Archived

This topic is now archived and is closed to further replies.

Z01

memory protection in Linux/Win 2k

Recommended Posts

I was recently writing a C program. I noticed that Linux gives me a segmentation fault when I attempt to read memory not in the page allocated to my process. But Win2k seems to allow me to read other memory pages (that may belong to another process). I did this simply by reading down (up?) the stack until you pass the edge of the page: int i; int j; int * k; k = &i; for (j=0;j<100000 /* some big number */; j++) { printf("Addr: %x\tValue: %x %d\n", &k[-j], k[-j], j); } Is this correct, or am i missing something? So any application running in Win2k can read any other applications data? Edited by - Z01 on August 2, 2001 1:59:32 AM

Share this post


Link to post
Share on other sites
I think you can as long as you''re running under a privliged account. I''m no expert on win2k so I might be wrong.

Of course, this is windows we''re talking about, so I wouldn''t rule out OS bug.

Share this post


Link to post
Share on other sites
From what I can remember of NT''s memory architecture, there exists no such thing as ''other application''s pages'' within the virtual memory space of an app.

Share this post


Link to post
Share on other sites
To my knowledge, NT does have the concept of protected memory, which is why so many poorly-written apps that run fine on 9x die miserably on NT with an access violation. To gain legal access to memory belonging to other processes, there are certain priviliges your process needs to have (and, for all I know, your process might need to be a service or a driver). But I have no idea why what you tried didn''t cause any problems. It''s possible that 2000 just happened to give you a sufficiently large stack or otherwise large memory sandbox, but I really don''t know.

Share this post


Link to post
Share on other sites
Win2k uses virtual memory spaces....so your program could (theoretically) address the full range of memory w/o overwriting another program.

Epolevne

Share this post


Link to post
Share on other sites
Thanks for you answers

I know that my program could allocate up to the theoretical 4GB max, but I was reading memory that I hadn''t allocated. Maybe Win2k was doing something tricky behind the scenes, or maybe you are allowed to read, but not write to memory not belonging to your process? Anyways, I''ll think about it more.

Share this post


Link to post
Share on other sites
I don''t see what the problem is here...
I just ran your code, and once j gets past about 1200, it''s all 0''s. Presumably, stuff below 1200 is the app itself.

As previously mentioned, NT runs each app in its own memory space. You can look or write over all the memory you want, but you''ll never hit another processes'' pages.

IIRC, a program must be running in ring 0 to access the pages of other processes, or of the OS itself.

If anybody is interested, here''s a great article about NT''s memory subsystem architecture.



~~~~~~~~~~
Martee

Share this post


Link to post
Share on other sites
Please don''t forget the kernel and shared memory spaces. In NT they are all protected with NO_ACCESS, but in Windows 9x they are writeable. Hence, any application can write random data to the kernel.

Shudder.

Share this post


Link to post
Share on other sites