-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinf.c
39 lines (31 loc) · 960 Bytes
/
inf.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
/* Trigger an infinite loop by writing machine code directly into
* executable pages.
*/
#define _GNU_SOURCE /* MAP_ANONYMOUS */
#include <string.h> /* memcpy */
#include <stdint.h> /* uint8_t */
#include <assert.h>
#include <sys/mman.h> /* mmap */
/* CALL to an arbitrary address */
typedef void(*void_fn)(void);
#define CALL(adr) (*(void_fn)(adr))()
/* If executed on an x86 processor, this will trigger an infinite loop */
/* Note: a real-world spin loop should include a PAUSE instruction */
uint8_t jmp_code[] = {
[0] = 0xEB, /* JMP rel8 */
[1] = 0xFE /* -2 (bytes) == put us back on this instruction */
};
int main(int argc, char *argv[])
{
void *page = mmap(
NULL, 4096,
PROT_EXEC|PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0 /* ignored with MAP_ANONYMOUS */
);
/* move in the code */
memcpy(page, jmp_code, sizeof(jmp_code));
/* descend into the infinite loop */
CALL(page);
assert(0 && "Should not be reached");
}