难道还有比分析的/ proc /自/图找出内存保护更好的办法？ [英] Is there a better way than parsing /proc/self/maps to figure out memory protection?

问题描述

在Linux（或Solaris）有比手更好的方式解析的/ proc /自/图反复找出你是否可以读，写或执行任何被存储在一个或多个地址在存储器

On Linux (or Solaris) is there a better way than hand parsing /proc/self/maps repeatedly to figure out whether or not you can read, write or execute whatever is stored at one or more addresses in memory?

例如，在Windows中，有 VirtualQuery来。

For instance, in Windows you have VirtualQuery.

在Linux中，我能则mprotect 来改变这些值，但我看不懂他们回来。

In Linux, I can mprotect to change those values, but I can't read them back.

此外，有没有办法知道什么时候这些权限更改（例如，当有人使用 MMAP 在我背后的文件）不是做一些可怕的侵入，并使用<其它code> ptrace的在进程中的所有线程和拦截任何企图使一个系统调用，可能会影响内存映射？

Furthermore, is there any way to know when those permissions change (e.g. when someone uses mmap on a file behind my back) other than doing something terribly invasive and using ptrace on all threads in the process and intercepting any attempt to make a syscall that could affect the memory map?

更新：

不幸的是，我用这一点，有大约code正在执行得到的东西是不变的近似值的信息非常少一个JIT内。是的，我知道我可以有可变恒定的数据地图，就像Linux中使用的vsyscall页面。我的可以的安全依傍一个假设，即未包含在初始解析什么是可变的和危险的，但我不使用该选项完全满意。

Unfortunately, I'm using this inside of a JIT that has very little information about the code it is executing to get an approximation of what is constant. Yes, I realize I could have a constant map of mutable data, like the vsyscall page used by Linux. I can safely fall back on an assumption that anything that isn't included in the initial parse is mutable and dangerous, but I'm not entirely happy with that option.

现在我要做的就是我读的/ proc /自/图，并建立一个结构，我可以通过一个给定的地址的保护二进制搜索。任何时候，我需要知道一些关于页面，是不是在我的结构我重读的/ proc /自/图假定它在此期间被添加或我即将反正段错误。

Right now what I do is I read /proc/self/maps and build a structure I can binary search through for a given address's protection. Any time I need to know something about a page that isn't in my structure I reread /proc/self/maps assuming it has been added in the meantime or I'd be about to segfault anyways.

这似乎只是解析文本得到这方面的信息，不知道当它改变的是不亦乐乎这些混沌。 （的/ dev / inotify的在pretty不起作用任何东西的/ proc ）

It just seems that parsing text to get at this information and not knowing when it changes is awfully crufty. (/dev/inotify doesn't work on pretty much anything in /proc)

推荐答案

我不知道 VirtualQuery来在Linux上等效。但一些其他的方式来做到这一点可能会或可能不会工作是：

I do not know an equivalent of VirtualQuery on Linux. But some other ways to do it which may or may not work are:

• 您设置一个信号处理程序捕捉SIGBUS / SIGSEGV和你读继续或写。如果内存是受保护的，你的信号捕获$ ​​C $ C将被调用。如果不是你的信号捕获$ ​​C $ C不叫。你赢无论哪种方式。

• you setup a signal handler trapping SIGBUS/SIGSEGV and go ahead with your read or write. If the memory is protected, your signal trapping code will be called. If not your signal trapping code is not called. Either way you win.

你可以在每次调用则mprotect 时间跟踪，并建立相应的数据结构，它可以帮助你，如果区域读或写保护未可知。这是好事，如果你有所有使用则mprotect 的code访问。

you could track each time you call mprotect and build a corresponding data structure which helps you in knowing if a region is read or write protected. This is good if you have access to all the code which uses mprotect.

您可以监控所有的则mprotect 通过与库链接你的code重新定义函数则mprotect <你的进程调用/ code>。然后，您可以建立必要的数据结构，如果一个区域读或写保护，然后调用系统则mprotect 为真的设定的保护认识。

you can monitor all the mprotect calls in your process by linking your code with a library redefining the function mprotect. You can then build the necessary data structure for knowing if a region is read or write protected and then call the system mprotect for really setting the protection.

您可以尝试使用的/ dev / inotify的和监控文件的/ proc /自/图对于任何变化。我想这个是不行的，而应该是值得尝试。

you may try to use /dev/inotify and monitor the file /proc/self/maps for any change. I guess this one does not work, but should be worth the try.

这篇关于难道还有比分析的/ proc /自/图找出内存保护更好的办法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！