0

i opened a file (MEMORY) then i tried to use mmap syscall but after mmap called, i tried to use the allocated space and i got (Bus error) in Linux

what is the problem !? i think something is wrong with my mmap parameters

FORMAT  ELF64 EXECUTABLE
ENTRY   MAIN

SEGMENT WRITABLE READABLE EXECUTABLE

MAIN:
        ; open MEMORY file
        mov     eax, 2                  ; sys_open
        mov     rdi, .filename          ; filename
        mov     esi, 0x40 or 0x2        ; O_CREAT|O_RDWR
        mov     edx, 0644               ; permissions
        syscall

        cmp     eax, 0                  ; ERROR ?
        jl      .error_file_open_failed

        mov     QWORD [.file], rax      ; .file = fd

        ; mmap
        mov     eax, 9                  ; sys_mmap
        xor     edi, edi                ; addr = 0
        mov     esi, 4096               ; length
        mov     edx, 0x1 or 0x2         ; PROT_READ | PROT_WRITE
        mov     r10d,0x02               ; MAP_PRIVATE
        mov     r8,  QWORD [.file]      ; file (fd)
        xor     r9d, r9d                ; offset (file) = 0
        syscall

        cmp     rax, 0
        jl      .error_mmap_failed

        ; i get (Bus error) here

        mov     QWORD [rax],    10000
        mov     QWORD [rax+8],  10000
        mov     QWORD [rax+16], 10000
        mov     QWORD [rax+24], 10000
        mov     QWORD [rax+32], 10000



        jmp     short .close            ; close the open file and exit

.error_mmap_failed:
        mov     rsi, .mmap_failed       ; ERROR Message
        mov     edx, .mmap_failed_size  ; ERROR Message length
        jmp     .error

.error_file_open_failed:
        mov     rsi, .open_failed       ; ERROR Message
        mov     edx, .open_failed_size  ; ERROR Message length

.error:
        mov     eax, 1                  ; sys_write
        xor     edi, edi                ; STDOUT (0)
        syscall

.close:
        mov     eax, 3                  ; sys_close
        mov     rdi, QWORD [.file]      ; fd
        syscall

.exit:
        mov     eax, 60         ; sys_exit
        xor     edi, edi        ; return 0
        syscall

.file DQ 0

.filename DB 'MEMORY', 0x00

.open_failed DB 'file open failed', 0x0a, 0x00
.open_failed_size = $ - .open_failed

.mmap_failed DB 'mmap failed', 0x0a, 0x00
.mmap_failed_size = $ - .mmap_failed

here i don't get any 'file open failed' or 'mmap failed' error !!! but i just get (Bus error) in linux terminal after executing this executable ! i just removed these lines

mov     QWORD [rax],    10000
        mov     QWORD [rax+8],  10000
        mov     QWORD [rax+16], 10000
        mov     QWORD [rax+24], 10000
        mov     QWORD [rax+32], 10000

then i checked again and there wasn't any problem ... so the problem is from these lines ... i think somethings wrong with mmap result (Memory pointer)

ELHASKSERVERS
  • 195
  • 1
  • 10
  • 3
    If you just created the file it has size zero so you are trying to write beyond its size. You need to enlarge it first. – Jester Mar 08 '20 at 11:23
  • enlarge it with what ? for example, a zero-byte ? – ELHASKSERVERS Mar 08 '20 at 11:37
  • Yeah you can just use `truncate`. – Jester Mar 08 '20 at 12:20
  • Please also note that the `syscall` returns a value in the range (-4095)...0 if the C function `mmap()` returns `NULL`. Therefore the instruction `cmp rax, 0` will probably detect "OK" if an error is returned by `syscall`. – Martin Rosenau Mar 08 '20 at 16:20
  • No, it will do the opposite ... it may detect a valid address as an error if it happens to have the MSB set. Luckily linux uses the negative half for kernel so that won't occur. – Jester Mar 08 '20 at 16:50

0 Answers0