Process Memory

Motivation: Memory Permission

A computer program memory can be largely categorized into two sections: read-only and read/write. As systems became more complex and programs were loaded from other media into RAM instead of executing from ROM, the idea that some portions of the program's memory should not be modified was retained. These became the .text and .rodata segments of the program, and the remainder which could be written to divided into a number of other segments for specific tasks.

Memory Segments

Read the "The Linux Programming Interface/Processes" section:

Processes

Endianness

Data on most modern systems is stored backwards, in little endian. For example, 0x0A0B0C0D is stored as 0D 0C 0B 0A in memory if the machine is little-endian:

Why?

  • Performance (historical)

  • Ease of addressing for different sizes.

  • (apocryphal) 8086 compatibility

vmmap

pwndbg has a vmmap command that allows you to investigate program memory segments. For example, write a simple Hello World program in C:

//hello_world.c
#include <stdio.h>

void main()
{
    puts("hello, world\n");
}

Compile it:

gcc hello_world.c -o hello_world

Run this program in GDB and check vmmap:

$ gdb hello_world
pwndbg> b puts
pwndbg> r
pwndbg> vmmap
vmmap

Reference

LogoData segmentWikipedia
Data segment - Wikipedia
LogoEndiannessWikipedia
Endianness - Wikipedia
PreviousSyscallNextStack Frame

Last updated

Was this helpful?