From owner-freebsd-questions@freebsd.org Tue Jul 20 20:23:25 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF129651EEE for ; Tue, 20 Jul 2021 20:23:25 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GTqsn0Xhhz4YXf for ; Tue, 20 Jul 2021 20:23:24 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: by mail-pg1-x52a.google.com with SMTP id j4so6924602pgk.5 for ; Tue, 20 Jul 2021 13:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o1tuUYVtWNU+MdC4vTAmI9uQLV+uE138PKDI4vCSHq4=; b=jkTU+jeDaOQrRx7pf+OOMKwxdp8MkwrMr7dVvBAbh/L77zzcl4OFaGFTfIpcM6un8m U6Pzm4r9prY6VUQvG8RXXIREmLMZdD82C5cImF2d79jZP1/DUNuD/dXSZJ5na8leykVf 4t74F7xVhllvTPrLzlPBO3nDkyQB/E0IFXwgd+LXsoUwEVMOpzIE4TVJ3ZOfml1r6oRp qLxAvF+F+zAI7LnjcQL/8s3+y2MaF1jZxzIgjbhQEh/WpnU3VIC8Ke+n90uNYQFAVcGT 88L0LpwqtQ15C+WVg2H9UhwtKEpwAvVfNN3iL9TcFr42B0puGbFfSkJtLN1EaZcbK11/ NuRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o1tuUYVtWNU+MdC4vTAmI9uQLV+uE138PKDI4vCSHq4=; b=K8ViRm9PvfVxD60seX2J1YAZIy/ldp/CoU7GQxoEjfl6bMp2CbvUZxBOySfrq/FcSn fuHDpkoIEiXAaHYUaXy/rxbSjO9pW2dIDByqYcRzXpBvy73suAHiC+m+VAn0fWBeqchQ ICxwJ8WrDXmuWiod3FJcIh54I5kP6WWiR7RFJtELMC+4FDLn3NXBfqrRGzZGLOaLVjAi 6ibdStZbOZtDoOwtlvSMSPDfXLhHRK8+Fohp9Fxpq5mtbDk4JTeXibGa4U/uL9tsqQRE COpwhHpixTDvMEcZFkFxeNQvOGBZsKgaNgxq8FsDIcil9Pn+w5PpV9PBTlgrcUZ+d4Ko ZbQQ== X-Gm-Message-State: AOAM5322GEHnPUeVBSF7QmNVMIAN+cKeBGt9d/Csy4FgLlG4ljWDK2en 3ukOAMTDaPOXjkcsxbMr9r64zS9NIb+eKdZnyA== X-Google-Smtp-Source: ABdhPJxRgsv2rjW2H05Bg8HMhIdl2JcCVfOct3BUw0nPQK6FJDB1h3/m7RFuXOG+uDmhNYq4/P/mYyt0YDmSq6mO/DQ= X-Received: by 2002:a63:4b59:: with SMTP id k25mr32373498pgl.252.1626812603318; Tue, 20 Jul 2021 13:23:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Procacci Date: Tue, 20 Jul 2021 16:23:12 -0400 Message-ID: Subject: Re: Understanding the behavior of the 32 bit mmap system call To: Rdbo Cc: FreeBSD Questions X-Rspamd-Queue-Id: 4GTqsn0Xhhz4YXf X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=jkTU+jeD; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pprocacci@gmail.com designates 2607:f8b0:4864:20::52a as permitted sender) smtp.mailfrom=pprocacci@gmail.com X-Spamd-Result: default: False [-1.99 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::52a:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; NEURAL_HAM_LONG(-0.99)[-0.988]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::52a:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::52a:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2021 20:23:26 -0000 On Tue, Jul 20, 2021 at 10:45 AM Rdbo wrote: > Hi, I'm a hobbyist developer working on a multiplatform, multiarch memory > library, and I chose FreeBSD to be one of the supported operating systems. > I was playing around with the SYS_mmap system call and I noticed that, for > x86_32, you have to pass a struct containing all the mmap arguments, rather > than the arguments themselves. The thing is, this structure is not passed > as a pointer (like on Linux, for example), so I don't see how one would do > this syscall from a remote process, as each register is responsible for one > argument of the syscall, and a single register can't store a structure this > size. I've tried passing the structure as a pointer, passing each mmap > argument in a separate register (like __NR_mmap2 on Linux), looking for > alternative mmap system calls that do not require the struct parameter. > Unfortunately, these attempts have all failed. > TLDR; how to run a 32 bit SYS_mmap system call from a remote process when a > single register can't fit the whole structure and the structure is not > passed as a pointer? > Regards, rdbo > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > The calling conventions for arguments on 32 bit FreeBSD is to pass those arguments on the stack.[1] I've whipped up the following for you. I couldn't test it because I don't have a 32 bit environment to test on, but it should hopefully give you some insight. bits 32 > default rel > > %define SYS_exit 1 > %define SYS_mmap 477 > > %define PROT_READ 0x01 > %define PROT_WRITE 0x02 > > %define MAP_FILE 0x0000 > %define MAP_PRIVATE 0x0002 > > global _start:function > > section .text > > _start: > push ebp > mov ebp, esp > > sub esp, 24 > > xor edi, edi > mov dword [ebp - 4], -1 ; > fd > mov dword [ebp - 12], MAP_FILE | MAP_PRIVATE ; > flags > mov dword [ebp - 16], PROT_READ | PROT_WRITE ; > prot > mov dword [ebp - 20], 55 ; > size > mov dword [ebp - 24], 0 ; > addr > push 0 > mov eax, SYS_mmap > int 80h > add esp, 24 > > xor edi, edi > mov eax, SYS_exit > int 80h I don't know what you mean by remote process. ~Paul Procacci [1] Passing arguments via registers is for 64-bit only. -- __________________ :(){ :|:& };: