ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  How Shellcodes Work
Subject:   Writing to executable memory?
Date:   2006-05-21 21:35:11
From:   VesK
Excellent article indeed.


I am a bit surprised that writing to executable memory does not generate the segfault. Consider the following bit of code:



jmp short stuff


code:
pop esi
; address of string
; now in ESI


xor eax,eax
; put zero into EAX


mov byte [esi + 17],al ; =======
; count 18 symbols (index starts from zero)
; and putting a zero value there (EAX register equals to zero)
; The string will become This is my string0


stuff:
call code


db 'This is my string#'


The line marked with ======= is in effect writing to executable memory (i.e. self-modifying program). Since 80386 Intel introduced memory protection and this makes easy for the OS to mark pages for Read, Write and Execute. My understanding is that - at least outside ring 0 - pages marked Execute should not be writeable and pages marked Write should not be executable. What am I missing?


1 to 2 of 2
1 to 2 of 2