1

How can I know that the address I am about to access is a part of the process's memory? I mean for example if I try to do this in a random process mov eax, [0x010], it is going to crash as 0x10 is not in process's memory same goes with indirect memory accessing using a register.

So if there is a way to verify of the address is readable/writable by process's own code, before accessing it?

PeaceBeUponYou
  • 35
  • 5
  • 2
    You have to ask the OS, or if you are the OS, check the page tables yourself or catch #PF exceptions. e.g. under Linux you can ask if a page is currently mapped in RAM (not even a soft page fault on access - `mincore(2)`) [How to know whether a pointer is in physical memory or it will trigger a Page Fault?](https://stackoverflow.com/q/37764417) vs or [Is it possible to “abort” when loading a register from memory rather the triggering a page fault?](https://stackoverflow.com/q/52221575) - you can check for an RTM abort if you have TSX. – Peter Cordes Aug 24 '21 at 14:36
  • 1
    Or to ask if the page is *logically* owned by your process (no segfault, even if the OS does have to handle a page fault), [Finding mapped memory from inside a process](https://stackoverflow.com/q/53022573) – Peter Cordes Aug 24 '21 at 14:38
  • 1
    Why do you want to? In most cases I've seen where someone asks about wanting to do this, it's not actually the right way to solve their underlying problem. – Nate Eldredge Aug 24 '21 at 17:13
  • @PeterCordes Im using Windows OS. – PeaceBeUponYou Aug 24 '21 at 18:18
  • @NateEldredge Its just when I edit a program and try to read say a pointer, I want to check if the value I get is a readable/writable address. – PeaceBeUponYou Aug 24 '21 at 18:20
  • Windows apparently has `IsBadXxxPtr`, but see Raymond Chen's article [IsBadXxxPtr should really be called CrashProgramRandomly](https://devblogs.microsoft.com/oldnewthing/?p=29563) from 2006. Apparently there's no other way on Windows, except maybe trying and catching SEH. – Peter Cordes Aug 24 '21 at 18:24
  • You added "in assembly" to your title, which is fine. But since only the OS knows which pointers will eventually be valid (after handling a hard or soft page fault), the only way is to ask the OS. The APIs for doing so are all callable from C; there's nothing special you can do in asm. – Peter Cordes Aug 24 '21 at 18:26

1 Answers1

2

There is no way to find out if a page is accessible other than by accessing the page and catching the signal or exception the OS sends you for accessing an invalid page.

This is because the paging mechanism of your operating system traps page faults and then determines if there is supposed to be memory at this page. If yes, it allocates memory and configures the page table to point to that memory. Then it restarts your program which accesses the newly allocated page as if it was there all along. As the hardware doesn't know that this is what the OS plans to do, it cannot tell you if a page is valid or not, even if it had a way to do so.

Consider looking into OS specific mechanisms for enumerating the memory map of your process. For example, on Linux you can check the proc file system to get a memory map. With this memory map, you could then detect if what address ranges are allocated to your process.

fuz
  • 88,405
  • 25
  • 200
  • 352
  • For a single address, you can also check with a system call that would write to it, or otherwise return (or set errno=) `EFAULT` if you don't own that memory. e.g. `posix_madvise` even if it succeeds won't actually write the memory. [Finding mapped memory from inside a process](https://stackoverflow.com/q/53022573). (But note that POSIX also allows some "functions" to actually raise a segfault instead of failing with EFAULT, so `time(2)` with a non-NULL output pointer might be a poor choice if it gets handled in user-space. Of course in asm you can choose to call into the kernel.) – Peter Cordes Aug 24 '21 at 15:42
  • thanks @fuz. I looked into kernal and syscalls and Ive finally coded a way to do it without even calling the kernal methods – PeaceBeUponYou Aug 29 '21 at 08:47