{"id":3695,"date":"2011-11-17T02:42:21","date_gmt":"2011-11-16T17:42:21","guid":{"rendered":"http:\/\/mimumimu.net\/blog\/2011\/11\/17\/c%e3%82%b3%e3%83%bc%e3%83%89%e4%b8%ad%e3%81%ab%e3%83%9e%e3%82%b7%e3%83%b3%e8%aa%9e%e3%82%92%e5%9f%8b%e3%82%81%e8%be%bc%e3%82%93%e3%81%a7%e5%ae%9f%e8%a1%8c%e3%81%99%e3%82%8b%e3%80%82\/"},"modified":"2012-04-21T18:23:15","modified_gmt":"2012-04-21T09:23:15","slug":"c%e3%82%b3%e3%83%bc%e3%83%89%e4%b8%ad%e3%81%ab%e3%83%9e%e3%82%b7%e3%83%b3%e8%aa%9e%e3%82%92%e5%9f%8b%e3%82%81%e8%be%bc%e3%82%93%e3%81%a7%e5%ae%9f%e8%a1%8c%e3%81%99%e3%82%8b%e3%80%82","status":"publish","type":"post","link":"https:\/\/mimumimu.net\/blog\/2011\/11\/17\/c%e3%82%b3%e3%83%bc%e3%83%89%e4%b8%ad%e3%81%ab%e3%83%9e%e3%82%b7%e3%83%b3%e8%aa%9e%e3%82%92%e5%9f%8b%e3%82%81%e8%be%bc%e3%82%93%e3%81%a7%e5%ae%9f%e8%a1%8c%e3%81%99%e3%82%8b%e3%80%82\/","title":{"rendered":"C\u30b3\u30fc\u30c9\u4e2d\u306b\u30de\u30b7\u30f3\u8a9e\u3092\u57cb\u3081\u8fbc\u3093\u3067\u5b9f\u884c\u3059\u308b\u3002"},"content":{"rendered":"

\u306a\u3093\u3060\u308d\u3046\u3001\u4f55\u767e\u756a\u714e\u3058\u306a\u6c17\u304c\u3059\u308b\u3002\u3082\u3046\u304a\u8336\u3082\u51fa\u306a\u304f\u306a\u3063\u3066\u304a\u6e6f\u3067\u3059\u3088\u3001\u304a\u6e6f\u3002<\/p>\n

\u30d5\u30a9\u30ed\u30ef\u30fc\u306e @pasberth \u3055\u3093\u304c\u3001\u300cJIT \u3063\u3066\u3069\u3046\u3044\u3046\u4ed5\u639b\u3051\u306b\u306a\u3063\u3066\u308b\u306e\uff01\u300d\u3068\u3044\u3063\u3066\u3044\u305f\u306e\u3067\u3001
\u30e1\u30e2\u30ea\u4e0a\u306b\u30d0\u30a4\u30c8\u30b3\u30fc\u30c9\u3092\u7f6e\u3044\u3066\u5b9f\u884c\u3059\u308b\u65b9\u6cd5\u3068\u3044\u3046\u3053\u3068\u3067\u3061\u3087\u308d\u3063\u3068\u66f8\u3044\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n

\u3068\u308a\u3042\u3048\u305a\u3001\u30d4\u30bf\u30b4\u30e9\u30b9\u306e\u5b9a\u7406\u3092\u30a2\u30bb\u30f3\u30d6\u30e9\u3067\u66f8\u3044\u3066\u3001
C \u3067\u307a\u3051\u307a\u3051\u3002<\/p>\n

\u3072\u3068\u307e\u305a\u3001\u79c1\u306e\u4f5c\u696d\u74b0\u5883\u3067\u3042\u308b Windows \u3067\u306e\u52d5\u4f5c\u78ba\u8a8d\u3002<\/p>\n

\"440411299\"<\/a><\/p>\n

\u305d\u3044\u3067\u3082\u3063\u3066\u3001x86 \u306a\u3089\u3001\u3069\u306e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3082\u30d0\u30a4\u30ca\u30ea\u90e8\u5206\u306f\u5909\u3048\u306a\u304f\u3066\u3082\u8d70\u308b\u3088\uff01 \u3063\u3066\u306e\u3092\u793a\u3059\u305f\u3081\u306b\u3001
Mac \u3092\u7acb\u3061\u4e0a\u3052\u3066\u5b9f\u884c\u3002<\/p>\n

