如何写一个信号处理器来捕获SIGSEGV? [英] How to write a signal handler to catch SIGSEGV?
问题描述
我想写一个信号处理器来捕获SIGSEGV。
我保护的内存读取的块或使用写
I want to write a signal handler to catch SIGSEGV. I protect a block of memory for read or write using
char *buffer;
char *p;
char a;
int pagesize = 4096;
mprotect(buffer,pagesize,PROT_NONE)
该保护的内存页面大小个字节的缓冲区开始对任何读写操作。
This protects pagesize bytes of memory starting at buffer against any reads or writes.
第二,我尝试读取内存:
Second, I try to read the memory:
p = buffer;
a = *p
这将产生一个SIGSEGV,我的处理程序将被调用。
到现在为止还挺好。我的问题是,一旦处理程序被调用时,我想通过这样来改变存储器的访问写
This will generate a SIGSEGV, and my handler will be called. So far so good. My problem is that, once the handler is called, I want to change the access write of the memory by doing
mprotect(buffer,pagesize,PROT_READ);
和继续我的code的正常运作。我并不想退出该功能。
在以后的写入相同的内存,我想再次捕捉到信号,并修改该写权限,然后记录该事件。
and continue normal functioning of my code. I do not want to exit the function. On future writes to the same memory, I want to catch the signal again and modify the write rights and then record that event.
下面是我的code:
#include <signal.h>
#include <stdio.h>
#include <malloc.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/mman.h>
#define handle_error(msg) \
do { perror(msg); exit(EXIT_FAILURE); } while (0)
char *buffer;
int flag=0;
static void handler(int sig, siginfo_t *si, void *unused)
{
printf("Got SIGSEGV at address: 0x%lx\n",(long) si->si_addr);
printf("Implements the handler only\n");
flag=1;
//exit(EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
char *p; char a;
int pagesize;
struct sigaction sa;
sa.sa_flags = SA_SIGINFO;
sigemptyset(&sa.sa_mask);
sa.sa_sigaction = handler;
if (sigaction(SIGSEGV, &sa, NULL) == -1)
handle_error("sigaction");
pagesize=4096;
/* Allocate a buffer aligned on a page boundary;
initial protection is PROT_READ | PROT_WRITE */
buffer = memalign(pagesize, 4 * pagesize);
if (buffer == NULL)
handle_error("memalign");
printf("Start of region: 0x%lx\n", (long) buffer);
printf("Start of region: 0x%lx\n", (long) buffer+pagesize);
printf("Start of region: 0x%lx\n", (long) buffer+2*pagesize);
printf("Start of region: 0x%lx\n", (long) buffer+3*pagesize);
//if (mprotect(buffer + pagesize * 0, pagesize,PROT_NONE) == -1)
if (mprotect(buffer + pagesize * 0, pagesize,PROT_NONE) == -1)
handle_error("mprotect");
//for (p = buffer ; ; )
if(flag==0)
{
p = buffer+pagesize/2;
printf("It comes here before reading memory\n");
a = *p; //trying to read the memory
printf("It comes here after reading memory\n");
}
else
{
if (mprotect(buffer + pagesize * 0, pagesize,PROT_READ) == -1)
handle_error("mprotect");
a = *p;
printf("Now i can read the memory\n");
}
/* for (p = buffer;p<=buffer+4*pagesize ;p++ )
{
//a = *(p);
*(p) = 'a';
printf("Writing at address %p\n",p);
}*/
printf("Loop completed\n"); /* Should never happen */
exit(EXIT_SUCCESS);
}
问题是,只有信号处理程序运行,并捕获信号后,我无法返回到主功能。
The problem is that only the signal handler runs and I can't return to the main function after catching the signal.
推荐答案
在信号处理程序返回(假设它不调用exit或longjmp的或者一些prevents它实际上返回),在code将继续发生的信号点,重新执行相同的指令。因为在这一点上,内存保护一直没有改变,它只会再次抛出信号,你会回来的信号处理程序在一个无限循环。
When your signal handler returns (assuming it doesn't call exit or longjmp or something that prevents it from actually returning), the code will continue at the point the signal occurred, reexecuting the same instruction. Since at this point, the memory protection has not been changed, it will just throw the signal again, and you'll be back in your signal handler in an infinite loop.
所以,使其工作,你必须调用mprotect的在信号处理程序。不幸的是,史蒂芬Schansker指出,mprotect的不是异步安全的,所以你不能安全地从信号处理程序调用它。因此,就POSIX而言,你就完了。
So to make it work, you have to call mprotect in the signal handler. Unfortunately, as Steven Schansker notes, mprotect is not async-safe, so you can't safely call it from the signal handler. So, as far as POSIX is concerned, you're screwed.
幸运的是在大多数实现(所有的UNIX和Linux据我所知变种),则mprotect是一个系统调用,因此是安全的,从信号处理程序中调用,所以你可以做你想要什么。问题是,如果你想改变的保护读回来后,你必须做的,在读取之后主程序。
Fortunately on most implementations (all modern UNIX and Linux variants as far as I know), mprotect is a system call, so is safe to call from within a signal handler, so you can do most of what you want. The problem is that if you want to change the protections back after the read, you'll have to do that in the main program after the read.
另一种可能是做一些与第三个参数信号处理程序,这点在操作系统和拱包含有关发生信号,其中信息的具体结构。在Linux上,这是一个的 ucontext 的结构,其中包含有关$ PC地址和其它寄存器的内容发生了信号,其中机器特定的信息。如果修改此,您可以更改其信号处理程序将返回,这样你就可以改变$电脑只是错误指令之后,所以它不会处理程序返回之后重新执行。这是非常棘手得到正确的(和非便携式太)。
Another possibility is to do something with the third argument to the signal handler, which points at an OS and arch specific structure that contains info about where the signal occurred. On Linux, this is a ucontext structure, which contains machine-specific info about the $PC address and other register contents where the signal occurred. If you modify this, you change where the signal handler will return to, so you can change the $PC to be just after the faulting instruction so it won't re-execute after the handler returns. This is very tricky to get right (and non-portable too).
修改
的 ucontext 结构在中所定义; ucontext.h&GT; 。在 ucontext 字段 uc_mcontext 包含计算机的背景下,并在是的,数组 gregs 包含通用寄存器上下文。因此,在信号处理程序:
The ucontext structure is defined in <ucontext.h>. Within the ucontext the field uc_mcontext contains the machine context, and within that, the array gregs contains the general register context. So in your signal handler:
ucontext *u = (ucontext *)unused;
unsigned char *pc = (unsigned char *)u->uc_mcontext.gregs[REG_RIP];
会给你发生异常的PC。可以读取它找出它的指令
是故障,并做不同的事情。
will give you the pc where the exception occurred. You can read it to figure out what instruction it was that faulted, and do something different.
至于在信号处理函数调用的mprotect的便携性而言,后面无论是SVID规范或规范BSD4应该是安全的任何系统 - 它们允许调用任何系统调用(任何在手册的第2节)在信号处理程序。
As far as the portability of calling mprotect in the signal handler is concerned, any system that follows either the SVID spec or the BSD4 spec should be safe -- they allow calling any system call (anything in section 2 of the manual) in a signal handler.
这篇关于如何写一个信号处理器来捕获SIGSEGV?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
