-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathptedit_header.h
1792 lines (1553 loc) · 53.4 KB
/
ptedit_header.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/* See LICENSE file for license and copyright information */
#ifndef PTEDITOR_MODULE_H
#define PTEDITOR_MODULE_H
#if defined(__linux__) || defined(__linux) || defined(__unix__) || defined(LINUX) || defined(UNIX)
#define LINUX
#endif
#if defined(_WIN32) || defined(_WIN64) || defined(__MINGW32__) || defined(__CYGWIN__)
#define WINDOWS
#undef LINUX
#endif
#include <stddef.h>
#if defined(LINUX)
#define PTEDITOR_DEVICE_NAME "pteditor"
#define PTEDITOR_DEVICE_PATH "/dev/" PTEDITOR_DEVICE_NAME
#else
#define PTEDITOR_DEVICE_NAME L"PTEditorLink"
#define PTEDITOR_DEVICE_PATH L"\\\\.\\" PTEDITOR_DEVICE_NAME
#endif
/**
* Structure containing the page-table entries of all levels.
* The Linux names are aliased with the Intel names.
*/
typedef struct {
/** Process ID */
size_t pid;
/** Virtual address */
size_t vaddr;
/** Page global directory / Page map level 5 */
union {
size_t pgd;
size_t pml5;
};
/** Page directory 4 / Page map level 4 */
union {
size_t p4d;
size_t pml4;
};
/** Page upper directory / Page directory pointer table */
union {
size_t pud;
size_t pdpt;
};
/** Page middle directory / Page directory */
union {
size_t pmd;
size_t pd;
};
/** Page table entry */
size_t pte;
/** Bitmask indicating which entries are valid/should be updated */
size_t valid;
} ptedit_entry_t;
/**
* Structure to read/write physical pages
*/
#if defined(LINUX)
typedef struct {
/** Page-frame number */
size_t pfn;
/** Virtual address */
size_t vaddr;
/** Page size */
size_t size;
/** Page content */
unsigned char* buffer;
} ptedit_page_t;
#else
__pragma(pack(push, 1))
typedef struct {
char content[4096];
size_t paddr;
} ptedit_page_t;
__pragma(pack(pop))
#endif
/**
* Structure to get/set the root of paging
*/
typedef struct {
/** Process id */
size_t pid;
/** Physical address of paging root */
size_t root;
} ptedit_paging_t;
#define PTEDIT_VALID_MASK_PGD (1<<0)
#define PTEDIT_VALID_MASK_P4D (1<<1)
#define PTEDIT_VALID_MASK_PUD (1<<2)
#define PTEDIT_VALID_MASK_PMD (1<<3)
#define PTEDIT_VALID_MASK_PTE (1<<4)
#if defined(LINUX)
#define PTEDITOR_IOCTL_MAGIC_NUMBER (long)0x3d17
#define PTEDITOR_IOCTL_CMD_VM_RESOLVE \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 1, size_t)
#define PTEDITOR_IOCTL_CMD_VM_UPDATE \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 2, size_t)
#define PTEDITOR_IOCTL_CMD_VM_LOCK \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 3, size_t)
#define PTEDITOR_IOCTL_CMD_VM_UNLOCK \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 4, size_t)
#define PTEDITOR_IOCTL_CMD_READ_PAGE \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 5, size_t)
#define PTEDITOR_IOCTL_CMD_WRITE_PAGE \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 6, size_t)
#define PTEDITOR_IOCTL_CMD_GET_ROOT \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 7, size_t)
#define PTEDITOR_IOCTL_CMD_SET_ROOT \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 8, size_t)
#define PTEDITOR_IOCTL_CMD_GET_PAGESIZE \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 9, size_t)
#define PTEDITOR_IOCTL_CMD_INVALIDATE_TLB \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 10, size_t)
#define PTEDITOR_IOCTL_CMD_GET_PAT \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 11, size_t)
