无论我如何在C中编码它,为什么int变量不会在char数组之前就地址而来?
[英]Why won't int variable come before char array in terms of addressing no matter how I code it in C?
问题描述
I'm reading Hacking: The Art of Exploitation (2nd Edition) , and I'm currently on the section about buffer overflows. 
我正在阅读Hacking:剥削艺术(第2版) ,我目前正在讨论缓冲区溢出问题。
In the first example, the variables are declared/initialized in this order: 在第一个示例中,变量按以下顺序声明/初始化:
int auth_flag = 0;
char password_buffer[16];
The example goes on to explain that you can use gdb to examine auth_flag and password_buffer 's addresses, and you'll notice that auth_flag 's address is higher than password_buffer 's. 这个例子继续解释你可以使用gdb来检查auth_flag和password_buffer的地址,你会发现auth_flag的地址高于password_buffer的地址。 Things to keep in mind: I'm running all of this in Ubuntu within Virtualbox on a Macbook Pro (Intel processor, 64-bit). 要记住的事情:我在Macbook Pro(英特尔处理器,64位)上的Virtualbox中运行Ubuntu中的所有这些。
I compiled the first example's code like this: gcc -g -fno-stack-protector -o auth_overflow auth_overflow.c 我编译了第一个例子的代码,如下所示: gcc -g -fno-stack-protector -o auth_overflow auth_overflow.c
As expected, auth_flag 's address is higher than password_buffer 's. 正如所料, auth_flag的地址高于password_buffer的地址。
To remedy the problem presented above, the author explains you should switch the ordering of the declarations: 为了解决上面提出的问题,作者解释说你应该切换声明的顺序:
char password_buffer[16];
int auth_flag = 0;
I compiled the code the same way: gcc -g -fno-stack-protector -o auth_overflow2 auth_overflow2.c 我以相同的方式编译代码: gcc -g -fno-stack-protector -o auth_overflow2 auth_overflow2.c
Unfortunately, I did not see auth_flag 's address being lower than password_buffer 's. 不幸的是,我没有看到auth_flag的地址低于password_buffer的地址。 In fact, it was still higher. 事实上,它仍然更高。 Why is this? 为什么是这样? What am I doing wrong? 我究竟做错了什么?
4 个解决方案
解决方案1
5 2010-08-14 04:03:32
The compiler is allowed to choose whatever order it wants, in order to provide more optimal code, or even just random because it's easier to implement. 允许编译器选择它想要的任何顺序,以便提供更优化的代码,或者甚至只是随机的,因为它更容易实现。 One thing you might try is -O0 flag which disables all optimizations. 您可能尝试的一件事是-O0标志,它禁用所有优化。
解决方案2
1 2010-08-14 04:00:55
Compilers are free to rearrange variables as they feel is best. 编译器可以自由地重新排列变量,因为他们觉得最好。 I believe that the only restriction in the order of struct members. 我相信结构成员顺序的唯一限制。 Those must be in memory in the same order as declared in the struct. 那些必须以与struct中声明的顺序相同的顺序存在于内存中。
解决方案3
0 2010-08-14 04:08:02
I found this thread quite interesting: 我发现这个帖子非常有趣:
http://www.mail-archive.com/avr-gcc-list@nongnu.org/msg05043.html http://www.mail-archive.com/avr-gcc-list@nongnu.org/msg05043.html
Quote: In theory it can be done Quote: 从理论上讲,它可以做到
-fdata-section
解决方案4
0 2010-08-14 04:35:57
Apple has a security feature to prevent just the type of hacking you are talking about - There is a degree of randomization to where everything is stored in memory, so you can't for example find the memory allocated for a certain program, and go to the 1502nd byte where the function to open the high security vault locks sits, cause it isn't always in the same place in memory. Apple有一个安全功能,可以防止你正在谈论的黑客攻击类型 - 有一定程度的随机化,一切都存储在内存中,所以你不能找到为某个程序分配的内存,并转到打开高安全性保险库锁的功能所在的第1502字节,因为它并不总是在内存中的相同位置。
See http://en.wikipedia.org/wiki/Address_space_layout_randomization for details on how this works. 有关其工作原理的详细信息,请参见http://en.wikipedia.org/wiki/Address_space_layout_randomization 。
Funny coincidence that you would encounter this, and that Matt Joiner would stumble on the answer while trying to burn apple. 有趣的巧合,你会遇到这个,并且Matt Joiner在尝试烧苹果时会偶然发现答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.