libc的指针加密问题 [英] Questions on libc's pointer encryption

问题描述

glibc 和 eglibc 有一个 PTR_MANGLE，它加密可写内存中的指针(更准确地说，是XOR"而不是encrypt").

glibc and eglibc have a PTR_MANGLE, which encrypts pointers in writable memory (more correctly, 'XOR' rather than 'encrypt').

我没有找到太多关于该功能的阅读资料.man -k PTR_MANGLE 没有返回任何命中，而 Google 正在返回一些表面的喋喋不休.为数不多的权威文章之一是 Drepper 在 Live Journal 上的指针加密.

I'm not finding much reading on the feature. man -k PTR_MANGLE returns no hits, and Google is returning some superficial chatter. One of the few definitive articles is Drepper's Pointer Encryption on Live Journal.

有没有关于它的深入文档?是否可以扩展到用户空间进程中，还是仅限于运行时库?如果是这样，启用该功能的编译器开关或选项是什么?可以在运行时禁用该功能吗?

Is there any in-depth documentation on it? Can it be extended into the user space process, or is it limited to the runtime library? If so, what is the compiler switch or option to enable the feature? Can the feature be disabled in the runtime?

推荐答案

PTR_MANGLE 是 glibc 中的一个内部特性，建立在宏上.它不是由编译器以任何方式自动化的.你可以在你的应用程序中复制同样的东西，但你也必须手动完成；它的工作原理类似于:

PTR_MANGLE is an internal feature in glibc, built on macros. It's not automated by the compiler in any way. You could duplicate the same thing in your applications, but you'd also have to do it manually; it works something like:

uintptr_t xor_key; // needs to be initialized with random "key" before use
#define PTR_MANGLE(p) (1 ? (void *)((uintptr_t)(p) ^ xor_key) : p)

这可能与glibc的实现完全不同；我好久没有看它了，只是把它写在了我的头上.条件运算符看似无用的用途是强制结果表达式与原始指针具有相同的类型，以便可以直接使用.

This may be completely different from the glibc implementation; I haven't looked at it in a long time and just wrote this off the top of my head. The seemingly useless use of the conditional operator is to force the resulting expression to have the same type as the original pointer so it can be used directly.

注意操作是它自己的逆，所以PTR_MANGLE可以用于加密"和解密".

Note that the operation is its own inverse, so PTR_MANGLE can be used for both "encryption" and "decryption".

这篇关于libc的指针加密问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！