\"440460787\"<\/a><\/p>\n

 <\/p>\n

\n

\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u611f\u3058\u3067\u3059\u3002@pasberth \u3055\u3093\u7528\u306b\u66f8\u3044\u305f\u306e\u3067\u3001Mac \u5411\u3051\u30bd\u30fc\u30b9\u306b\u306a\u3063\u3066\u307e\u3059
Windows \u3067\u52d5\u304b\u3059\u306b\u306f\u3001\u5148\u982d\u306e vm_protect \u3092 VirtualProtect \u306e\u5f62\u5f0f\u306b\u66f8\u304d\u63db\u3048\u308c\u3070\u52d5\u304d\u307e\u3059\u3002 <\/p>\n

 <\/p>\n

\n
#include <mach\/mach.h>\n#include <stdio.h>\n\n\/************************************************\n \u3068\u308a\u3042\u3048\u305a\u3001\u4e2d\u306e\u30c7\u30fc\u30bf\u306f\uff11\uff16\u9032\u3067\u8a18\u9332\u3057\u3066\u3042\u3063\u3066\u3001\n\n\u30ea\u30c8\u30eb\u30a8\u30f3\u30c7\u30a3\u30a2\u30f3\u3067\u3059\u304b\u3089\u3001\n 0x01020304 \u306f\u3001\u30e1\u30e2\u30ea\u4e0a\u306b 0x04,0x03,0x02,0x01 \u306e\u9806\u3067\u683c\u7d0d\u3055\u308c\u307e\u3059\u3002\n\u8981\u306f\u9006\u9806\u3067\u3059\u3002\n\n\u307e\u305f\u3001\u547d\u4ee4\u306e\u30aa\u30fc\u30c0\u30fc\u306b\u3064\u3044\u3066\u306f\u3001\u5fc5\u305a\u3057\u3082\u4f55\u30d0\u30a4\u30c8\u3068\u3044\u3046\u3053\u3068\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\n\u6700\u9577\u547d\u4ee4\u306f 32bit \u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u3067\u3059\u3093\u3067 4 \u30d0\u30a4\u30c8 ( 32 bit \/ 8 = 4 byte. )\n\n\u898b\u3084\u3059\u304f\u3059\u308b\u305f\u3081\u306b\u3001\uff12\u30d0\u30a4\u30c8\u3084\uff11\u30d0\u30a4\u30c8\u547d\u4ee4\u306b\u95a2\u3057\u3066\u306f\u3001\n0x90 (NOP) [NOP = \u306a\u306b\u3082\u3057\u306a\u3044] \u3092\u633f\u5165\u3057\u3066\u3001\u30a2\u30e9\u30a4\u30e1\u30f3\u30c8\uff08\u533a\u5207\u308a\uff09\u3092\u5408\u308f\u305b\u3066\u3042\u308a\u307e\u3059\u3002\n\n\u307e\u30fc\u3001\u9069\u5f53\u306b\u898b\u3066\u3082\u3089\u3048\u308c\u3070\u3002\n\n************************************************\/\n\nint main(){\n\tunsigned long d;\n\tint a = 0,b = 0,c = 0;\n\tunsigned long code[32] = {0};\n\t\n\tprintf(\"vm_protect : %s\\n\\n\",vm_protect(\n\t\tmach_task_self(),\n\t\t(vm_address_t)code,32 * sizeof(long),\n\t\tFALSE,\n\t\t\tVM_PROT_READ | \n\t\t\tVM_PROT_WRITE | \n\t\t\tVM_PROT_EXECUTE\n\t\t) == KERN_SUCCESS ? \"[OK]\" : \"[FALSE]\");\n\n\tprintf(\"INPUT [a,b,c] : \");\n\tscanf(\"%d,%d,%d\",&a,&b,&c);\n\n\tcode[0]  = 0x0424448B;\t\/\/ MOV EAX,DWORD PTR SS:[ESP+4]\n\tcode[1]  = 0x08244C8B;\t\/\/ MOV ECX,DWORD PTR SS:[ESP+8]\n\tcode[2]  = 0x9090C13B;\t\/\/ CMP EAX,ECX\n\tcode[3]  = 0x9090047E;\t\/\/ JLE SHORT ; EIP+4\n\tcode[4]  = 0x9090C88B;\t\/\/ MOV ECX,EAX\n\tcode[5]  = 0x0C24548B;\t\/\/ MOV EDX,DWORD PTR SS:[ESP+C]\n\tcode[6]  = 0x9090CA3B;\t\/\/ CMP ECX,EDX\n\tcode[7]  = 0x9090147E;\t\/\/ JLE SHORT ; EIP+C\n\tcode[8]  = 0x90909056;\t\/\/ PUSH ESI\n\tcode[9]  = 0x9090F28B;\t\/\/ MOV ESI,EDX\n\tcode[10] = 