ASLR和地址 [英] ASLR and addresses
问题描述
看一看这主要:
int
main()
{
int asd = 10;
printf("%p\n", &asd);
return 0;
}
在ASD地址在某个特定时刻:
Address of asd at at a given moment:
0x7ffff5f7c16c
主要的(保持不变)地址:
Address of main (always the same):
(gdb) disass main
Dump of assembler code for function main:
0x00000000004005b4 <+0>: push %rbp
为什么变量的普通C程序,在每次执行变更的地址,而程序本身的起始地址总是一样的(假定该位置相关)?
我看到地址的变化是由于ASLR模式,但为什么它会影响只是程序变量,并且不影响其中code被分配?难道这涉及到一个事实,即作为是code部分滚装它没有意义随机它时,不是绝对必要的?
Why the addresses of the variables, of a regular c program, change at every execution, whereas the starting address of the program itself it is always the same (assuming that it is not position independent)? I see that the address variability is due to the ASLR mode, but why it does affect only the program variables, and does not affect where the code is allocated? Is this related to the fact that as being the code section ro it doesn't make sense randomizing it when not strictly necessary?
此外,为什么会出现主要的tarting地址和变量ASD的地址之间的巨大差距?
Furthermore, why is there an enormous gap between the tarting address of the main and the address of the variable asd?
推荐答案
ASLR 大多发生在的mmap(2)时间。主线程的堆栈段在的execve(2)时间(程序) - 但可能是随机位置。初始堆栈指针的主还取决于各种因素(尤其是你的环境 - 看的 ENVIRON(7))。
ASLR happens mostly at mmap(2) time. The stack segment of the main thread is allocated at execve(2) time (of your program) -but may be "randomly" located. The initial stack pointer of your main also depends on various factors (notably your environment - see environ(7)).
堆栈指针设置为的execve 的时间。它被传递到 的crt0.o 启动对象文件(它调用你的主)由例如界定公约
The stack pointer is set at execve time. It is passed to the crt0.o startup object file (which calls your main) by conventions defined in e.g. the x86-64 ABI specifications.
主固定在里面 ELF的地址的可执行文件。除非你的code是位置无关code (即编译 -fPIE 或 -fPIC 等),它不能移动(因为这需要具体< A HREF =http://en.wikipedia.org/wiki/Relocation_%28computer_science%29相对=nofollow>搬迁)。使用你的 badnack 执行 objdump的-f badnack 找出来。此外 PMAP 在你的进程。和PIC有一个小的成本(它使用更多的寄存器)。
The address of main is fixed inside the ELF executable file. Unless your code is position independent code (i.e. compiled with -fPIE or -fPIC etc...), it cannot be moved (because that would require specific relocation). Use objdump -f badnack on your badnack executable to find out. Also pmap on your process. And PIC has a small cost (It uses more registers).
这篇关于ASLR和地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
