vm_protect fails when compiled with Xcode 11

Question

I'm using runtime memory decryption of one of the Mach-O sections. For doing this I'm using vm_protect like this:

uint8_t *section_start = 0;
unsigned long section_size = 0;
section_start = getsectiondata(&_mh_execute_header, "__TEXT", "__mysection", &section_size);

// change virtual memory protection
if (vm_protect(mach_task_self(), (vm_address_t)section_start, (vm_size_t)section_size, 0, VM_PROT_READ | VM_PROT_WRITE) != KERN_SUCCESS) {
    os_log_error(my_logger, "Virtual memory protection changing to write error");
    return false;
}

When I compile Debug configuration with Xcode 10, the vm_protect succeeds. However, the same code compiled with Xcode 11 fails.

I've tried to add these entitlements to the project:

com.apple.security.cs.disable-executable-page-protection
com.apple.security.cs.allow-jit
com.apple.security.cs.allow-unsigned-executable-memory

, without success.

Also changed the signing certificate to Apple Development one that is specifically for Xcode 11, the same result.

Running the project gives the same results on Catalina and Mojave - if built with Xcode 10, succeeds, with Xcode 11 - fails.

Thanks in advance.

Answer 1

I am also experiencing this same problem. If I have the Hardened Runtime enabled and specify all the entitlements (including those specified above) then I get the same problem. Also if I disabled the Hardened Runtime.

I tried compiling to an earlier SDK (as far back as 10.8) and the problem persists (even though it doesn't exist if you compile with an earlier version of XCode to the same SDK).

I also tried making the __TEXT segment to be writable using the linker flags: segprot,__TEXT,rwx,rwx. This time instead of vmprotect failing it crashes earlier with a dyld error: "__TEXT segment maps the start of the file but is writable"

Surely this is a bug with XCode 11?