#define PTEDITOR_IOCTL_CMD_SET_PAT \
_IOR(PTEDITOR_IOCTL_MAGIC_NUMBER, 12, size_t)
#else
#define PTEDITOR_READ_PAGE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_WRITE_PAGE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_READ_DATA)
#define PTEDITOR_GET_CR3 CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_FLUSH_TLB CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_READ_PHYS_VAL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_WRITE_PHYS_VAL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_SET_CR3 CTL_CODE(FILE_DEVICE_UNKNOWN, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_SET_PAT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x808, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define PTEDITOR_GET_PAT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x809, METHOD_BUFFERED, FILE_ANY_ACCESS)
#endif
#endif // PTEDITOR_MODULE_H
/** @file */
#ifndef _PTEDITOR_H_
#define _PTEDITOR_H_
#include <sys/types.h>
#if defined(WINDOWS)
typedef size_t pid_t;
#endif
/**
* The implementation of PTEditor to use
*
* @defgroup PTEDITOR_IMPLEMENTATION PTEditor Implementation
*
* @{
*/
/** Use the kernel to resolve and update paging structures */
#define PTEDIT_IMPL_KERNEL 0
/** Use the user-space implemenation to resolve and update paging structures, using pread to read from the memory mapping */
#define PTEDIT_IMPL_USER_PREAD 1
/** Use the user-space implemenation that maps the physical memory into user space to resolve and update paging structures */
#define PTEDIT_IMPL_USER 2
/**
* The bits in a page-table entry
*
* @defgroup PAGETABLE_BITS Page Table Bits
*
* @{
*
*/
#if defined(__i386__) || defined(__x86_64__) || defined(_WIN64)
/** Page is present */
#define PTEDIT_PAGE_BIT_PRESENT 0
/** Page is writeable */
#define PTEDIT_PAGE_BIT_RW 1
/** Page is userspace addressable */
#define PTEDIT_PAGE_BIT_USER 2
/** Page write through */
#define PTEDIT_PAGE_BIT_PWT 3
/** Page cache disabled */
#define PTEDIT_PAGE_BIT_PCD 4
/** Page was accessed (raised by CPU) */
#define PTEDIT_PAGE_BIT_ACCESSED 5
/** Page was written to (raised by CPU) */
#define PTEDIT_PAGE_BIT_DIRTY 6
/** 4 MB (or 2MB) page */
#define PTEDIT_PAGE_BIT_PSE 7
/** PAT (only on 4KB pages) */
#define PTEDIT_PAGE_BIT_PAT 7
/** Global TLB entry PPro+ */
#define PTEDIT_PAGE_BIT_GLOBAL 8
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW1 9
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW2 10
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW3 11
/** PAT (on 2MB or 1GB pages) */
#define PTEDIT_PAGE_BIT_PAT_LARGE 12
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW4 58
/** Protection Keys, bit 1/4 */
#define PTEDIT_PAGE_BIT_PKEY_BIT0 59
/** Protection Keys, bit 2/4 */
#define PTEDIT_PAGE_BIT_PKEY_BIT1 60
/** Protection Keys, bit 3/4 */
#define PTEDIT_PAGE_BIT_PKEY_BIT2 61
/** Protection Keys, bit 4/4 */
#define PTEDIT_PAGE_BIT_PKEY_BIT3 62
/** No execute: only valid after cpuid check */
#define PTEDIT_PAGE_BIT_NX 63
#elif defined(__aarch64__)
/** Entry type 1/2 */
#define PTEDIT_PAGE_BIT_TYPE_BIT0 0
/** Entry type 1/2 */
#define PTEDIT_PAGE_BIT_TYPE_BIT1 1
/** Memory attribute index 1/3 */
#define PTEDIT_PAGE_BIT_MAIR_BIT0 2
/** Memory attribute index 2/3 */
#define PTEDIT_PAGE_BIT_MAIR_BIT1 3
/** Memory attribute index 3/3 */
#define PTEDIT_PAGE_BIT_MAIR_BIT2 4
/** Page is non-secure */
#define PTEDIT_PAGE_BIT_NON_SECURE 5
