proc-maps 0.1.8

Helper crate for getting virtual memory maps from processes
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

mod ptrace;
mod protection;

use libc::{pid_t, c_int, c_char};
use std::iter::Iterator;
use std::ffi::CStr;
use std::convert::From;

pub type Pid = pid_t;

const FILE_NAME_BUFFER_LENGTH: usize = 4096;

#[derive(Debug, Clone)]
pub struct MapRange {
    range_start: usize,
    range_end: usize,
    protection: c_int,
    offset: usize,
    vnode: usize,
    pathname: Option<String>,
}

impl MapRange {
    pub fn size(&self) -> usize { self.range_end - self.range_start }
    pub fn start(&self) -> usize { self.range_start }
    pub fn filename(&self) -> &Option<String> { &self.pathname }

    pub fn is_read(&self) -> bool {
        self.protection & protection::VM_PROT_READ != 0
    }
    pub fn is_write(&self) -> bool {
        self.protection & protection::VM_PROT_WRITE != 0
    }
    pub fn is_exec(&self) -> bool {
        self.protection & protection::VM_PROT_EXECUTE != 0
    }
}

impl From<ptrace::vm_entry> for MapRange {
    fn from(vm_entry: ptrace::vm_entry) -> Self {
        let pathname = string_from_cstr_ptr(vm_entry.pve_path);

        Self {
            range_start: vm_entry.pve_start as usize,
            range_end: vm_entry.pve_end as usize,
            protection: vm_entry.pve_prot,
            offset: vm_entry.pve_offset as usize,
            vnode: vm_entry.pve_fileid as usize,
            pathname: pathname,
        }
    }
}

#[derive(Default)]
struct VmEntryIterator {
    current: c_int,
    pid: Pid,
}

impl VmEntryIterator {
    fn new(pid: Pid) -> std::io::Result<Self> {
        ptrace::attach(pid)?;

        Ok(Self { current: 0, pid })
    }
}

impl Drop for VmEntryIterator {
    fn drop(&mut self) {
        ptrace::detach(self.pid);
    }
}

impl Iterator for VmEntryIterator {
    type Item = ptrace::vm_entry;

    fn next(&mut self) -> Option<Self::Item> {
        let Self { current, pid } = *self;
        // If the region was mapped from a file, `pve_path` contains filename.
        let pve_pathlen = 4096;
        let pve_path: [c_char; FILE_NAME_BUFFER_LENGTH] =
            [0; FILE_NAME_BUFFER_LENGTH];

        let entry = Self::Item {
            pve_entry: current,
            pve_path: &pve_path as *const _,
            pve_pathlen: pve_pathlen,
            ..Default::default()
        };

        let result = ptrace::read_vm_entry(pid, entry);

        match result {
            Ok(entry) => {
                self.current = entry.pve_entry;
                Some(entry)
            }
            _ => None
        }
    }
}

fn string_from_cstr_ptr(pointer: *const c_char) -> Option<String> {
    if pointer.is_null() {
        None
    } else {
        unsafe {
            let result = CStr::from_ptr(pointer)
                .to_string_lossy()
                .into_owned();

            if result.len() > 0 {
                Some(result)
            } else {
                None
            }
        }
    }
}

pub fn get_process_maps(pid: Pid) -> std::io::Result<Vec<MapRange>> {
    let iter = VmEntryIterator::new(pid)?;

    Ok(iter.map(MapRange::from).collect())
}

#[test]
fn test_map_from_invoked_binary_present() -> () {
    use std::process::Command;
    let mut child = Command::new("/bin/cat")
        .spawn()
        .expect("failed to execute /bin/cat");


    let maps = get_process_maps(child.id() as Pid).unwrap();

    child.kill();

    let maybe_cat_region = maps
        .iter()
        .find(|x| x.filename() == &Some(String::from("/bin/cat")));

    assert!(
        maybe_cat_region.is_some(),
        "We should have a map from the binary we invoked!"
    );
}

#[test]
fn test_write_xor_execute_policy() -> () {
    use std::process::Command;
    let mut child = Command::new("/bin/cat")
        .spawn()
        .expect("failed to execute /bin/cat");

    let maps = get_process_maps(child.id() as Pid).unwrap();

    child.kill();

    let write_and_exec_regions = maps
        .iter()
        .any(|x| x.is_write() && x.is_exec());

    assert!(!write_and_exec_regions, "W^X violation!");
}