stackoom
  简体   繁体   中英

How to read the stack segment of a C program?

 原文  2019-09-04 12:03:30       c/ linux

Question

I am developing a Hobby operating system, for that I want to know the mechanism of memory allocation in Linux, to understand that, I created a simple C program that defines a unsigned char of some hex numbers and then runs in a empty infinite loop, I did this to keep the process alive. Then I used pmap to get page-mapping information. Now I know the location of stack segment, also I have created a program that uses process_vm_readv syscall to read the contents of that address, all I see a stream of 00 when I read the contents of stack segment and some random numbers at last, How can I be able to figure out how the array is stored in the stack segment?

If that is possible, how can I analyze the hex stream to extract meaningful information ?

1 answers

solution1
 3 ACCPTED  2019-09-04 14:04:54

Here I am adding a demonstration for accessing address space of a remote process, There are two programs local.c which will read and write a variable in another program named remote.c (These program assumes sizeof(int)==4 )

local.c

#define _GNU_SOURCE
#include <sys/uio.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/syscall.h>

int main()
{
    char buf[4];
    struct iovec local[1];
    struct iovec remote[1];
    int pid;
    void *addr;

    printf("Enter remote pid\n");
    scanf("%d",&pid);

    printf("Enter remote address\n");
    scanf("%p", &addr);

    local[0].iov_base = buf;
    local[0].iov_len = 4;

    remote[0].iov_base = addr;
    remote[0].iov_len = 4;



    if(syscall(SYS_process_vm_readv,pid,local,1,remote,1,0) == -1) {
    perror("");
        return -1;
    }
    printf("read : %d\n",*(int*)buf);

    *(int*)buf = 4321;

    if(syscall(SYS_process_vm_writev,pid,local,1,remote,1,0) == -1) {
    perror("");
        return -1;
    }
    return 0;
}

remote.c

#define _GNU_SOURCE
#include <sys/uio.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/syscall.h>

int main()
{

    int a = 1234;

    printf("%d  %p\n",getpid(),&a);
    while(a == 1234);

    printf ("'a' changed to %d\n",a);
    return 0;
}

And if you run this on a Linux machine,

[ajith@localhost Desktop]$ gcc remote.c -o remote -Wall
[ajith@localhost Desktop]$ ./remote
4574  0x7fffc4f4eb6c
'a' changed to 4321
[ajith@localhost Desktop]$


[ajith@localhost Desktop]$ gcc local.c -o local -Wall
[ajith@localhost Desktop]$ ./local
Enter remote pid
4574
Enter remote address
0x7fffc4f4eb6c
read : 1234
[ajith@localhost Desktop]$

Using the similar way you can read stack frame to the io-vectors, But you need to know the stack frame structure format to parse the values of local variables from stack frame. stack frame contains function parameters, return address, local variables, etc

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Stack Segment C Arrays Code snippet to find the size of heap segment or stack segment for a program C program new segment declaration how does .bss segment allocates and deallocates the memory for the C program? how to know a c program's stack overflows? how to increase Stack Size of a running program in C How to make the stack of a C program executable? Context saving – how to read segment registers in C and instruction pointer? stack of a c program Simple stack program in C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM