While experimenting with editing opcodes of running process on Linux with C language, I found out that I can't to edit program opcodes by PID with process_vm_writev, but using ptrace and pwrite I can do it. process_vm_writev returns -1 and errno says "Bad address". But when I use ptrace with same address it successes. I run program as root. Is it an issue of GNU/Linux and should I open an issue on GitHub? Code for process_vm_writev (without includes to be short):
ssize_t write_pmem(pid_t pid, off_t addr, void* value, size_t size) {
struct iovec local[1];
local[0].iov_base = value;
local[0].iov_len = size;
struct iovec remote[1];
remote[0].iov_base = (void*)addr;
remote[0].iov_len = size;
return process_vm_writev(pid, local, 1, remote, 1, 0);
}
int main() {
pid_t pid;
off_t opcode_ptr = 0x45B5A7;
printf("PID: ");
scanf("%d", &pid);
char nops[5] = {0x90, 0x90, 0x90, 0x90, 0x90};
ssize_t res = write_pmem(pid, opcode_ptr, &nops, sizeof(nops));
printf("%ld\n%s", res, strerror(errno));
/* and it prints:
-1
Bad address */
return 0;
}
/proc/PID/maps says that 0x45B5A7 is 00406000-004f0000 r-xp 00006000 for that process (no write rights) but I think it's still writable for the root.
I want to use new process_vm Linux API, so I want to fix that code. Any ideas?
The reason it works with ptrace but not with process_vm_writev is that ptrace writes to memory in the kernel and the kernel uses a different page table with different access permissions than the usermode process. Whereas process_vm_writev copies bytes from one userspace address space to another using the usermode page tables.