stackoom
  简体   繁体   中英

Why aren't memory addresses of C variables fixed?

 原文  2015-05-12 11:53:16       c/ linux/ unix/ operating-system

Question

I'm an undergraduate CS student who just learned about virtual memory. I did an experiment with the following program. 

#include<stdio.h>
int ready0; 
int main(void) {
  int ready;
  printf("ready0 at %p, ready at %p. \n", (void*)&ready0, (void*)&ready); 
}

I think that since the program only deals with virtual memory, it should seem to the program that it is the only process running on the machine. I also looked at the disassembled code, which looks very deterministic. Thus, if I run the program for many times, the result should be identical. However, experiments show that this is not the case. Why do the experiments differ from what I expected? What caused the results to differ each time I run the program?

If you're interested, here's several experiment results on Mac OS X Yosemite. 

$ ./sp
ready0 at 0x102b18018, ready at 0x7fff5d0e876c. 
$ ./sp
ready0 at 0x107c09018, ready at 0x7fff57ff776c. 
$ ./sp
ready0 at 0x10aa9c018, ready at 0x7fff5516476c. 
$ ./sp
ready0 at 0x10d56d018, ready at 0x7fff5269376c. 
$ ./sp
ready0 at 0x10da1c018, ready at 0x7fff521e476c. 
$ ./sp
ready0 at 0x109aff018, ready at 0x7fff5610176c. 
$ ./sp
ready0 at 0x107c31018, ready at 0x7fff57fcf76c. 
$ ./sp
ready0 at 0x10fab1018, ready at 0x7fff5014f76c.

2 answers

solution1
 3 ACCPTED  2015-05-12 12:00:10

In the old days you would usually have been right; the stack pointer at entry to main would often have been the same (but it also depends upon your environment, see environ(7) ...). Details are given (for Linux notably) in your ABI spec & in execve(2) syscall. Your (and mine) ABI is often AMD64 ABI .

Current systems have, for security purposes, ASLR - address space layout randomization - (which you could disable system-wide with echo 0 > /proc/sys/kernel/randomize_va_space to be run as root; this opens a security hole) . So the stack pointer at entry to main is a bit random.

Hint: you might want to disable ASLR if you use gdb watchpoints.

solution2
 2  2015-05-12 12:06:36

It's due to address space layout randomization.

From Wiki:

*

Address space layout randomization (ASLR) is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Benefits

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the related memory addresses are obscured from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

*

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why aren't consecutively-defined variables in increasing memory locations? Why aren't fixed-point types included in C99? Why do C variables have peculiar 40-bit memory addresses on Android 12? Why aren't bitfields allowed with normal variables? Why are successively declared pointer variables stored in memory in a decreasing order of their addresses? C: Why aren't &(void *) and void** compatible? C: Array of memory addresses? Variables addresses in C Why aren't glibc's function addresses randomized when ASLR is enabled? Using LEA on values that aren't addresses / pointers?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM