修改程序文本时,ptrace POKETEXT如何工作? [英] How does ptrace POKETEXT works when modifying program text?
问题描述
它是否绕过被跟踪进程的只读页面权限?还是需要暂时将权限更改为可写状态?如果是这样,对跟踪的进程是否可以看到权限更改?
Does it bypass read only page permissions of the traced process? Or does it need to change permission temporarily to be writable? If that's the case is the permission change visible to the traced process?
推荐答案
查看内核源,x86 使用通用(而不是特定于架构的)ptrace 请求函数.
Looking at the kernel sources, x86 uses the generic (as opposed to arch-specific) ptrace request functions.
实际更改由 mm/memory.c:__ access_remote_vm(),它使用
The actual changes are done by mm/memory.c:__access_remote_vm(), which uses mm/gup.c:get_user_pages_remote() to obtain the kernel mapping for the target page, followed by kmap(page), copy_to_user_pages(), set_page_dirty_lock(), kunmap(page), and put_page(page).
对实际操作的简单描述是,包含代码的目标进程内存是通过内核映射来访问(修改)的.目标进程和内核之间的虚拟内存窗口"或屏障"而不是通过用户空间进程可见的映射.
The simple description of what is actually done, is that the target process memory containing the code is accessed (modified) thorough the kernel mapping — the virtual memory "window" or "barrier" between the target process and the kernel — and not through the mappings visible to user-space processes.
基于上述内容,我们可以回答以下问题:
Based on the above, we can answer the stated questions:
PTRACE_POKETEXT是否绕过被跟踪进程的只读页面权限?
Does
PTRACE_POKETEXTbypass read only page permissions of the traced process?
是的.内核为此不使用用户空间进程可见的页面保护机制.它使用自己的内部映射.
Yes. The kernel does not use the page protection mechanisms visible to userspace processes for this; it uses its own internal mappings.
还是需要暂时将权限更改为可写状态?
Or does it need to change permission temporarily to be writable?
不,不是.
请注意,除了用户空间内存中更改的数据(以及可能的页面是否由可执行文件支持),以及任何内核或硬件错误之外,内核,何时以及如何使用其自己的映射都可能存在对用户空间进程是不可见的和不可检测的.
Note that except for the changed data in the userspace memory (and possibly whether the pages are backed by an executable file or not), and for any kernel or hardware bugs there might be, when and how the kernel uses its own mappings is invisible and undetectable to userspace processes.
这篇关于修改程序文本时,ptrace POKETEXT如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
