KeInitializeApc simply initializes a KAPC structure by storing into it all the necessary information about the APC that is going to be queued for execution, including the KTHREAD to which the APC must be queued to and the addresses of the callbacks to run.S ince they are not declared in the DDK headers it is necessary to assign their addresses to appropriate function pointers via MmGetSystemRoutineAddress in order to use them. The APIs that provide the functionality to manage APCs are KeInitializeApc and KeInsertQueueApc.
#Kideliverapc Patch
In theory, this would work, but in practice it would add a very big overhead on the run time (every memory access would cause an exception!), thus it may not be feasible (the PaX Linux kernel patch uses a similar approach).
If it is execute, then there is something wrong and the process will be terminated. The OS would have to check the kind of fault, and determine if it is a memory read, write or execute. At this point, the code segment can be marked as executable, and the data segment can be marked as read/write only, ensuring that if the execution ends up in the range of addresses reserved for the data, an exception is raised.Īnother potential way to emulate the NX bit would be to modify the page tables for the heap and stack in order to make them invalid: every access to a page would trigger a page fault, that would be trapped by the page fault handler. Then a data segment can be created using this range of memory that is not part of the code segment. To sort out this problem without the NX bit, it is possible to make a code segment smaller, in order to leave out a range of addresses that are not part of it. This leaves the opportunity for an exploit to write shellcodes in data areas and execute them.
Normally, Windows (32bit) creates usermode code and data segments (CS and DS) that are as big as the whole 32bit addressable range: this means that according to the code segment properties, every possible 32bit address is executable (the division between usermode and kernelmode is done via the page tables). The x86 hardware, in fact, provides segmentation in order to define code and data segments, each with its own properties (read, write or execute).
#Kideliverapc software
Prior to the introduction of this bit, there were some software implementations that tried to provide non-executable data by using hardware segmentation (e.g.
0 kommentar(er)
