All geek questions in one place

How to change arbitrary memory?

I get a new computer, so my friend and I decided that we want to play mainly Russian roulette with the memory of our computers. The general premise is that we randomly take a position in the memory and assign it to a random value and see whose computer is buggy faster or worse. Nothing I do should be a good idea, so unsafe practices are accepted, even encouraged here.

This is what I have so far:

#include <iostream> #include <stdlib.h> #include <time.h> // use preprocessor to avoid losing this data during the running of the program // 4GB RAM (4 * 2^32 bytes) #define NUM_MEMORY_LOCATIONS 4294967296 int main() { // Intializes random number generator time_t t; srand((unsigned) time(&t)); while (true) { // 4GB RAM (2^32 bytes) /** generate a 31-bit number between 0b0 (0) and 0b111 1111 1111 1111 1111 1111 1111 1111 (4294967295) **/ // generate a 15-bit number between 0b0 (0) and 0b111 1111 1111 1111 (32767) unsigned long int hi = rand() % 32768; // shift the bits hi <<= 16; // generate a 15-bit number between 0b0 (0) and 0b111 1111 1111 1111 (32767) unsigned long int med = rand() % 32768; // shift the bits med <<= 1; // generate a 1-bit number between 0b0 (0) and 0b1 (1) unsigned long int lo = rand() % 2; // combine to make final random number unsigned long int randNum = hi + med + lo; // select a random position in memory void * randomPointer = 0; randomPointer += randNum; // Something like this here to break my computer: //*randomPointer = 0; } }

I don't know how I can set this value, even to 0. Also, I'm not sure which type of pointer I should use. The void pointer does not seem to work, but I may just not completely understand the intricacies of insecure memory management in C ++.

Does anyone know how I can do this? Any help would be appreciated.

+5
source share
5 answers

You cannot do this with your code: on x86-64 systems, you will receive an access violation for every address that does not belong to your executable address space.

The OS is responsible for deciding which addresses belong to this process (they undergo the MMU translation process, which ultimately decides whether the address belongs to the process or not) if it is not notified about the processor and according to the OS you can get an access violation or segmentation error .

On a linux system, you usually edit another process memory with something like ptrace to debug another process. Another option is to edit / dev / mem . For both, you need root access.

On a Windows system, you can instead use ReadProcessMemory and WriteProcessMemory or directly paste your code into the target whose address you created (CreateRemoteThread).

In any case, remember why you cannot execute it using your current code: modern operating systems run your application in a paged environment, that is, they provide a virtual address space that is optional (and usually not) to map physical addresses. What you are trying to do is wrong because these addresses will not be mapped to physical locations . If you really want to go this way, you will have to disable or bypass segmentation mechanisms, ring3 / 0 protection, paging, MMU transfers and probably solve a ton of other problems related to reserved addresses and registered MMIO intervals.

+5
source

All modern desktop operating systems use virtual process address spaces. This means that your process sees 4 GB of memory (in a 32-bit operating system, much more on 64-bit systems), that it owns everything and cannot see the memory belonging to other processes or the kernel of the operating system. How virtual address space maps to physical memory and swap space depends on the operating system and changes over time as the memory exchange and exchange take place.

So, the worst thing you can expect from your experiments is the failure of the program you wrote. To do anything else, you must be in kernel space.

+4
source

Because of the virtual memory mechanism, what you are trying to do is not possible, as you are trying to do it. The memory addresses in your process are mapped to the actual physical memory locations by the virtual memory manager (VMM) of your OS. If you try to read or write an address that was not allocated to your process using VMM, you simply compromise your own process (Windows access violation, Linux segmentation error, etc.).

On Linux, you can do it differently if your process has root privileges; just open /dev/mem node as a file and find a random location, then write random or null values. (In fact, the same thing you do in your code, only with I / O files โ€” look and write โ€” instead of dereference pointers.)

+2
source

For a pointer, just use "int *".

With that said, the memory that the program is trying to access is only its own memory. To get access to all RAM of the computer (and not even all of its virtual memory), to get access to the memory outside the program itself, some special O / S tricks as well as administrative privileges would be required.

+1
source

Well, after Windows 95, increasingly larger operating systems used the security features built into the CPU. In the x86 family, this is called "protected mode." There are several different methods, but the most widely used one uses paging.

Paging means sharing memory on pages (usually 4k), where you have a subset for code, another for data, etc. If you try to write anything outside the permitted set of data pages, you will be an exception (called "trap") that will be caught by the operating system. After the 95th life, life becomes much more boring.

One of the advantages of paging is the so-called "swap". This means that the operating system can unload RAM by placing pages on a disk, then intercepts and calls them into RAM when they are read / written.

0
source

Source: https://habr.com/ru/post/1201534/

More articles:


All Articles