mach_header 64位和__PAGEZERO段64位 [英] mach_header 64bit and __PAGEZERO segment 64bit

问题描述

const struct mach_header *mach = _dyld_get_image_header(0);
struct load_command *lc;
struct segment_command_64 *sc64;
struct segment_command *sc;

if (mach->magic == MH_MAGIC_64) {
    lc = (struct load_command *)((unsigned char *)mach + sizeof(struct mach_header_64));
    printf("[+] detected 64bit ARM binary in memory.\n");
} else {
    lc = (struct load_command *)((unsigned char *)mach + sizeof(struct mach_header));
    printf("[+] detected 32bit ARM binary in memory.\n");
}

for (int i = 0; i < mach->ncmds; i++) {

    if (lc->cmd == LC_SEGMENT) {
        sc = (struct segment_command *)lc;
        NSLog(@"32Bit: %s (%x - 0x%x)",sc->segname,sc->vmaddr,sc->vmsize);
    } else if (lc->cmd == LC_SEGMENT_64) {
        sc64 = (struct segment_command_64 *)lc;
        NSLog(@"64Bit: %s (%llx - 0x%llx)",sc64->segname,sc64->vmaddr,sc64->vmsize);
    }
    lc = (struct load_command *)((unsigned char *)lc+lc->cmdsize);
}

当我在32位运行此code，我得到正常的输出：

When I run this code in 32Bit I get normal outputs:

__PAGEZERO (0 - 0x1000) 
But on 64Bit: __PAGEZERO (0 - 0x100000000) 

__ PAGEZERO从0x1000中的大小会超过0x100000000 ，有没有会出现这种情况？

__PAGEZERO goes from 0x1000 to over 0x100000000 in size, is there any fix for it or any solution why this occurs?

推荐答案

在64位架构使大 __ PAGEZERO 使得一大堆的道理。 64位系统的地址范围，即使在高16位截掉那样的x86_64的，允许对大量的内存（x86_64的的48位地址空间是存储器地址空间256TB）。极有可能，这将在未来的某个时刻被认为是小，但现在，最大的服务器具有1-4TB，所以有足够的成长空间，多的普通机器有16-32GB。

Making a big __PAGEZERO in a 64-bit architecture makes a whole lot of sense. The address range of a 64-bit system, even when the upper 16 bits are "cropped off" like that of x86_64, allows for a huge amount of memory (the 48-bit address space of x86_64 is 256TB of memory address space). It is highly likely that this will be thought of as "small" at some point in the future, but right now, the biggest servers have 1-4TB, so there's plenty of room to grow, and more ordinary machines have 16-32GB.

还请注意，没有内存实际占用。它只是保留的虚拟空间（即，它永远不会被使用）。它占用了绝对的零资源，因为它不是在页表映射，它不存在物理。这只是文件，该文件指示loader保留这个空间，它永远不会被使用在一个条目，从而保障。这部分的实际的数据的大小为零，因为，再次，实际上什么也没有，只是一个确保不使用这个的。所以，你的实际文件大小也不会，如果这部分改变大小的放大或缩小。这将是一个几个字节较小（该部分描述的大小），如果根本不存在的。但是，这真的是唯一它将使任何差别。

Note also that no memory is actually OCCUPIED. It's just "reserved virtual space" (that is, "it will never be used"). It takes up absolutely zero resources, because it's not mapped in the page-table, it's not there physically. It's just an entry in the file, which tells the loader to reserve this space to it can never be used, and thus "safeguarded". The actual "data" of this section is zero in size, since, again, there's actually nothing there, just a "make sure this is not used". So your actual file size won't be any larger or smaller if this section is changed in size. It would be a few bytes smaller (the size of the section description) if it didn't exist at all. But that's really the only what it would make any difference at all.

在的__ PAGEZERO 的目的是捕捉空指针引用。通过在存储器的开头保留一个大的内存部分，通过一个空指针的任何访问都会被捕获并申请中止。在32位架构，是这样的：

The purpose of a __PAGEZERO is to catch NULL pointer dereferences. By reserving a large section of memory at the beginning of memory, any access through a NULL pointer will be caught and the application aborted. In a 32-bit architecture, something like:

int *p = NULL;
int x = p[0x100000]; 

有可能成功，因为的0x400000（4MB）的code-空间开始（尝试写这样一个位置，很可能会崩溃，但读数将工作 - 假设的过程中，code-空间实际上从那里开始，而不是别的地方的地址范围。

is likely to succeed, because at 0x400000 (4MB) the code-space starts (trying to write to such a location is likely to crash, but reading will work - assuming of course the code-space actually starts there and not someplace else in the address range.

编辑：

这presentation 显示，ARM，最新的进入者64位处理器sapce，还使用48位的虚拟地址空间，并强制规范地址（高16位需要全部是相同的值），所以它可以在将来进行扩展。换句话说，在一个64位的ARM处理器中可用的虚拟空间也256TB。

This presentation shows that ARM, the latest entrant into the 64-bit processor sapce, is also using 48-bit virtual address space, and enforces canonical addresses (top 16 bits need to all be the same value) so it can be expanded in the future. In other words, the virtual space available on a 64-bit ARM processor is also 256TB.

这篇关于mach_header 64位和__PAGEZERO段64位的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！