Beispiel #1
0
func (p *Program) Seal() (err error) {
	if p.Text != nil {
		err = syscall.Mprotect(p.Text, syscall.PROT_EXEC)
		if err != nil {
			return
		}
	}

	if p.ROData != nil {
		err = syscall.Mprotect(p.ROData, syscall.PROT_READ)
		if err != nil {
			return
		}
	}

	return
}
Beispiel #2
0
func callPayload(payload []byte) {
	payload = prepPayload(payload)

	// dissable NX
	err := syscall.Mprotect(payload, 0x04) // PROT_EXEC
	if err != nil {
		log.Fatal(err)
	}

	// call
	caller((uintptr)(unsafe.Pointer(&payload[0])))
}
Beispiel #3
0
func TestOutOfBoundsRead(t *testing.T) {
	const pageSize = 4 << 10
	data, err := syscall.Mmap(0, 0, 2*pageSize, syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_ANON|syscall.MAP_PRIVATE)
	if err != nil {
		panic(err)
	}
	if err := syscall.Mprotect(data[pageSize:], syscall.PROT_NONE); err != nil {
		panic(err)
	}
	for i := 0; i < pageSize; i++ {
		sha1.Sum(data[pageSize-i : pageSize])
	}
}
Beispiel #4
0
func TestEqualNearPageBoundary(t *testing.T) {
	pagesize := syscall.Getpagesize()
	b := make([]byte, 4*pagesize)
	i := pagesize
	for ; uintptr(unsafe.Pointer(&b[i]))%uintptr(pagesize) != 0; i++ {
	}
	syscall.Mprotect(b[i-pagesize:i], 0)
	syscall.Mprotect(b[i+pagesize:i+2*pagesize], 0)
	defer syscall.Mprotect(b[i-pagesize:i], syscall.PROT_READ|syscall.PROT_WRITE)
	defer syscall.Mprotect(b[i+pagesize:i+2*pagesize], syscall.PROT_READ|syscall.PROT_WRITE)

	// both of these should fault
	//pagesize += int(b[i-1])
	//pagesize += int(b[i+pagesize])

	for j := 0; j < pagesize; j++ {
		b[i+j] = 'A'
	}
	for j := 0; j <= pagesize; j++ {
		Equal(b[i:i+j], b[i+pagesize-j:i+pagesize])
		Equal(b[i+pagesize-j:i+pagesize], b[i:i+j])
	}
}
Beispiel #5
0
func TestCmd_StartSecondMprotectError(t *testing.T) {
	// Replace the syscallMprotect pointer with a function that always errors.
	count := 0
	defer func() { syscallMprotect = syscall.Mprotect }()
	syscallMprotect = func(data []byte, i int) error {
		count++
		if count == 2 {
			return fmt.Errorf("expected error")
		} else {
			return syscall.Mprotect(data, i)
		}
	}

	cmd := Command(trueBin)
	if err := cmd.Start(); err == nil {
		t.Fatalf("Expected error not returned.")
	} else if err.Error() != "expected error" {
		t.Fatalf("Wrong error returned: %s", err)
	}
}
Beispiel #6
0
func main() {
	// Allocate 2 pages of memory.
	b, err := syscall.Mmap(-1, 0, 2*p, syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_ANON|syscall.MAP_PRIVATE)
	if err != nil {
		panic(err)
	}
	// Mark the second page as faulting.
	err = syscall.Mprotect(b[p:], syscall.PROT_NONE)
	if err != nil {
		panic(err)
	}
	// Get a slice pointing to the last byte of the good page.
	x := b[p-one : p]

	test16(x)
	test16i(x, 0)
	test32(x)
	test32i(x, 0)
	test64(x)
	test64i(x, 0)
}
Beispiel #7
0
// Change the protect mode of the mmap.
func (m Mmap) Protect(prot int) error {
	return syscall.Mprotect(m, prot)
}