Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Loading MachineCode From File Into Memory and Executing in C -- mprotect Failing

Tags:

c

memory

machine-code

mprotect

Hi I'm trying to load raw machine code into memory and run it from within a C program, right now when the program executes it breaks when trying to run mprotect on the memory to make it executable. I'm also not entirely sure that if the memory does get set right it will execute. I am currently running this on Ubuntu Linux x86 (Maybe the problem is Ubuntu's over-protection?)

What I currently have is the following:

#include <memory.h>
#include <sys/mman.h>
#include <stdio.h>

int main ( int argc, char **argv )
{
 FILE *fp;
 int sz = 0;
 char *membuf;
 int output = 0;

 fp = fopen(argv[1],"rb");

 if(fp == NULL)
 {
  printf("Failed to open file, aborting!\n");
  exit(1);
 }

 fseek(fp, 0L, SEEK_END);
 sz = ftell(fp);
 fseek(fp, 0L, SEEK_SET);


 membuf = (char *)malloc(sz*sizeof(char));
 if(membuf == NULL)
 {
  printf("Failed to allocate memory, aborting!\n");
  exit(1);
 }

  memset(membuf, 0x90, sz*sizeof(char));

 if( mprotect(membuf, sz*sizeof(char), PROT_EXEC | PROT_READ | PROT_WRITE) == -1)
 {
  perror("mprotect");
  printf("mprotect failed!!! aborting!\n");
  exit(1);
 }



 if(!(fread(membuf, sz*sizeof(char), 1, fp)))
 {
  perror("fread");
  printf("Read failed, aborting!\n");
  exit(1);
 }
 __asm__
 ( 
  "call %%eax;"
  : "=a" (output)
       : "a" (membuf)
 );
 printf("Output = %x\n", output);

 return 0;
}

I do get the compiler warning:

/tmp/ccVnhHak.s: Assembler messages:
/tmp/ccVnhHak.s:107: Warning: indirect call without `*'

I've not gotten the program to reach this code yet so I am unable to see if my assembler code is doing what it should.

like image 515
ChartreuseKitsune Avatar asked Mar 13 '10 09:03

ChartreuseKitsune

2 Answers

Ok, here's the answer, according to our discussion in the comments :)

The memory region should be aligned to the system page size. posix_memalign() call is a right way to allocate memory in such case :)

like image 156
Roman Dmitrienko Avatar answered Nov 14 '22 22:11

Roman Dmitrienko

Add an 0xc3 (return instruction) after your 0x90 (noop) bytes. Your program might be crashing because it runs off the end of the NOOPs and either into uninitialized memory, who knows what lurks there, or into the end of the executable page. I can't really tell without looking at what's in the file you're loading.

BTW strace is very useful for these sorts of programs. It would have told you what the error in mprotect was.

like image 44
Bernd Jendrissek Avatar answered Nov 14 '22 23:11

Bernd Jendrissek
Sign in to Comment

Related questions

A C preprocessor macro to pack bitfields into a byte?
Eclipse CDT with Cygwin GCC: automatic discovery of symbols and paths
Alternatives to GCC's new atomic integer operations
How to read vfat attributes of files in Linux using C
How to subtract one audio wave from another?
Converting string containing localtime into UTC in C
C/C++ Copy file with automatic recursive folder/directory creation
How can I set options in SConstruct for C compiler depending on compiler type?
How to get the name and value of attributes from xml when using libxml2 sax parser?
enum string comparison
What happens to other thread when one thread get blocked?
C: creating array of strings from delimited source string
How to get the uncompressed size of an LZMA2 file (.xz / liblzma)
C format specifier
calling fdopen: Bad file descriptor
static memory vs heap memory?
c pointer to array of structs
What does—or did—"volatile void function( ... )" do?
Is it legal to call memcpy with zero length on a pointer just past the end of an array?
Pass va_list or pointer to va_list?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!