接上文Linux下的中断门测试:(x64)Linux下的中断门测试
在Cr4.SMAP/SMEP开启的情况下,以内核态执行用户程序代码或访问数据,将引发错误。
测试代码如下:
#include <stdio.h>
__attribute__((naked)) void int3_handler()
{
//printf("___ kernel mode ___\n");
//printf("return to UserMode!\n");
asm volatile ("movq %cr4, %rax; \
orq $0x100000, %rax; \
movq %rax, %cr4; \
movq $0xffffffff12345678, %rax; \
popq %rbp; \
iretq");
} // orq $0x100000, %rax; 执行写cr4寄存器,开启SMEP
int main()
{
long res = 0x1234567812345678;
char buff[] = "haha,walker!";
long rsp, rbp;
asm volatile ("movq %%rsp, %%rax; movq %%rbp, %%rbx" : "=a"(rsp), "=b"(rbp));
printf("buff:%s addr: %p\n", buff, buff);
printf("int3_handler addr: %p\n", int3_handler);
printf("stack rsp: %p; rbp: %p; res addr: %p\n", rsp, rbp, &res);
getchar();
asm volatile ("int $0x3;");
asm volatile ("leaq %0, %%rdx; movq %%rax, (%%rdx);" : "=m"(res));
printf("___ user mode ___\n");
printf("Good Done! res: %p\n", res);
return 0;
}
处理函数的汇编指令如下:
当程序执行 movabs $0xffffffff12345678,%rax
指令时将引发错误!