Memory Layout¶
links: ED TOC - Memory Layout - Index
Linux Userspace Process Memory Layout¶
Memory Layout
- x32 Memory Layout: The memory layout in 32-bit architecture includes the stack, heap, and code sections. The stack grows downwards from the top of the memory space, while the heap grows upwards. The code section is typically located at the lower addresses.
- Stack: A contiguous memory region used for function local variables and control data like the saved instruction pointer (SIP).
- LIFO - Last in, First out
- Heap: A contiguous region managed by the memory allocator (e.g.,
malloc()
) and used for dynamic memory allocation. - Code: Contains the compiled program code.
- Stack: A contiguous memory region used for function local variables and control data like the saved instruction pointer (SIP).
ELF Format
- ELF files store program data and instructions in a standardized format. They replace the older
a.out
format and are similar to other executable formats like COFF (UNIX, old) and PE (Windows).- Types: ET_EXEC (executable), ET_REL (relocatable), ET_DYN (shared object).
- Views:
- Sections: Logical divisions used by the compiler, like
.text
for executable instructions,.data
for initialized data, and.bss
for uninitialized data. - Segments: Physical divisions used by the loader, which map to memory regions. Each segment contains one or more sections.
- Sections: Logical divisions used by the compiler, like
ELF Structure
- Headers: The ELF file begins with an ELF header, followed by program headers (defining segments) and section headers.
- Program Headers: Define segments for the loader.
- Types of Segments:
- LOAD: Describes segments to be loaded into memory, with permissions like read, write, and execute.
- DYNAMIC: Holds dynamic linking information.
- GNU_STACK: Describes stack properties.
- Types of Segments:
- Sections to Segments Mapping: Sections like
.text
,.data
, and.bss
are mapped into segments like code, heap, and stack by the loader.
- Code:
r-x
executable segment \(\rightarrow\) compiled code - Heap:
rw-
data segment \(\rightarrow\) heap variables (e.g. global variables) - Stack:
rw-
stack \(\rightarrow\) stack variables
Variable mapping in section
- Global variable:
.data
- Global static variable (
const
):.rodata
- Heap variable (with
malloc()
): only at runtime available, address after/higher as.bss
vars - Stack variable: only at runtime available (high address)
- Function address:
.text
Memory Example in C
- Global variables are located in the data segment.
- Heap variables are dynamically allocated and located in the heap.
- Stack variables are local to functions and located in the stack segment.
ELF File Analysis
readelf
andobjdump
tools are used for examining ELF files, displaying segment and section information and disassembling code sections.
Summary
- The process of creating a process from an ELF file is called Linking and Loading
- Sections are for compiler (gcc), to link several object files together (.o)
- Segments are for the loader, to create the process
- Program Code is stored in ELF Files
- ELF Files contain segments
- Segments are copied 1:1 in the memory to create a process (of that program)
- A process has generally three important segments:
- Code segment (the actual compiled code)
- Heap (global allocations with
malloc()
) - Stack (local variables of functions)
Heap¶
Heap allocator
- Allocate big memory pages from the OS
- manage this pages (normally 4k)
- split the pages into smaller bin's
- each bin contain chunks of a specific size
- make these chunks available to the program
links: ED TOC - Memory Layout - Index