what if a page code read itself in memory hack?

asamy / ksm

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.

https://asamy.github.io/ksm/

GNU General Public License v2.0

826 stars 181 forks source link

what if a page code read itself in memory hack? #15

Closed coolboy4me closed 6 years ago

coolboy4me commented 7 years ago

in memory hack module, when a page code read itself , ept voilation will happen again and agian... when set a page read/write only, the code reading the page that the code is in will cause voilation (because of executing) when set a page execute only, the code reading the page that the code is in will cause voilation (because of reading)

asamy commented 7 years ago

You're right, but eventually it will get to read it and it'll be ok, but if you want to avoid that, then probably checking RIP in the EPT violation against the page hook CPA (after translation) will do.