为什么变量的地址在两次运行之间不断变化 [英] Why does the address of the variable keep changing between runs

问题描述

我制作了两个完全相同的C程序，并在Linux平台(Ubuntu 10.04)上使用gcc编译器对其进行了编译，并获得了两个单独的可执行文件，然后使用objdump获得了两个可执行文件的汇编代码，并发现汇编代码完全相同，甚至两个汇编文件中相应指令的地址也相同.该程序将在其中打印变量的地址.运行时程序会产生不同的地址，而且同一程序运行时会产生不同的地址为什么两个程序中的代码行地址相同，但是每次运行相同的程序时变量的地址也会改变.我认为屏幕上显示的变量地址是虚拟地址，但是如果是虚拟的，为什么可以每次都不一样.由objdump获取的汇编代码中显示的地址是否也是虚拟的?

I made two C programs which were exact copy of each other.Compiled them on Linux platform(Ubuntu 10.04) using gcc compiler and obtained two separate executables.Then I obtained the assembly code of both the executables using objdump and found that the assembly code was exactly same and even the address of corresponding instructions in two assembly files was same.The program was to print the address of a variable in it.The programs when run produce different address and moreover the same program produces a different address when run each time.Why address of code lines is same in the two programs but the address of variable changes even for the same program each time it is run.I think that address printed of variable on screen is virtual address but if its virtual why it can't be same each time.Is the address shown in assembly code obtained by objdump is also virtual?

推荐答案

这是由于地址空间布局随机化.

引用维基百科:

地址空间布局随机化 (ASLR) 是一种计算机安全方法，它涉及在进程的地址空间中随机排列关键数据区域的位置，通常包括可执行文件的基址以及库、堆和堆栈的位置.

Address space layout randomization (ASLR) is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

好处

地址空间随机化使攻击者更难以预测目标地址，从而阻碍了某些类型的安全攻击.例如，尝试执行返回libc攻击的攻击者必须找到要执行的代码，而其他尝试执行注入到堆栈中的shellcode的其他攻击者则必须先找到堆栈.在这两种情况下，相关的内存地址都会被攻击者遮盖.必须猜测这些值，由于应用程序崩溃，通常无法恢复错误的猜测.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the related memory addresses are obscured from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

例如，当我在Ubuntu 10.10机器上重复运行由以下C代码生成的相同可执行文件时:

For example, when I repeatedly run the same executable produced from the following C code on my Ubuntu 10.10 box:

#include <stdio.h>

int g = 0;

int main() {
  int x = 0;
  printf("%p %p\n", &x, &g);
}

局部变量( x )的地址不断变化，但全局变量( g )的地址保持不变.

The address of the local variable (x) keeps changing, but the address of the global variable (g) stays the same.

这篇关于为什么变量的地址在两次运行之间不断变化的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！