# Process Memory

## Motivation: Memory Permission

A computer program memory can be largely categorized into two sections: **read-only** and **read/write**. As systems became more complex and programs were loaded from other media into RAM instead of executing from ROM, the idea that some portions of the program's memory should not be modified was retained. These became the **.text** and **.rodata** segments of the program, and the remainder which could be written to divided into a number of other segments for specific tasks.

## Memory Segments

Read the "The Linux Programming Interface/Processes" section:

{% content-ref url="../the-linux-programming-interface/processes" %}
[processes](https://ret2basic.gitbook.io/ctfnote/computer-science/the-linux-programming-interface/processes)
{% endcontent-ref %}

## Endianness

Data on most modern systems is stored backwards, in little endian. For example, `0x0A0B0C0D` is stored as `0D 0C 0B 0A` in memory if the machine is little-endian:

![](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2FcosnZfCASkb6BjG714ug%2Fimage.png?alt=media\&token=d26eaec2-aadd-4f80-b487-a5f602204751)![](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2FoZqREPUqEHKMSsCtqEAe%2Fimage.png?alt=media\&token=498362b0-ab8d-4dfa-b276-c9953bda987e)

Why?

* Performance (historical)
* Ease of addressing for different sizes.
* (apocryphal) 8086 compatibility

## vmmap

pwndbg has a `vmmap` command that allows you to investigate program memory segments. For example, write a simple Hello World program in C:

```c
//hello_world.c
#include <stdio.h>

void main()
{
    puts("hello, world\n");
}
```

Compile it:

```bash
gcc hello_world.c -o hello_world
```

Run this program in GDB and check `vmmap`:

```bash
$ gdb hello_world
pwndbg> b puts
pwndbg> r
pwndbg> vmmap
```

![vmmap](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2FcPwZ5KlKlS0hECknaVNI%2Fimage.png?alt=media\&token=ad33a562-b8e2-4779-bbe2-4d41cecbe3f4)

## Reference

{% embed url="<https://en.wikipedia.org/wiki/Data_segment>" %}
Data segment - Wikipedia
{% endembed %}

{% embed url="<https://en.wikipedia.org/wiki/Endianness>" %}
Endianness - Wikipedia
{% endembed %}