0x9090D18B;\t\/\/ MOV EDX,ECX\n\tcode[11] = 0x9090CE8B;\t\/\/ MOV ECX,ESI\n\tcode[12] = 0x9090905E;\t\/\/ POP ESI\n\tcode[13] = 0x90C0AF0F;\t\/\/ IMUL EAX,EAX\n\tcode[14] = 0x90C9AF0F;\t\/\/ IMUL ECX,ECX\n\tcode[15] = 0x90D2AF0F;\t\/\/ IMUL EDX,EDX\n\tcode[16] = 0x9090C103;\t\/\/ ADD EAX,ECX\n\tcode[17] = 0x9090C22B;\t\/\/ SUB EAX,EDX\n\tcode[18] = 0x9090D8F7;\t\/\/ NEG EAX\n\tcode[19] = 0x9090C01B;\t\/\/ SBB EAX,EAX\n\tcode[20] = 0x90909040;\t\/\/ INC EAX\n\tcode[21] = 0x909090C3;\t\/\/ RETN\n\t\n\tprintf(\"\\nRETURN : %s\\n\",\n\t\t((int(*)(int,int,int))code)(a,b,c) == 0 ? \"[FALSE]\" : \"[OK]\");\n\t\n\treturn 0;\n}<\/pre>\n<\/div>\n
\n
 <\/p>\n
\u4e2d\u306e\u30d0\u30a4\u30c8\u30b3\u30fc\u30c9\u90e8\u5206\u306f\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u4e2d\u306e\u30b3\u30e1\u30f3\u30c8\u3092\u898b\u3066\u3082\u3089\u3048\u308c\u3070\u3002<\/p>\n
\u672c\u6765\u3001\u3053\u3046\u3044\u3046\u30da\u30fc\u30b8\u9818\u57df\u4e0a\u306b\u30d0\u30a4\u30c8\u30b3\u30fc\u30c9\u3092\u7f6e\u3044\u3066\u3001\u305d\u308c\u3092\u547c\u3073\u51fa\u305d\u3046\u3068\u3057\u3066\u3082\u3001 
\u5b9f\u884c\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\uff08\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u3001\u30d7\u30ed\u30bb\u30b9\u306b\u8106\u5f31\u6027\u304c\u3042\u3063\u305f\u3068\u304d\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u653b\u6483\u8005\u304b\u3089\u9001\u4fe1\u3055\u308c\u3066\u3001\u5b9f\u884c\u3055\u308c\u3066\u3057\u307e\u3046\u5371\u967a\u6027\u304c\u683c\u6bb5\u306b\u4e0a\u304c\u308b\uff09<\/p>\n
\u3067\u3059\u304c\u3001\u3055\u3059\u304c\u306b\u5b8c\u5168\u306b\u5b9f\u884c\u3067\u304d\u306a\u3044\u3068\u3001Java VM \u3092\u306f\u3058\u3081\u3068\u3057\u305f\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u7a3c\u50cd\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3046\u305f\u3081\u3001 
OS\u304b\u3089\u5b9f\u884c\u53ef\u80fd\u306b\u30d5\u30e9\u30b0\u3092\u66f8\u304d\u63db\u3048\u308bAPI\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n
\n
OS<\/p>\n<\/td>\n
\n
\u95a2\u6570<\/p>\n<\/td>\n<\/tr>\n
Windows<\/td>\nVirtualProtect 
MSDN : http:\/\/msdn.microsoft.com\/ja-jp\/library\/cc430214.aspx<\/a><\/td>\n<\/tr>\n
Mac OS X<\/td>\nvm_protect
The GNU Mach Reference Manual : 
http:\/\/www.gnu.org\/software\/hurd\/gnumach-doc\/Memory-Attributes.html<\/a>
Darwin : 
http:\/\/web.mit.edu\/darwin\/src\/modules\/xnu\/osfmk\/man\/vm_protect.html<\/a><\/td>\n<\/tr>\n
Linux<\/td>\nmprotect 
Man page of MPROTECT : 
http:\/\/linuxjm.sourceforge.jp\/html\/LDP_man-pages\/man2\/mprotect.2.html<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u5b9f\u884c\u53ef\u80fd\u306a\u30d0\u30a4\u30c8\u30b3\u30fc\u30c9\u306f\u3001x86 \u30d7\u30ed\u30bb\u30c3\u30b5\u5171\u901a\u306a\u306e\u3067\u3001\u540c\u3058\u30d7\u30ed\u30bb\u30c3\u30b5\u306a\u3089\u3069\u308c\u3067\u3082\u52d5\u304d\u307e\u3059\u304c\u3001 
\u5404\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u306b\u5408\u308f\u305b\u3066\u3001\u4e0a\u8a18\u306b\u6319\u3052\u305f\u95a2\u6570\u3092\u5229\u7528\u3057\u3066\u3001\u5b9f\u884c\u53ef\u80fd\u306b\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
 <\/p>\n
\u5b9f\u969b\u306e JIT \u30b3\u30f3\u30d1\u30a4\u30e9\u306a\u3069\u3067\u306f\u3001\u5404\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3054\u3068\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u3084\u3001 
API\u306e\u5dee\u7570\u306e\u5438\u53ce\u304c\u5fc5\u8981\u306b\u306a\u3063\u3066\u3001\u7d50\u69cb\u9762\u5012\u306a\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u304c\u3001<\/p>\n
\u4eca\u56de\u306e\u4f8b\u306f\u304d\u308f\u3081\u3066\u5358\u7d14\u306a\u4f8b\u3092\u4f7f\u3063\u3066\u3001 x86 \u30d7\u30ed\u30bb\u30c3\u30b5\u4e0a\u306a\u3089\u540c\u3058\u30b3\u30fc\u30c9\u304c\u52d5\u304f\u3068\u3044\u3046\u3053\u3068\u3092\u793a\u3059\u306e\u3068\u540c\u6642\u306b\u3001 
Java \u306a\u3069\u3067\u306f\u3001\u3053\u3046\u3044\u3046\u611f\u3058\u3067\u305f\u3076\u3093\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3002<\/p>\n
\uff08mono \u306f\u3053\u308c\u4f7f\u3063\u3066\u308b\u611f\u6fc3\u539a\u3002 \u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u773a\u3081\u3066\u3044\u305f\u611f\u3058\u3067\u306f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u306a\u3093\u3060\u308d\u3046\u3001\u4f55\u767e\u756a\u714e\u3058\u306a\u6c17\u304c\u3059\u308b\u3002\u3082\u3046\u304a\u8336\u3082\u51fa\u306a\u304f\u306a\u3063\u3066\u304a\u6e6f\u3067\u3059\u3088\u3001\u304a\u6e6f\u3002 \u30d5\u30a9\u30ed\u30ef\u30fc\u306e @pasberth \u3055\u3093\u304c\u3001\u300cJIT \u3063\u3066\u3069\u3046\u3044\u3046\u4ed5\u639b\u3051\u306b\u306a\u3063\u3066\u308b\u306e\uff01\u300d\u3068\u3044\u3063\u3066\u3044\u305f\u306e\u3067\u3001 \u30e1\u30e2\u30ea\u4e0a\u306b\u30d0\u30a4\u30c8\u30b3\u30fc\u30c9\u3092\u7f6e\u3044\u3066\u5b9f\u884c\u3059\u308b […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,13,15,12,7],"tags":[125,124],"class_list":["post-3695","post","type-post","status-publish","format-standard","hentry","category-c_cpp","category-unix-linux","category-windows","category-software","category-dev","tag-c","tag-124"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/posts\/3695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/comments?post=3695"}],"version-history":[{"count":0,"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/posts\/3695\/revisions"}],"wp:attachment":[{"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/media?parent=3695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/categories?post=3695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mimumimu.net\/blog\/wp-json\/wp\/v2\/tags?post=3695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}