Date: Tue, 27 Mar 2012 07:53:21 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-hackers@freebsd.org Cc: Maninya M <maninya@gmail.com> Subject: Re: __NR_mmap2 in FreeBSD Message-ID: <201203270753.21534.jhb@freebsd.org> In-Reply-To: <CAC46K3kjQyqQ0VvjP%2BUwQkSooqbT1HR=SVYUpz8KQ1CcYovaEA@mail.gmail.com> References: <CAC46K3kjQyqQ0VvjP%2BUwQkSooqbT1HR=SVYUpz8KQ1CcYovaEA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, March 26, 2012 1:56:08 pm Maninya M wrote:
> I am trying to convert a function written for Linux to FreeBSD.
> What is the equivalent of the __NR_mmap2 system call in FreeBSD?
>
> I keep getting the error because of this exception:
> warn("Wanted space at address 0x%.8x, mmap2 system call returned 0x%.8x.
> This could be a problem.",addr,temp_regs.eax);
I think you could just use plain mmap() for this?
However, it seems that this is injecting a call into an existing binary,
not calling mmap() directly. A few things will need to change. First,
FreeBSD system calls on i386 put their arguments on the stack, not in
registers, so you will need to do a bit more work to push the arguments onto
the stack rather than just setting registers.
> I changed
> temp_regs.eax = __NR_mmap2;
> to
> temp_regs.eax = 192;
>
> but it didn't work. I suppose I couldn't understand this function. Please
> help.
>
> This is the function:
>
> void map_memory(unsigned long addr, unsigned long size, int flags)
> {
> int status;
> struct user_regs_struct regs,temp_regs;
> unsigned long int_instr = 0x000080cd; /* INT 0x80 */
>
> if (ptrace(PTRACE_GETREGS,exec_pid,NULL,®s) < 0)
> die_perror("ptrace(PTRACE_GETREGS,%d,NULL,®s)",exec_pid);
>
> /* mmap2 system call seems to take arguments as follows:
> * eax = __NR_mmap2
> * ebx = (unsigned long) page aligned address
> * ecx = (unsigned long) page aligned file size
> * edx = protection
> * esi = flags
> * Other arguments (fd and pgoff) are not required for anonymous mapping
> */
> temp_regs = regs;
> temp_regs.eax = __NR_mmap2;
> temp_regs.ebx = addr;
> temp_regs.ecx = size;
> temp_regs.edx = flags;
> temp_regs.esi = MAP_PRIVATE | MAP_ANONYMOUS;
> temp_regs.eip = temp_regs.esp - 4;
>
> if (ptrace(PTRACE_POKETEXT,exec_pid,(void
> *)(temp_regs.eip),(void*)int_instr) < 0)
> die_perror("ptrace(PTRACE_POKETEXT,%d,0x%.8x,INT 0x80) failed while
> allocating memory",exec_pid,temp_regs.eip);
> if (ptrace(PTRACE_SETREGS,exec_pid,NULL,&temp_regs) < 0) {
> die_perror("ptrace(PTRACE_SETREGS,%d,...) failed while allocating
> memory",exec_pid);
> }
> if (ptrace(PTRACE_SINGLESTEP,exec_pid,NULL,NULL) < 0)
> die_perror("ptrace(PTRACE_SINGLESTEP,...) failed while executing
> mmap2");
>
> wait(&status);
> if (WIFEXITED(status))
> die("Restarted process abrubtly (exited with value %d). Aborting
> Restart.",WEXITSTATUS(status));
> else if (WIFSIGNALED(status))
> die("Restarted process abrubtly exited because of uncaught signal (%d).
> Aborting Restart.",WTERMSIG(status));
>
> if (ptrace(PTRACE_GETREGS,exec_pid,NULL,&temp_regs) < 0) {
> die_perror("ptrace(PTRACE_GETREGS,...) failed after executing mmap2
> system call");
> }
>
> if (temp_regs.eax != addr)
> warn("Wanted space at address 0x%.8x, mmap2 system call returned
> 0x%.8x. This could be a problem.",addr,temp_regs.eax);
> else if (cr_options.verbose)
> fprintf(stdout,"Successfully allocated [0x%.8lx -
> 0x%.8lx]\n",addr,addr+size);
>
> /* Restore original registers */
> if (ptrace(PTRACE_SETREGS,exec_pid,NULL,®s) < 0) {
> die_perror("ptrace(PTRACE_SETREGS,...) when restoring registering after
> allocating memory (mmap2)");
> }
> }
>
> --
> Maninya
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
--
John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203270753.21534.jhb>