You are not logged in.
- Topics: Active | Unanswered
#1 2012-04-08 11:21:37
- leetow2003
- Member
- Registered: 2012-04-08
- Posts: 25
If the address ESP for every program is equal?
I read a book,it said:
In Linux Shell,the address for ESP every program
is equal,and it supportes the codes:
unsigned long get_sp()
{
__asm__("movl %esp,%eax");
}
and then I add this codes in my two programs,and
I insert it on the start about the function main() ,
but I find they get different value,how to explain?
(I first run in Shell:echo "0" >/proc/sys/kernel/randomize_va_space)
Offline
#2 2012-04-09 21:15:53
- markusle
- Member
- Registered: 2008-11-25
- Posts: 4
Re: If the address ESP for every program is equal?
Unfortunately, I am not quite sure what is meant by "the address for ESP every program
is equal". At the very least the value of ESP right after main() will depend on the number of command line
arguments provided. You can easily try this out in gdb (here I use rsp since it did this on a 64bit machine):
# gdb -q foo
Reading symbols from /tmp/foo...done.
(gdb) list
1
2
3 int main(int argc, char** argv) {
4
5 return 0;
6 }
(gdb) b 5
Breakpoint 1 at 0x4004bf: file foo.c, line 5.
(gdb) run one
Starting program: /tmp/foo one
Breakpoint 1, main (argc=2, argv=0x7fffffffe928) at foo.c:5
5 return 0;
(gdb) i r $rsp
rsp 0x7fffffffe840 0x7fffffffe840
(gdb) c
Continuing.
[Inferior 1 (process 28586) exited normally]
(gdb) run one two three four five
Starting program: /tmp/foo one two three four five
Breakpoint 1, main (argc=6, argv=0x7fffffffe8f8) at foo.c:5
5 return 0;
(gdb) i r $rsp
rsp 0x7fffffffe810 0x7fffffffe810
As you can see, in the first case RSP is 0x7fffffffe840. If more
command line arguments are provided RSP moves up the stack
and is now at a lower address, namely 0x7fffffffe810.
If your kernel has any sort of ASLR (e.g. using PAX or grsec) then there will
be additional randomization of the stack address.
Last edited by markusle (2012-04-09 21:17:40)
Offline
#3 2012-04-09 21:21:18
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,334
Re: If the address ESP for every program is equal?
I am moving this thread to "Programming and Scripting"
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#4 2012-04-11 12:11:03
- qll
- Member
- Registered: 2012-04-11
- Posts: 1
Re: If the address ESP for every program is equal?
I guess your book ment to say that the ESP of that program should not change when you disable ASLR ("echo 0 > /proc/sys/kernel/randomize_va_space"). ASLR is Address space layout randomization and you can read more about it at Wikipedia. The Offset of ESP in a Program is influenced by various things, like command line parameters (like pointed out above) and stack frames (which will be created for every function called). If you want to understand the example in your book, you should read about registers and what their purpose is (EBP, ESP, ...).
Last edited by qll (2012-04-11 12:11:23)
Offline