checking memory access x86-64 assembly

Question

I want to restrict access(read,write) to particular area in memory and I am trying to figure out which are the instructions that can access the memory that are generated through gcc assembly(gcc -S). As most of instructions in x86-64 can access memory, In my current approach I am checking for parentheses in instruction. If parentheses is present I will be checking the address accessed.

addq (rdi),rsi
movq (eax),ebx
movq  ecx, eax

in the above example I will assume that 1st and 2nd accessing memory and 3rd instruction doesn't. Is my approach correct, does checking for parentheses cover all memory access if not, is there any list of the other memory access instructions.

Answer 1

In addition to the cases mentioned by @Jester's comment, there are instructions that access memory conditionally such as CMOVcc. Also don't forget about self-modifying code.

Examining the generated assembly listing is probably the wrong approach. One suitable approach would be to perform binary instrumentation dynamically at the instruction level. Only just before an instruction gets executed you can know whether this instruction is going to access (read/write/both) memory and act accordingly. You should intercept every instruction. There are other platform dependent approaches and they are not any easier. For example, you can implement a simple debugger running in another process and breaks when an instruction reads and/or writes to memory. When this happens, you can inspect the instruction and the address being accessed and act accordingly. Yet another approach on Linux is to use mprotect to get notified when a memory location that is part of the specified address range is being accessed and catch the signal using sigaction. In the signal handler, you can take the appropriate action.