[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-questions
Subject: Re: Understanding the behavior of the 32 bit mmap system call
From: Rdbo <rdbodev () gmail ! com>
Date: 2021-07-21 21:07:38
Message-ID: CABsRSOM3_vo=zmdPojvim0hiRdOnAn1Wkmi+R+B56rL51yz2mw () mail ! gmail ! com
[Download RAW message or body]
By remote process, I meant a tracer. Because apparently the syscall
arguments are passed on the stack, I'm gonna have to modify my shellcode a
little in order for the syscall injection to work. I thought it was going
to be the same way as on Linux, apparently not. I'll report back if I get
it working.
Em ter., 20 de jul. de 2021 Ã s 09:15, Rdbo <rdbodev@gmail.com> escreveu:
> Hi, I'm a hobbyist developer working on a multiplatform, multiarch memory
> library, and I chose FreeBSD to be one of the supported operating systems.
> I was playing around with the SYS_mmap system call and I noticed that, for
> x86_32, you have to pass a struct containing all the mmap arguments, rather
> than the arguments themselves. The thing is, this structure is not passed
> as a pointer (like on Linux, for example), so I don't see how one would do
> this syscall from a remote process, as each register is responsible for one
> argument of the syscall, and a single register can't store a structure this
> size. I've tried passing the structure as a pointer, passing each mmap
> argument in a separate register (like __NR_mmap2 on Linux), looking for
> alternative mmap system calls that do not require the struct parameter.
> Unfortunately, these attempts have all failed.
> TLDR; how to run a 32 bit SYS_mmap system call from a remote process when
> a single register can't fit the whole structure and the structure is not
> passed as a pointer?
> Regards, rdbo
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic