_INVALID type to and UC_MEM_NX type code?

[aquynh]

yes lets temporarily use UC_HOOK_MEM_INVALID & UC_MEM_NX for now. will be be able to comment further when your code is out. thanks.

[radare]

NX is usually a global setting that is applied to the whole virtual machine. imho, as long as we are using uc_mem_* apis to allocate memory and use it, and the only way to allow code running in unicorn to allocate more memory is via syscalls (which needs to be emulated by the host code) i dont see much reason into marking the mem pages with this permission.

So, if we use normal RWX permission logic we can handle mprotect syscalls and restrict whatever W^X, NX or any other custom thing we want to handle. Also, malware and other magic software overlaps two memory maps on the same address, or concatenating them in order to have two maps at different virtual address with different permissions, but same physical address, and therefor bypassing those kernel page protection restrictions. Is this possible with the current uc_mem api?

Btw, qemu also supports configuring the MMU in assembly, how's that handled by unicorn?

[aquynh]

PR merged, thanks.