0

I want write something in userspace program, for example: write the value 3 in the physical address 0xF7F4900(260MB) from the start address 0x0, while all kernel sits in the range 0-240MB. How can I do it? any idea please?

Best regards.

I thought to use mmap but I think it gets me the virtual address.

memfd = open("/dev/mem", O_RDWR);
map = mmap(0xF7F4900, sizeof(int), PROT_WRITE, MAP_SHARED, memfd, 0);
*map = 3;
Nikaido
  • 4,443
  • 5
  • 30
  • 47
ninja
  • 1

2 Answers2

0

Treat /dev/mem as a file and write to offset 0xF7F4900 in that file:

char value = 3;
int fd = open("/dev/mem", O_RDWR);
lseek(fd, 0xF7F4900, SEEK_SET);
write(fd, &value, 1);
close(fd);

If you want to mmap, the same thing applies. You should not try to map it to 0xF7F4900 in your process, you should instead map it to an arbitrary location and write to map[0xF7F4900] if you map from offset 0 or map[0x900] if you map from the page boundary 0xF7F4000.

Note that arbitrary access to /dev/mem may require special kernel configuration, and is disabled entirely with UEFI Secure boot.

that other guy
  • 116,971
  • 11
  • 170
  • 194
  • shouldn't it be `write(fd, &value, sizeof value);`? NVM, value is char in your code :O – pmg Oct 07 '19 at 07:22
  • when I try: int val = 5; lseek(fd, 0xF7F4900, SEEK_SET); write(fd, &val, sizeof(int)); the write() failed with error of bad_address :O And then we back to my question: how to write a value to specific physical address in RAM? thanks – ninja Oct 07 '19 at 07:35
-4

That's not possible in most operating systems as you could gain control over the system. Only one of the thousands vulnerabilitys

Tobias Hammerer
  • 13
  • 5