tags:

views:

156

answers:

5
+2  Q: 

C++: Can I get out of the bounds of my app's memory with a pointer?

Hi,

If I have some stupid code like this:

int nBlah = 123;
int* pnBlah = &nBlah;
pnBlah += 80000;
*pnBlah = 65;

Can I change another app's memory?

You have explained me this is evil, I know. But I was just interested.
And this isn't something to simply try. I don't know what would happen.

Thanks

+1  A: 

I think this would raise 0x00000005, access violation on windows

reuscam  2010-06-04 16:38:06
+4  A: 

Under modern operating systems you don't get access to the real memory, but rather a virtual memory space of 4gb (under 32bit). Bottom 2gb for you to use, and top 2gb reserved for the operating system.

This does not reflect to actual memory bytes in the RAM.

Every app get's the same virtual address space, so there is no straight forward way of accessing another process's memory space.

Am  2010-06-04 16:40:20
+12  A: 

In C++ terms, this is undefined behavior. What will actually happen depends on many factors, but most importantly it depends on the operating system (OS) you are using. On modern memory-managed OS's, your application will be terminated with a "segmentation fault" (the actual term is OS-dependent) for attempting to access memory outside of your process address space. Some OS's however don't have this protection, and you can willy-nilly poke and destroy things that belong to other programs. This is also usually the case if your code is inside kernel space, e.g. in a device driver.

Brian Neal  2010-06-04 16:40:25
+1 pointing out this is language independent and OS specific.Since "modern" operating systems keep being mentioned I also want to point out that ancient operating systems also did this -- "ancient" being defined as when I was in college in the early 1980s learning programming on a BSD Unix machine. Nice to know I'm still modern.
Stephen P  2010-06-04 16:52:13
I should also say that there are indeed "modern" OS's without MMU protection. These are common in the embedded systems world.
Brian Neal  2010-06-04 16:55:55
What about tools like "Cheat-o-Matic" that look through your memory for a specific value and then change it?
Malfist  2010-06-04 18:01:36
@Malfist They probably use some OS-specific API to do that. But you can't do it with ordinary pointer arithmetic on an OS with virtual memory and address space protection.
Brian Neal  2010-06-04 18:27:14
Paged virtual memory was first used in the Atlas in 1962. It's been rediscovered several times since.
Mike Seymour  2010-06-04 21:07:09
A: 

Modern operating systems have various means of protecting against these kinds of exploits that write into the memory space of other programs. Your code wouldn't work either way, I don't think.

For more information, read up on Buffer Overflow exploits and how they gave Microsoft hell prior to the release of Windows XP SP2.

baultista  2010-06-04 16:40:39
This isn't an example of a buffer overflow, really. And buffer exploits still give OS vendors/creators hell. They didn't end with Windows XP SP2.
Brian Neal  2010-06-04 16:52:05
+3  A: 

Nope, it's not that simple. :)

Modern operating systems use virtual memory.

Every process is provided with a full virtual address space.

Every process is given its own "view" of all addresses (from 0x00000000 to 0xffffffff on a 32-bit system). Processes A and B can both write to the same address, without affecting each others, because they're not accessing physical memory addresses, but virtual addresses. When a process tries to access a virtual address, the OS translates that into some other physical address to avoid collisions.

Essentially, the OS keeps track of a table of allocate memory pages for every process. It tracks which address ranges have been allocated to a process, and which physical addresses they're mapped to. If a process tries to access an address not allocated to it, you get an access violation/segmentation fault. And if you try to access an address that is allocated to your process, you get your own data. So there is no way to read other processes data just by typing in the "wrong" address.

jalf  2010-06-04 16:54:43
+1. Many OS's (e.g. POSIX) allow you to setup shared memory segments which would allow two applications to share the same physical segment of memory. It is likely this segment would appear at different virtual addresses in each application.
Brian Neal  2010-06-04 16:58:37
@Brian: Yep, there are usually mechanisms to allow memory to be shared between processes (although as you say, they might see the memory at different addresses), but it always depends on a system call first, to ask the OS to please map memory from that process into this process' address space. Simply manipulating pointers can never do it.
jalf  2010-06-04 18:10:50

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS