The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Vm map enter Patch"
(another page for category Patches - also from Stefan Esser's BlackHat presentation) |
(No difference)
|
Revision as of 21:12, 25 September 2011
- vm_map_enter disallows pages with both VM_PROT_WRITE and VM_PROT_EXECUTE
- when found VM_PROT_EXECUTE is cleared
- patch just NOPs out the check
__text:8004193E LDR R6, [SP,#0xCC+arg_14] __text:80041940 STR R3, [SP,#0xCC+arg_54] __text:80041942 BNE loc_8004199E __text:80041944 TST.W R6, #2 __text:80041948 BNE loc_800419AC <== replaced with NOP __text:8004194A __text:8004194A loc_8004194A ; CODE XREF: _vm_map_enter+90↓j __text:8004194A ; _vm_map_enter+96↓j ... __text:8004194A LSRS R3, R4, #1 __text:8004194C AND.W R5, R3, #1
__text:800419AC ; --------------------------------------------------------------------------- __text:800419AC __text:800419AC loc_800419AC ; CODE XREF: _vm_map_enter+28↑j __text:800419AC TST.W R6, #4 __text:800419B0 BEQ loc_8004194A __text:800419B2 ANDS.W R0, R4, #0x80000 __text:800419B6 BNE loc_8004194A __text:800419B8 LDR.W R1, =aVm_map_enter ; "vm_map_enter" __text:800419BC BL sub_8001A9E0 __text:800419C0 BIC.W R6, R6, #4 __text:800419C4 B loc_8004194A __text:800419C6 ; ---------------------------------------------------------------------------