tags:

views:

213

answers:

4
+2  Q: 

mprotect API on tiger!

I'm trying to use mprotect API on MacOSX 10.4 (tiger), I tried every possible way i know , it always returns -1, with errno 13, which means "permission denied" while I'm trying to add the write permission to some executable code.

The same code exactly works on MacOS X 10.5 (leopard).

the code is pretty simple

int ret = mprotect((void*)pFunc, 4096, PROT_WRITE | PROT_EXEC);

where pFunc is the address of any function loaded in the process address space. I tried to remove the PROT_EXEC before adding the PROT_WRITE access right, but no luck. I also tried aligning pFunc with the memory page size, no luck neither..

Any idea how to make this working? thanks alot in advance

A: 

I know nothing about OSX. That said, can you use the Mach function vm_protect?

1800 INFORMATION  2009-02-27 08:47:05
vm_protect is returning KERN_PROTECTION_FAILURE, because the new protection increased the maximum protection beyond the existing maximum protection. I don't know how to change the "default" maximum protection?
 2009-03-01 21:18:30
by doing vmmap to may process, i see that the virtual memory page that contains pFunc has r-x maximum permission, while i see other executable virtual memory pages have rwx permission, any Idea how to change this for my executable pages? Thanks for advance
 2009-03-01 21:37:38
A: 

You do not have permission to write into executable regions. Anyway, why should you?

I'm sure this works on some platforms, but not all. What are you trying to do?

John Zwinck  2009-02-28 14:40:59
I do have the permission to write into executable regions on leopard (which is more secure,..etc). i'm trying to do something similar to what microsoft detours is doing on windows.
 2009-03-01 21:16:20
+1  A: 

Is the memory you are trying to modify mmap'd from the executable? The man page for mprotect (on Linux) seems to indicate that this would prevent you from modifying (PROT_WRITE) the memory location.

johnny  2009-03-04 19:16:26
A: 

Here is another idea. Try marking it EXEC without the WRITE. I think denying write+exec may be a security feature.

To write to it then, mark it as WRITE but not EXEC.

Zan Lynx  2009-05-08 00:24:39

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi