RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 03:57:44 +00:00
Code Issues Activity Actions

crash: Add "-X" option for attempting to execute non-executable memory

Browse source
This commit is contained in:
Andreas Kling 2019-12-25 11:52:21 +01:00
parent ce5f7f6c07
commit 33efeaf71a
2 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
Userland/crash.cpp
View file

@ -6,7 +6,7 @@
static void print_usage_and_exit()
{
printf("usage: crash -[sdiamfMFTt]\n");
printf("usage: crash -[sdiamfMFTtSxyX]\n");
exit(0);
}
@ -28,6 +28,7 @@ int main(int argc, char** argv)
SyscallFromWritableMemory,
WriteToFreedMemoryStillCachedByMalloc,
ReadFromFreedMemoryStillCachedByMalloc,
ExecuteNonExecutableMemory,
};
Mode mode = SegmentationViolation;
@ -62,6 +63,8 @@ int main(int argc, char** argv)
mode = ReadFromFreedMemoryStillCachedByMalloc;
else if (String(argv[1]) == "-y")
mode = WriteToFreedMemoryStillCachedByMalloc;
else if (String(argv[1]) == "-X")
mode = ExecuteNonExecutableMemory;
else
print_usage_and_exit();
@ -184,6 +187,18 @@ int main(int argc, char** argv)
ASSERT_NOT_REACHED();
}
if (mode == ExecuteNonExecutableMemory) {
auto* ptr = (u8*)mmap(nullptr, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
ASSERT(ptr != MAP_FAILED);
ptr[0] = 0xc3; // ret
typedef void* (*CrashyFunctionPtr)();
((CrashyFunctionPtr)ptr)();
ASSERT_NOT_REACHED();
}
ASSERT_NOT_REACHED();
return 0;
}