Process Memory Linux

Posted by Eric | Linux, exploits | Wednesday 5 March 2008 10:03 am

<meta content="OpenOffice.org 2.0 (Linux)" name="GENERATOR" /><meta content="20080305;7343200" name="CREATED" /><meta content="16010101;0" name="CHANGED" /><br /> <style> <!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --> </style> <p style="margin-bottom: 0in">Every Process has an address space with three segments: Text (code), Data, and Stack.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">The Text segment ,sometimes also called code segment contains the machine instructions that form the programs executable code. This section is usually read only and is generated by the compiler.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">The Data segment contains storage for program variables, strings, arrays and other data. This segment contains two parts, initialized and uninitialized data. The Uninitialized portion is known (historically at least) as BSS. The data segment can change, unlike the text(code) segment.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">The Stack Segment starts at the top of the Virtual Address Space and grows down towards 0. If the stack grows beyond its bounds a hardware fault occurs and the operation system lowers the bottom of the stack by 1 page. When you start a program all its variables and command line arguments are stored on the stack segment. This last statement should connect in your memory and fill in the “why” from any tutorials you may have read, which did something like strcpy(buffer, argv[1]).</p> <p style="margin-bottom: 0in"> <pre>Process Memory Layout: (Borrowed w/o permission from tutorial by: xgc/dx A.K.A Thyago Silva http://milw0rm.com/papers/4) 0xc0000000</pre> <pre>--------------------- | | | env/argv pointer. | | argc | |-------------------| | | | stack | | | | | | | | | | V | / / | | | ^ | | | | | | | | | | heap | |-------------------| | bss | |-------------------| | initialized data | |-------------------| | text | |-------------------| | shared libraries | | etc. | |-------------------|</pre> <pre>0x8000000</pre> <p style="margin-bottom: 0in">Above when discussing the stack segment we briefly mentioned that the operating system will increase the stack by 1 page when it grows out of its boundaries. A page is a 4Kb area of memory and is the basic unit of memory with which both the kernel and the CPU deal. Although both can access individual bytes (or even bits), the amount of memory that is managed is usually in pages. For more information on Linux paging and the linux memory model in general see <a href="http://www.ibm.com/developerworks/linux/library/l-memmod/">This link</a></p> </div> <div class="feedback"> <a href="http://hamsterswheel.com/techblog/?p=48#respond" title="Comment on Process Memory Linux">Comments (0)</a> </div> <h2 id="comments">No Comments <a href="#postcomment" title="Leave a comment">»</a> </h2> <p>No comments yet.</p> <p><a href='http://hamsterswheel.com/techblog/?feed=rss2&p=48'><abbr title="Really Simple Syndication">RSS</abbr> feed for comments on this post.</a> <a href="http://hamsterswheel.com/techblog/wp-trackback.php?p=48" rel="trackback">TrackBack <abbr title="Uniform Resource Identifier">URI</abbr></a> </p> <h2 id="postcomment">Leave a comment</h2> <form action="http://hamsterswheel.com/techblog/wp-comments-post.php" method="post" id="commentform"> <div id="authorinfo" style=""> <p><input type="text" name="author" id="author" value="" size="22" tabindex="1" onfocus="this.style.background='#ffffff'" onblur="this.style.background='#ffffff'" /> <label for="author"><small>Name (required)</small></label></p> <p><input type="text" name="email" id="email" value="" size="22" tabindex="2" onfocus="this.style.background='#ffffff'" onblur="this.style.background='#ffffff'" /> <label for="email"><small>Mail (will not be published) (required)</small></label></p> <p><input type="text" name="url" id="url" value="" size="22" tabindex="3" onfocus="this.style.background='#ffffff'" onblur="this.style.background='#ffffff'" /> <label for="url"><small>Website</small></label></p> <!--<p><small><strong>XHTML:</strong> You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line=""> </small></p>--> </div> <p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4" onfocus="this.style.background='#ffffff'" onblur="this.style.background='#ffffff'" ></textarea></p> <p><input name="submit" type="image" id="submit" tabindex="5" src="http://hamsterswheel.com/techblog/wp-content/themes/blue-zen/images/submit.jpg" onmouseover="this.src='http://hamsterswheel.com/techblog/wp-content/themes/blue-zen/images/submit_over.jpg'" onmouseout="this.src='http://hamsterswheel.com/techblog/wp-content/themes/blue-zen/images/submit.jpg'" /> <input type="hidden" name="comment_post_ID" value="48" /> </p> </form> </div> </div> <div id="footer"> © Copyright 2009 | <a href="http://hamsterswheel.com/techblog">Phn1x – Hamsterswheel</a> | Theme by <a href="http://clubparexcellancetech.com/">Club Par Excellance</a> | All Rights Reserved | Sponsored by <a href="http://www.voipkit.ca/">VoIP</a> </div> </body> </html>