开发者

Can a program assign the memory directly?

Is there any really low level programming 开发者_Python百科language that can get access the memory variable directly? For example, if I have a program have a variable i. Can anyone access the memory to change my program variable i to another value?


As an example of how to change the variable in a program from “the outside”, consider the use of a debugger. Example program:

$ cat print_i.c
#include <stdio.h>
#include <unistd.h>

int main (void) {
    int i = 42;
    for (;;) { (void) printf("i = %d\n", i); (void) sleep(3); }
    return 0;
}
$ gcc -g -o print_i print_i.c
$ ./print_i
i = 42
i = 42
i = 42
…

(The program prints the value of i every 3 seconds.)

In another terminal, find the process id of the running program and attach the gdb debugger to it:


$ ps | grep print_i
 1779  p1  S+     0:00.01 ./print_i
$ gdb print_i 1779
…
(gdb) bt
#0  0x90040df8 in mach_wait_until ()
#1  0x90040bc4 in nanosleep ()
#2  0x900409f0 in sleep ()
#3  0x00002b8c in main () at print_i.c:6
(gdb) up 3
#3  0x00002b8c in main () at print_i.c:6
6           for (;;) { (void) printf("i = %d\n", i); (void) sleep(3); }
(gdb) set variable i = 666
(gdb) continue

Now the output of the program changes:

…
i = 42
i = 42
i = 666

So, yes, it's possible to change the variable of a program from the “outside” if you have access to its memory. There are plenty of caveats here, e.g. one needs to locate where and how the variable is stored. Here it was easy because I compiled the program with debugging symbols. For an arbitrary program in an arbitrary language it's much more difficult, but still theoretically possible. Of course, if I weren't the owner of the running process, then a well-behaved operating system would not let me access its memory (without “hacking”), but that's a whole another question.


Sure, unless of course the operating system protects that memory on your behalf. Machine language (the lowest level programming language) always "accesses memory directly", and it's pretty easy to achieve in C (by casting some kind of integer to pointer, for example). Point is, unless this code's running in your process (or the kernel), whatever language it's written in, the OS would normally be protecting your process from such interference (by mapping the memory in various ways for different processes, for example).


If another process has sufficient permissions, then it can change your process's memory. On Linux, it's as simple as reading and writing the pseudo-file /proc/{pid}/mem. This is how many exploits work, though they do rely on some vulnerability that allows them to run with very high privileges (root on Unix).


Short answer: yes. Long answer: it depends on a whole lot of factors including your hardware (memory management?), your OS (protected virtual address spaces? features to circumvent these protections?) and the detailed knowledge your opponent may or may not have of both your language's architecture and your application structure.


It depends. In general, one of the functions of an operating system is called segmentation -- that means keeping programs out of each other's memory. If I write a program that tries to access memory that belongs to your program, the OS should crash me, since I'm committing something called a segmentation fault.

But there are situations where I can get around that. For example, if I have root privileges on the system, I may be able to access your memory. Or worse -- I can run your program inside a virtual machine, then sit outside that VM and do whatever I want to its memory.

So in general, you should assume that a malicious person can reach in and fiddle with your program's memory if they try hard enough.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