Shallow 谈栈帧 (b)

Next: Light 谈栈帧 (i)

In the previous article, we briefly talked about how the stack and stack frame call function is called, how the data in the stack is stored in memory, and uses a few simple examples to observe and analyze him.

In this article, we think about the stack from the root:

In fact, in the early days of the computer, the memory of the computer is very honest, yes is honest. He did not make some memory space protection.

Let's think that when there is no protection in the memory space, we use a function to overwrite the memory of the computer itself and then cause the buffer to overflow. This will cause the computer to crash and be unusable. Because the memory does not exist Sancho, so it is honest to be pushed by the virus, is a strong demolition, so strong demolition is how it is abhorrent.

In fact, in the 1988, the worm used a buffer overflow to take up system resources, causing the computer to crash.

(1) How is the memory protected?

under the Linux system, 0XC00000000-0XFFFFFFFF is the system space, shared by all system processes, and 0X00000000-0XBFFFFFFF as user space.

In fact against a buffer overflow attack:

The mechanism provided by the GCC version on Linux,

1. Stack randomization:

In memory, we all jump through pointers, and registers are all directed at pointers, when there is an intruder. If an attacker can determine the amount of space used by a common Web server, the buffer overflows. You can control it. (Stack of security single)

So in order to solve this problem, we use the random idea of the stack:

In fact, the use of memory space virtual address, in fact, are through the addressing map. For a person, he does an unsafe thing, the best thing is to make this thing is not easy to guess, so. The randomization of the stack, when the program starts, allocates a random size space between 0~n bytes on the stack.

In Linux systems, Stack randomization has become a standard behavior. It is one of a larger class of technologies called address space layout randomization. Or, for short, ASLR. Different parts of the program at run time, including program code, library code, stacks, global variables, and heap data, are loaded into different areas of the memory.

2. Stack break detection:

GCC adds a stack protector mechanism to the generated code to detect buffer crossings, called canary values. Also called Sentinel value.

Diagram: (from an in-depth understanding of computer systems)

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7E/63/wKioL1b-GTGQhiGGAAGd8XE89fc903.jpg "title=" Img_ 0626.JPG "alt=" Wkiol1b-gtgqhiggaagd8xe89fc903.jpg "/>

3. Restrict the area of executable code:

is to eliminate the ability of an attacker to insert executable code into the system, that is, the paging system for virtual storage space, and of course read/write/execute permissions.

Actually, in summary. The mechanism for protection in computers is-randomization, stack protection, and restricting which parts of memory can store executable code.

will be supplemented later.

This article is from the "egg-left" blog, please be sure to keep this source http://memory73.blog.51cto.com/10530560/1759204

Shallow 谈栈帧 (b)