[英]Can not access memory in the .bss section, but gdb 'info files' shows the address is in range
I have a binary that generates a Bus error (core dumped)
message. 我有一个生成
Bus error (core dumped)
消息的二进制文件。 When I run it under the debugger ( gdb
) it fails to access a memory location in the .bss
section. 当我在调试器(
gdb
)下运行它时,它无法访问.bss
部分中的内存位置。
Program received signal SIGBUS, Bus error. 0x0000000000412275 in ?? ()
The code at this location is: 这个位置的代码是:
41226f: 0f 8f 33 ff ff ff jg 4121a8 412275: 8b 35 51 b5 22 00 mov 0x22b551(%rip),%esi # 63d7cc 41227b: 85 f6 test %esi,%esi
So its trying to access memory at location 0x63d7cc
which is clearly within the .bss
section: 0x63c4e0 - 0x63d7e0
. 所以它试图访问位于
0x63d7cc
内存,这显然位于.bss
部分: 0x63c4e0 - 0x63d7e0
。
gdb
(along with /proc/$pid/maps) shows this memory as mapped: gdb
(以及/ proc / $ pid / maps)将此内存显示为已映射:
(gdb) info proc mappings process 16533 Mapped address spaces: Start Addr End Addr Size Offset objfile 0x400000 0x43a000 0x3a000 0x0 /somepath/someapp 0x639000 0x63e000 0x5000 0x39000 /somepath/someapp 0x63e000 0x65f000 0x21000 0x0 [heap]
(gdb) info files Symbols from "/somepath/someapp". ... 0x0000000000639c80 - 0x000000000063c498 is .data 0x000000000063c4e0 - 0x000000000063d7e0 is .bss
Both examination of ELF sections: 两个ELF部分的检查:
% readelf -S someapp ... [24] .data PROGBITS 0000000000639c80 00039c80 0000000000002818 0000000000000000 WA 0 0 32 [25] .bss NOBITS 000000000063c4e0 0003c498 0000000000001300 0000000000000000 WA 0 0 32 [26] .gnu_debuglink PROGBITS 0000000000000000 0003c498 000000000000000c 0000000000000000 0 0 1 ...
and Segments shows this memory as mapped: 和Segments将此内存显示为已映射:
% readelf -l someapp ... LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x000000000003976c 0x000000000003976c R E 200000 LOAD 0x0000000000039770 0x0000000000639770 0x0000000000639770 0x0000000000004070 0x0000000000004070 RW 200000 ...
But gdb
is unable to access it (and thus why the app fails). 但是
gdb
无法访问它(因此应用程序失败的原因)。 Interestingly gdb
is able to access .bss
memory up and until 0x63d000
: 有趣的是,
gdb
能够访问.bss
内存,直到0x63d000
:
(gdb) x 0x63d7cc 0x63d7cc: Cannot access memory at address 0x63d7cc (gdb) x 0x63cff8 0x63cff8: 0x00000000 (gdb) x 0x63cffc 0x63cffc: 0x00000000 (gdb) x 0x63cffd 0x63cffd: Cannot access memory at address 0x63d000
The questions are: 问题是:
What could be preventing this access? 有什么可能阻止这种访问?
What other methods are available to examine runtime memory access permissions? 还有哪些其他方法可用于检查运行时内存访问权限?
What else could modify the access rights of a running process? 还有什么可以修改正在运行的进程的访问权限?
The code at this location is:
这个位置的代码是:
The .bss
is not normally executable, so likely that is why you are getting SIGBUS
when trying to jump to it. .bss
通常不是可执行的,所以很可能这就是为什么你在尝试跳转到它时得到SIGBUS
。
Your readelf
output shows RW
flags (note lack of E
xecutable flag) as well. 您的
readelf
输出也显示RW
标志(注意缺少E
xecutable标志)。
You'll need to mprotect
that section to add execute permissions first. 您需要先
mprotect
该部分以首先添加执行权限。
Note that some environments, such as SELinux
, prohibit memory mappings with RWE
, and that changing the mapping to RE
will cause the program to not be able to write into its (normally writable) global data. 请注意,某些环境(如
SELinux
)禁止使用RWE
进行内存映射,并且将映射更改为RE
将导致程序无法写入其(通常可写)全局数据。 This is why putting executable code into .bss
is probably not among the best ideas. 这就是为什么将可执行代码放入
.bss
可能不是最好的想法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.