Could someone explain to me how the NX bit can be emulated on pla开发者_运维百科tforms such as 32-bit x86 where the hardware doesn't provide it? I would be greatful for an explanation of the basics of the way it is emulated since I simply can't imagine how it could be realized. Thanks in advance.
You might want to read about Exec Shield, PaX PAGEEXEC and PaX SEGMEXEC.
I've never implemented NX emulation, but knowing something about x86 here's my best guess of how it can work.
It all has to do with how the kernel sets up your global descriptor table to define what range of addresses may contain code.
If I may summarize it inelegantly... On x86 in 32-bit protected mode, those old "segment registers" from 16-bit code still have some meaning. The segment registers determine which entry in the GDT is used. The GDT entries are essentially a memory range. If the kernel points the cs (code segment) register at a GDT entry that only has addresses in range [x, y], then addresses outside that range are non-executable.
Note that this is much more coarse-grain than an NX bit, because the NX bit goes in the page table entry. So the NX bit lets you mark an arbitrary page as non-executable, whereas using cs segments only let you specify a (usually vary large, contiguous) range as non-executable.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论