View Single Post
Old 03-02-04, 02:06 PM   #27
GeForce FX5600
Join Date: Dec 2003
Location: Arizona
Posts: 35
Send a message via AIM to J.F.

Originally posted by SnapIT
Actually, no, it does not work like that as the software can only control its own instructions if NX is only in software, malicious code can be run at any overload, your program will crash and the code can run, i can see some heavy problems coming with that...

There is no bit to set NX if it is not implemented so...

Now, for the ia32 implementation this is no biggie as you can easily simulate NX, but that will not work on AM-64, so there IS a very real problem with this...
I think you missed the point. The simulation is in the page fault handler of the kernel. It can be applied to any code anywhere. When any page anywhere faults, the kernel checks if a virtual NX bit is set. If not, it handles the page fault as usual. If the virtual NX bit is set for the page, it loads the data TLB, but not the code TLB. If a buffer overflow occurs and it tries to execute code, a page fault occurs because the code TLB isn't loaded. The page fault handler sees that code was attempted to be executed in a page with the virtual NX bit set and simulates an NX generated fault. Except for needing some extra code in the page fault handler and the ability to access the TLBs, it is EXACTLY the same as a real NX bit in hardware, just not as fast.

This works on any Intel chip from the Pentium on up. It might work with Athlons as they have separate data and code TLBs, but I couldn't find any info on how to access them like Intel does through the test registers.
J.F. is offline   Reply With Quote