Issue
I basically want to emulate memory by catching SIGSEGV
to specific locations. These locations will be zero-permission-mapped using mmap()
. Performance is something that doesn't matter too much as it's just an experiment. I figured out how to figure out the memory location accessed in the handler, but I am stuck trying to actually figure out weather a read of a write has happened and how do simulate a successful read with fake data or how to simulate a successful write, intercepting the data written.
Can you give me any tips, or other approaches (maybe something that hasn't got anything to do with signals at all) to this problem?
I wish there was more to find about this on the wide internet, guess nobody had this kind of stupid idea before lol
Thanks
Solution
I am not sure I understand what you mean by simulate. There is much more unknowns - the width of access, side effects, etc. In any case, if you would find all the missing pieces, what you are going to do next?
If you simply simulate an access, and return from the handler, the CPU will rerun the faulty instruction, and guess what? - it will immediately segfault again.
Now opening a can of worms.
You may try to
- find what the instruction pointer in
ucontext
points to - decode the pointed instruction, simulate it the way you want (tricky)
- keeping in mind that the instruction may have side effects (like setting/clearing flags, or modifying registers)
- figure out what the nex instruction would be (doubleplustricky)
- doctor
ucontext
appropriately - and return from the handler.
I am sure there will be too many corner cases.
Now opening another can of worms
Another approach, a more debugger-like, is to implement a single-step handler. In a segfault handler
- back up the protected area, and prepare it for a read
- remove the protection
- enable a single-step flag in
ucontext
- get ready to handle the single-step exception
- return
and in a single-step handler
- compare the protected area with a back-up. If they are different, it was a write access; do what is deem necessary
- restore the protection
- return
Answered By - user58697 Answer Checked By - Marilyn (WPSolving Volunteer)