data-execution-prevention

Linux equivalent for VirtualProtectEx?

阅读更多关于 Linux equivalent for VirtualProtectEx?

问题 I am doing some simple JITing, and use VirtualProtectEx under Windows to mark pages as executable. What would be the equivalent of that under Linux, and preferably, other POSIX/Unix-like OSes too? 回答1: You are looking for mprotect and probably also mmap. Note that, unlike with Windows, there is no way for process A to change process B's memory map (short of horrible tricks with ptrace). 来源： https://stackoverflow.com/questions/3800762/linux-equivalent-for-virtualprotectex

Cannot execute function JITed by LLVM

阅读更多关于 Cannot execute function JITed by LLVM

问题 Using LLVM-5.0 I implemented a minimal testcase that creates assembly for a function returning the 32bit integer "42" at runtime and executes it. Using llvm::ExecutionEngine I was able to generate the following code at runtime (displayed with gdb): 0x7ffff7ff5000 mov $0x2a,%eax 0x7ffff7ff5005 retq Calling the function yields Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7ff5000 in ?? () My working theory is that the memory page LLVM wrote the code on is not executable. Is

why can't Javascript shellcode exploits be fixed via “data execution prevention”?

阅读更多关于 why can't Javascript shellcode exploits be fixed via “data execution prevention”?

问题 The "heap spraying" wikipedia article suggests that many javascript exploits involve positioning a shellcode somewhere in the script's executable code or data space memory and then having interpreter jump there and execute it. What I don't understand is, why can't the interpreter's entire heap be marked as "data" so that interpreter would be prevented from executing the shellcode by DEP? Meanwhile the execution of javascript derived bytecode would be done by virtual machine that would not

why can't Javascript shellcode exploits be fixed via “data execution prevention”?

阅读更多关于 why can't Javascript shellcode exploits be fixed via “data execution prevention”?

The "heap spraying" wikipedia article suggests that many javascript exploits involve positioning a shellcode somewhere in the script's executable code or data space memory and then having interpreter jump there and execute it. What I don't understand is, why can't the interpreter's entire heap be marked as "data" so that interpreter would be prevented from executing the shellcode by DEP? Meanwhile the execution of javascript derived bytecode would be done by virtual machine that would not allow it to modify memory belonging to the interpreter (this wouldn't work on V8 that seems to execute

How do I enable DEP or ASLR for my .NET application?

阅读更多关于 How do I enable DEP or ASLR for my .NET application?

I'm writing my program in VS2010 and the build target is .NET 4. I believe that the DEP compatibility flag is on by default. Is that true? Is .NET also compatible by default with ASLR , and is ASLR turned on by default for my process, or do I have to request it at runtime? Yes, the NXCOMPAT flag is turned on by the standard .NET language compilers since .NET 2.0 SP1. ASLR is essentially automatic in .NET programs by virtue of the JIT compiler. Where it will place the JIT compiled machine code is unpredictable. Albeit that it will likely be repeatable on the exact same machine with the exact

How do I enable DEP or ASLR for my .NET application?

阅读更多关于 How do I enable DEP or ASLR for my .NET application?

问题 I'm writing my program in VS2010 and the build target is .NET 4. I believe that the DEP compatibility flag is on by default. Is that true? Is .NET also compatible by default with ASLR, and is ASLR turned on by default for my process, or do I have to request it at runtime? 回答1: Yes, the NXCOMPAT flag is turned on by the standard .NET language compilers since .NET 2.0 SP1. ASLR is essentially automatic in .NET programs by virtue of the JIT compiler. Where it will place the JIT compiled machine