Process Memory
Motivation: Memory Permission
A computer program memory can be largely categorized into two sections: read-only and read/write. As systems became more complex and programs were loaded from other media into RAM instead of executing from ROM, the idea that some portions of the program's memory should not be modified was retained. These became the .text and .rodata segments of the program, and the remainder which could be written to divided into a number of other segments for specific tasks.
Memory Segments
Read the "The Linux Programming Interface/Processes" section:
ProcessesEndianness
Data on most modern systems is stored backwards, in little endian. For example, 0x0A0B0C0D
is stored as 0D 0C 0B 0A
in memory if the machine is little-endian:
Why?
Performance (historical)
Ease of addressing for different sizes.
(apocryphal) 8086 compatibility
vmmap
pwndbg has a vmmap
command that allows you to investigate program memory segments. For example, write a simple Hello World program in C:
//hello_world.c
#include <stdio.h>
void main()
{
puts("hello, world\n");
}
Compile it:
gcc hello_world.c -o hello_world
Run this program in GDB and check vmmap
:
$ gdb hello_world
pwndbg> b puts
pwndbg> r
pwndbg> vmmap

Reference
Last updated
Was this helpful?