/** Page permissions 1/2 */
#define PTEDIT_PAGE_BIT_PERMISSION_BIT0 6
/** Page permissions 2/2 */
#define PTEDIT_PAGE_BIT_PERMISSION_BIT1 7
/** Shareability domain 1/2 */
#define PTEDIT_PAGE_BIT_SHARE_BIT0 8
/** Shareability domain 2/2 */
#define PTEDIT_PAGE_BIT_SHARE_BIT1 9
/** Page was accessed (raised by CPU) */
#define PTEDIT_PAGE_BIT_ACCESSED 10
/** Page is not global */
#define PTEDIT_PAGE_BIT_NOT_GLOBAL 11
/** Contiguous */
#define PTEDIT_PAGE_BIT_CONTIGUOUS 52
/** Privileged execute never */
#define PTEDIT_PAGE_BIT_PXN 53
/** Execute never */
#define PTEDIT_PAGE_BIT_XN 54
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW1 55
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW2 56
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW3 57
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW4 58
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW5 59
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW6 60
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW7 61
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW8 62
/** Available for programmer */
#define PTEDIT_PAGE_BIT_SOFTW9 63
#endif
/** @} */
/**
* The memory types (PAT/MAIR)values
*
* @defgroup MEMORY_TYPES Memory Types (PAT/MAIR values)
*
* @{
*/
#if defined(__i386__) || defined(__x86_64__) || defined(_WIN64)
/** Strong uncachable (nothing is cached) */
#define PTEDIT_MT_UC 0
/** Write combining (consecuite writes are combined in a WC buffer and then written once) */
#define PTEDIT_MT_WC 1
/** Write through (read accesses are cached, write access are written to cache and memory) */
#define PTEDIT_MT_WT 4
/** Write protected (only read access is cached) */
#define PTEDIT_MT_WP 5
/** Write back (read and write accesses are cached) */
#define PTEDIT_MT_WB 6
/** Uncachable (as UC, but can be changed to WC through MTRRs) */
#define PTEDIT_MT_UCMINUS 7
#elif defined(__aarch64__)
/** Strong uncachable (nothing is cached) */
#define PTEDIT_MT_UC 0x44
/** Write through (read accesses are cached, write access are written to cache and memory) */
#define PTEDIT_MT_WT 0xbb
/** Write back (read and write accesses are cached) */
#define PTEDIT_MT_WB 0xff
#endif
/** @} */
/**
* Basic functionality required in every program
*
* @defgroup BASIC Basic Functionality
*
* @{
*/
/**
* Initializes (and acquires) PTEditor kernel module
*
* @return 0 Initialization was successful
* @return -1 Initialization failed
*/
int ptedit_init();
/**
* Releases PTEditor kernel module
*
*/
void ptedit_cleanup();
/**
* Switch between kernel and user-space implementation
*
* @param[in] implementation The implementation to use, either PTEDIT_IMPL_KERNEL, PTEDIT_IMPL_USER, or PTEDIT_IMPL_USER_PREAD
*
*/
void ptedit_use_implementation(int implementation);
/** @} */
/**
* Functions to read and write page tables
*
* @defgroup PAGETABLE Page tables
*
* @{
*/
typedef ptedit_entry_t(*ptedit_resolve_t)(void*, pid_t);
typedef void (*ptedit_update_t)(void*, pid_t, ptedit_entry_t*);
/**
* Resolves the page-table entries of all levels for a virtual address of a given process.
*
* @param[in] address The virtual address to resolve
* @param[in] pid The pid of the process (0 for own process)
*
* @return A structure containing the page-table entries of all levels.
*/
ptedit_resolve_t ptedit_resolve;
/**
* Updates one or more page-table entries for a virtual address of a given process.
* The TLB for the given address is flushed after updating the entries.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
* @param[in] vm A structure containing the values for the page-table entries and a bitmask indicating which entries to update
*
*/
ptedit_update_t ptedit_update;
/**
* Sets a bit directly in the PTE of an address.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
* @param[in] bit The bit to set (one of PTEDIT_PAGE_BIT_*)
*
*/
void ptedit_pte_set_bit(void* address, pid_t pid, int bit);
/**
* Clears a bit directly in the PTE of an address.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
* @param[in] bit The bit to clear (one of PTEDIT_PAGE_BIT_*)
*
*/
void ptedit_pte_clear_bit(void* address, pid_t pid, int bit);
/**
* Returns the value of a bit directly from the PTE of an address.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
* @param[in] bit The bit to get (one of PTEDIT_PAGE_BIT_*)
*
* @return The value of the bit (0 or 1)
*
*/
unsigned char ptedit_pte_get_bit(void* address, pid_t pid, int bit);
/**
* Reads the PFN directly from the PTE of an address.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
*
* @return The page-frame number (PFN)
*
*/
size_t ptedit_pte_get_pfn(void* address, pid_t pid);
/**
* Sets the PFN directly in the PTE of an address.
*
* @param[in] address The virtual address
* @param[in] pid The pid of the process (0 for own process)
* @param[in] pfn The new page-frame number (PFN)
*
*/
void ptedit_pte_set_pfn(void* address, pid_t pid, size_t pfn);
#if defined(__i386__) || defined(__x86_64__) || defined(_WIN64)
#define PTEDIT_PAGE_PRESENT 1
/**
* Struct to access the fields of the PGD
*/
#pragma pack(push,1)
typedef struct {
size_t present : 1;
size_t writeable : 1;
size_t user_access : 1;
size_t write_through : 1;
size_t cache_disabled : 1;
size_t accessed : 1;
size_t ignored_3 : 1;
size_t size : 1;
size_t ignored_2 : 4;
size_t pfn : 28;
size_t reserved_1 : 12;
size_t ignored_1 : 11;
size_t execution_disabled : 1;
} ptedit_pgd_t;
#pragma pack(pop)
/**
* Struct to access the fields of the P4D
*/
typedef ptedit_pgd_t ptedit_p4d_t;
/**
* Struct to access the fields of the PUD
*/
typedef ptedit_pgd_t ptedit_pud_t;
/**
* Struct to access the fields of the PMD
*/
typedef ptedit_pgd_t ptedit_pmd_t;
/**
* Struct to access the fields of the PMD when mapping a large page (2MB)
*/
#pragma pack(push,1)
typedef struct {
size_t present : 1;
size_t writeable : 1;
size_t user_access : 1;
size_t write_through : 1;
size_t cache_disabled : 1;
size_t accessed : 1;
size_t dirty : 1;
size_t size : 1;
size_t global : 1;
size_t ignored_2 : 3;
size_t pat : 1;
size_t reserved_2 : 8;
size_t pfn : 19;
size_t reserved_1 : 12;
size_t ignored_1 : 11;
size_t execution_disabled : 1;
} ptedit_pmd_large_t;
#pragma pack(pop)
/**
* Struct to access the fields of the PTE
*/
#pragma pack(push,1)
typedef struct {
size_t present : 1;
size_t writeable : 1;
size_t user_access : 1;
size_t write_through : 1;
size_t cache_disabled : 1;
size_t accessed : 1;
size_t dirty : 1;
size_t size : 1;
size_t global : 1;
size_t ignored_2 : 3;
size_t pfn : 28;
size_t reserved_1 : 12;
size_t ignored_1 : 11;
size_t execution_disabled : 1;
} ptedit_pte_t;
#pragma pack(pop)
#elif defined(__aarch64__)
#define PTEDIT_PAGE_PRESENT 3
/**
* Struct to access the fields of the PGD
*/
typedef struct {
size_t present : 2;
size_t ignored_1 : 10;
size_t pfn : 36;
size_t reserved : 4;
size_t ignored_2 : 7;
size_t pxn_table : 1;
size_t xn_table : 1;
size_t ap_table : 2;
size_t ns_table : 1;
}__attribute__((__packed__)) ptedit_pgd_t;
/**
* Struct to access the fields of the P4D
*/
typedef ptedit_pgd_t ptedit_p4d_t;
/**
* Struct to access the fields of the PUD
*/
typedef ptedit_pgd_t ptedit_pud_t;
/**
* Struct to access the fields of the PMD
*/
typedef ptedit_pgd_t ptedit_pmd_t;
/**
* Struct to access the fields of the PGD when mapping a large page
*/
typedef struct {
size_t present : 2;
size_t memory_attributes_index : 3;
size_t non_secure : 1;
size_t access_permissions : 2;
size_t shareability_field : 2;
size_t access_flag : 1;
size_t not_global : 1;
size_t reserved_1 : 18;
size_t pfn : 18;
size_t reserved_2 : 4;
size_t contiguous : 1;
size_t privileged_execute_never : 1;
size_t execute_never : 1;
size_t ingored_1 : 4;
size_t ignored_2 : 5;
}__attribute__((__packed__)) ptedit_pgd_large_t;
/**
* Struct to access the fields of the PMD when mapping a large page
*/
typedef struct {
size_t present : 2;
size_t memory_attributes_index : 3;
size_t non_secure : 1;
size_t access_permissions : 2;
size_t shareability_field : 2;
size_t access_flag : 1;
size_t not_global : 1;
size_t reserved_1 : 9;
size_t pfn : 27;
size_t reserved_2 : 4;
size_t contiguous : 1;
size_t privileged_execute_never : 1;
size_t execute_never : 1;
size_t ingored_1 : 4;
size_t ignored_2 : 5;
}__attribute__((__packed__)) ptedit_pmd_large_t;
/**
* Struct to access the fields of the PTE
*/
typedef struct {
size_t present : 2;
size_t memory_attributes_index : 3;
size_t non_secure : 1;
size_t access_permissions : 2;
size_t shareability_field : 2;
size_t access_flag : 1;
size_t not_global : 1;
size_t pfn : 36;
size_t reserved_1 : 4;
size_t contiguous : 1;
size_t privileged_execute_never : 1;
size_t execute_never : 1;
size_t ingored_1 : 4;
size_t ignored_2 : 5;
}__attribute__((__packed__)) ptedit_pte_t;
#endif
/**
* Casts a paging structure entry (e.g., page table) to a structure with easy access to its fields
*
* @param[in] v Entry to Cast
* @param[in] type Data type of struct to cast to, e.g., ptedit_pte_t
*
* @return Struct of type "type" with easily accessible fields
*/
#define ptedit_cast(v, type) (*((type*)(&(v))))
/** @} */
/**
* General system info
*
* @defgroup SYSTEMINFO System info
*
* @{
*/
/**
* Returns the default page size of the system
*
* @return Page size of the system in bytes
*/
int ptedit_get_pagesize();
/** @} */
/**
* Get and set page frame numbers
*
* @defgroup PFN Page frame numbers (PFN)
*
* @{
*/
/**
* Returns a new page-table entry where the page-frame number (PFN) is replaced by the specified one.
*
* @param[in] entry The page-table entry to modify
* @param[in] pfn The new page-frame number (PFN)
*
* @return A new page-table entry with the given page-frame number
*/
size_t ptedit_set_pfn(size_t entry, size_t pfn);
/**
* Returns the page-frame number (PFN) of a page-table entry.
*
* @param[in] entry The page-table entry to extract the PFN from
*
* @return The page-frame number
*/
size_t ptedit_get_pfn(size_t entry);
/** @} */
/**
* Reading and writing of physical pages
*
* @defgroup PHYSICALPAGE Physical pages
*
* @{
*/
/**
* Retrieves the content of a physical page.
*
* @param[in] pfn The page-frame number (PFN) of the page to read
* @param[out] buffer A buffer which is large enough to hold the content of the page
*
*/
void ptedit_read_physical_page(size_t pfn, char* buffer);
/**
* Replaces the content of a physical page.
*
* @param[in] pfn The page-frame number (PFN) of the page to update
* @param[in] content A buffer containing the new content of the page (must be the size of a physical page)
*
*/
void ptedit_write_physical_page(size_t pfn, char* content);
/**
* Map a physical address range.
*
* @param[in] physical The physical address to map
* @param[in] length The length of the physical memory range to map
*
* @return A virtual address that can be used to access the physical range
*/
void* ptedit_pmap(size_t physical, size_t length);
/** @} */
/**
* Read and modify the root of paging structure
*
* @defgroup PAGING Paging
*
* @{
*/
/**
* Returns the root of the paging structure (i.e., CR3 on x86 and TTBR0 on ARM).
*
* @param[in] pid The proccess id (0 for own process)
*
* @return The phyiscal address (not PFN!) of the first page table (i.e., the PGD)
*
*/
size_t ptedit_get_paging_root(pid_t pid);
/**
* Sets the root of the paging structure (i.e., CR3 on x86 and TTBR0 on ARM).
*
* @param[in] pid The proccess id (0 for own process)
* @param[in] root The physical address (not PFN!) of the first page table (i.e., the PGD)
*
*/
void ptedit_set_paging_root(pid_t pid, size_t root);
/** @} */
/**
* Invalidations and barriers
*
* @defgroup BARRIERS TLB/Barriers
*
* @{
*/
/**
* Invalidates the TLB for a given address on all CPUs.
*
* @param[in] address The address to invalidate
*
*/
void ptedit_invalidate_tlb(void* address);
/**
* A full serializing barrier which stops everything.
*
*/
void ptedit_full_serializing_barrier();
/** @} */
/**
* Memory types (x86 PATs / ARM MAIR)
*
* @defgroup MTS Memory types (PATs / MAIR)
*
* @{
*/
/**
* Reads the value of all memory types (x86 PATs / ARM MAIRs). This is equivalent to reading the MSR 0x277 (x86) / MAIR_EL1 (ARM).
*
* @return The memory types in the same format as in the IA32_PAT MSR / MAIR_EL1
*
*/
size_t ptedit_get_mts();
/**
* Programs the value of all memory types (x86 PATs / ARM MAIRs). This is equivalent to writing to the MSR 0x277 (x86) / MAIR_EL1 (ARM) on all CPUs.
*
* @param[in] mts The memory types in the same format as in the IA32_PAT MSR / MAIR_EL1
*
*/
void ptedit_set_mts(size_t mts);
/**
* Reads the value of a specific memory type attribute (PAT/MAIR).
*
* @param[in] mt The PAT/MAIR ID (from 0 to 7)
*
* @return The PAT/MAIR value (can be one of PTEDIT_MT_*)
*
*/
char ptedit_get_mt(unsigned char mt);
/**
* Programs the value of a specific memory type attribute (PAT/MAIR).
*
* @param[in] mt The PAT/MAIR ID (from 0 to 7)
* @param[in] value The PAT/MAIR value (can be one of PTEDIT_MT_*)
*
*/
void ptedit_set_mt(unsigned char mt, unsigned char value);
/**
* Generates a bitmask of all memory type attributes (PAT/MAIR) which are programmed to the given value.
*
* @param[in] type A memory type, i.e., PAT/MAIR value (one of PTEDIT_MT_*)
*
* @return A bitmask where a set bit indicates that the corresponding PAT/MAIR has the given type
*
*/
unsigned char ptedit_find_mt(unsigned char type);
/**
* Returns the first memory type attribute (PAT/MAIR) which is programmed to the given memory type.
*
* @param[in] type A memory type, i.e., PAT/MAIR value (one of PTEDIT_MT_*)
*
* @return A PAT/MAIR ID, or -1 if no PAT/MAIR of this type was found
*
*/
int ptedit_find_first_mt(unsigned char type);
/**
* Returns a new page-table entry which uses the given memory type (PAT/MAIR).
*
* @param[in] entry A page-table entry
* @param[in] mt A PAT/MAIR ID (between 0 and 7)
*
* @return A new page-table entry with the given memory type (PAT/MAIR)
*
*/
size_t ptedit_apply_mt(size_t entry, unsigned char mt);
/**
* Returns the memory type (i.e., PAT/MAIR ID) which is used by a page-table entry.
*
* @param[in] entry A page-table entry
*
* @return A PAT/MAIR ID (between 0 and 7)
*
*/
unsigned char ptedit_extract_mt(size_t entry);
/**
* Returns a human-readable representation of a memory type (PAT/MAIR value).
*
* @param[in] mt A memory type (PAT/MAIR value, e.g., one of PTEDIT_MT_*)
*
* @return A human-readable representation of the memory type
*
*/
const char* ptedit_mt_to_string(unsigned char mt);
/** @} */
/**
* Pretty print
*
* @defgroup PRETTYPRINT Pretty print
*
* @{
*/
/**
* Pretty prints a ptedit_entry_t struct.
*
* @param[in] entry A ptedit_entry_t struct
*
*/
void ptedit_print_entry_t(ptedit_entry_t entry);
/**
* Pretty prints a page-table entry.
*
* @param[in] entry A page-table entry
*
*/
void ptedit_print_entry(size_t entry);
/**
* Prints a single line of the pretty-print representation of a page-table entry.
*
* @param[in] entry A page-table entry
* @param[in] line The line to print (0 to 3)
*
*/
void ptedit_print_entry_line(size_t entry, int line);
/** @} */
#endif
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
#if defined(LINUX)
#include <sys/ioctl.h>
#include <unistd.h>
#include <sys/mman.h>
#else
#include <Windows.h>
#endif
#if defined(LINUX)
#define PTEDIT_COLOR_RED "\x1b[31m"
#define PTEDIT_COLOR_GREEN "\x1b[32m"
#define PTEDIT_COLOR_RESET "\x1b[0m"
#else
#define PTEDIT_COLOR_RED ""
#define PTEDIT_COLOR_GREEN ""
#define PTEDIT_COLOR_RESET ""
#endif
#if defined(WINDOWS)
#define NO_WINDOWS_SUPPORT fprintf(stderr, PTEDIT_COLOR_RED "[-]" PTEDIT_COLOR_RESET "Error: %s not supported on Windows", __func__);
#endif
#if defined(WINDOWS)
static HANDLE ptedit_fd;
#else
static int ptedit_fd;
#endif
static int ptedit_umem;
static int ptedit_pagesize;
static size_t ptedit_paging_root;
static unsigned char* ptedit_vmem;
typedef struct {
int has_pgd, has_p4d, has_pud, has_pmd, has_pt;
int pgd_entries, p4d_entries, pud_entries, pmd_entries, pt_entries;
int page_offset;
} ptedit_paging_definition_t;
ptedit_paging_definition_t ptedit_paging_definition;
// ---------------------------------------------------------------------------
ptedit_entry_t ptedit_resolve_kernel(void* address, pid_t pid) {
ptedit_entry_t vm;
memset(&vm, 0, sizeof(vm));
vm.vaddr = (size_t)address;
vm.pid = (size_t)pid;
#if defined(LINUX)
ioctl(ptedit_fd, PTEDITOR_IOCTL_CMD_VM_RESOLVE, (size_t)&vm);
#else
NO_WINDOWS_SUPPORT;
#endif
return vm;
}
// ---------------------------------------------------------------------------
typedef size_t(*ptedit_phys_read_t)(size_t);
typedef void(*ptedit_phys_write_t)(size_t, size_t);
// ---------------------------------------------------------------------------
static inline size_t ptedit_phys_read_map(size_t address) {
return *(size_t*)(ptedit_vmem + address);
}