Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR.
https://en.wikipedia.org/wiki/Address_s ... tion#Linux
It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it?
Wanted to look at IDT and other structs in memory
-
- Member
- Posts: 396
- Joined: Wed Nov 18, 2015 3:04 pm
- Location: San Jose San Francisco Bay Area
- Contact:
Wanted to look at IDT and other structs in memory
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
Re: Wanted to look at IDT and other structs in memory
Hi,
Recently (maybe only a few years ago) Intel added a feature they call "User-Mode Instruction Prevention" which is just a flag in CR4 that can be used to disallow the execution of various instructions (SIDT, SGDT, ..) in user-space. In this case you just need a slightly older CPU that doesn't support it or a slightly older kernel that doesn't support it.
Cheers,
Brendan
For slightly older CPUs, you should be able to use the "SIDT" or "SGDT" instructions in user-space (they are not privileged instructions) to determine where the IDT and GDT are (with or without ASLR the CPU must know the right addresses).ggodw000 wrote:Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR.
https://en.wikipedia.org/wiki/Address_s ... tion#Linux
Recently (maybe only a few years ago) Intel added a feature they call "User-Mode Instruction Prevention" which is just a flag in CR4 that can be used to disallow the execution of various instructions (SIDT, SGDT, ..) in user-space. In this case you just need a slightly older CPU that doesn't support it or a slightly older kernel that doesn't support it.
For emulators (e.g. Qemu) there's a monitor you can use to inspect the IDT and GDT, without caring which kernel it is, without caring if the kernel uses ASLR or not, and without caring if "User-Mode Instruction Prevention" is supported and used.ggodw000 wrote:It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it?
Cheers,
Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
-
- Posts: 1
- Joined: Thu Sep 13, 2018 3:57 am
Re: Wanted to look at IDT and other structs in memory
"SIDT" or "SGDT" lauren findley https://athletesphysiques.com/lauren-findley/ you should be able to "SIDT" or "SGDT" if it is a little older