简体繁体 English

无法访问.bss部分中的内存，但gdb'info files'显示地址在范围内

[英]Can not access memory in the .bss section, but gdb 'info files' shows the address is in range

原文 2017-07-27 20:05:48 9 1 c/ linux/ memory/ gdb/ bus-error

I have a binary that generates a Bus error (core dumped) message. 我有一个生成Bus error (core dumped)消息的二进制文件。 When I run it under the debugger ( gdb ) it fails to access a memory location in the .bss section. 当我在调试器（ gdb ）下运行它时，它无法访问.bss部分中的内存位置。

Program received signal SIGBUS, Bus error.
0x0000000000412275 in ?? ()

The code at this location is: 这个位置的代码是：

41226f:       0f 8f 33 ff ff ff       jg     4121a8 
  412275:       8b 35 51 b5 22 00       mov    0x22b551(%rip),%esi        # 63d7cc 
  41227b:       85 f6                   test   %esi,%esi

So its trying to access memory at location 0x63d7cc which is clearly within the .bss section: 0x63c4e0 - 0x63d7e0 . 所以它试图访问位于0x63d7cc内存，这显然位于.bss部分： 0x63c4e0 - 0x63d7e0 。

gdb (along with /proc/$pid/maps) shows this memory as mapped: gdb （以及/ proc / $ pid / maps）将此内存显示为已映射：

(gdb) info proc mappings
process 16533
Mapped address spaces:

          Start Addr           End Addr       Size     Offset objfile
            0x400000           0x43a000    0x3a000        0x0 /somepath/someapp
            0x639000           0x63e000     0x5000    0x39000 /somepath/someapp
            0x63e000           0x65f000    0x21000        0x0 [heap]

(gdb) info files
Symbols from "/somepath/someapp".
...
        0x0000000000639c80 - 0x000000000063c498 is .data
        0x000000000063c4e0 - 0x000000000063d7e0 is .bss

Both examination of ELF sections: 两个ELF部分的检查：

% readelf -S someapp
...
  [24] .data             PROGBITS         0000000000639c80  00039c80
       0000000000002818  0000000000000000  WA       0     0     32
  [25] .bss              NOBITS           000000000063c4e0  0003c498
       0000000000001300  0000000000000000  WA       0     0     32
  [26] .gnu_debuglink    PROGBITS         0000000000000000  0003c498
       000000000000000c  0000000000000000           0     0     1
...

and Segments shows this memory as mapped: 和Segments将此内存显示为已映射：

% readelf -l someapp
...
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x000000000003976c 0x000000000003976c  R E    200000
  LOAD           0x0000000000039770 0x0000000000639770 0x0000000000639770
                 0x0000000000004070 0x0000000000004070  RW     200000
...

But gdb is unable to access it (and thus why the app fails). 但是gdb无法访问它（因此应用程序失败的原因）。 Interestingly gdb is able to access .bss memory up and until 0x63d000 : 有趣的是， gdb能够访问.bss内存，直到0x63d000 ：

(gdb) x 0x63d7cc
0x63d7cc:       Cannot access memory at address 0x63d7cc
(gdb) x 0x63cff8
0x63cff8:       0x00000000
(gdb) x 0x63cffc
0x63cffc:       0x00000000
(gdb) x 0x63cffd
0x63cffd:       Cannot access memory at address 0x63d000

The questions are: 问题是：
What could be preventing this access? 有什么可能阻止这种访问？
What other methods are available to examine runtime memory access permissions? 还有哪些其他方法可用于检查运行时内存访问权限？
What else could modify the access rights of a running process? 还有什么可以修改正在运行的进程的访问权限？

1 个解决方案

The code at this location is: 这个位置的代码是：

The .bss is not normally executable, so likely that is why you are getting SIGBUS when trying to jump to it. .bss通常不是可执行的，所以很可能这就是为什么你在尝试跳转到它时得到SIGBUS 。

Your readelf output shows RW flags (note lack of E xecutable flag) as well. 您的readelf输出也显示RW标志（注意缺少E xecutable标志）。

You'll need to mprotect that section to add execute permissions first. 您需要先mprotect该部分以首先添加执行权限。

Note that some environments, such as SELinux , prohibit memory mappings with RWE , and that changing the mapping to RE will cause the program to not be able to write into its (normally writable) global data. 请注意，某些环境（如SELinux ）禁止使用RWE进行内存映射，并且将映射更改为RE将导致程序无法写入其（通常可写）全局数据。 This is why putting executable code into .bss is probably not among the best ideas. 这就是为什么将可执行代码放入.bss可能不是最好的想法。