heap~
sbrk()&&brk()
reference:sbrk(2) - Linux man page
Description
brk() and sbrk() change the location of the program break, which defines the end of the process’s data segment (i.e., the program break is the first location after the end of the uninitialized data segment). Increasing the program break has the effect of allocating memory to the process; decreasing the break deallocates memory.
brk() sets the end of the data segment to the value specified by addr, when that value is reasonable, the system has enough memory, and the process does not exceed its maximum data size (see setrlimit(2)).
sbrk() increments the program’s data space by increment bytes. Calling sbrk() with an increment of 0 can be used to find the current location of the program break.
Return Value
On success, brk() returns zero. On error, -1 is returned, and errno is set to ENOMEM. (But see Linux Notes below.)
On success, sbrk() returns the previous program break. (If the break was increased, then this value is a pointer to the start of the newly allocated memory). On error, (void *) -1 is returned, and errno is set to ENOMEM.
大概就是:
sbrk()用来增加堆块的大小,但是调用sbrk(0)的话是会返回当前的program break;
brk()用来重新设置program break;
这里用ctf-wiki上的例子可以很好理解。
1 | /* sbrk and brk example */ |
另外我进行了如下的测试,在程序开始的时候,我两次sbrk(0),但是返回的值却不一样,但在这之后的sbrk(0)都能返回同一个值。
猜测可能是因为第一次返回的是bss_end的位置,第二次才是返回了正确的heap起始位置,因为bss_end的位置和heap之间是有一段空缺的嘛,可以看下面的示意图。这些都是我的猜测,我也还没动调试一下,如果有错欢迎留言指正。
1 |
|
mmap
malloc 会使用 mmap 来创建独立的匿名映射段。匿名映射的目的主要是可以申请以 0 填充的内存,并且这块内存仅被调用进程所使用。
使用cat /proc/进程 id/maps 查看c程序进程内存映射
1.首先把 c 程序编译成 a.out 文件
2.gdb a.out
3.查看执行该文件对应的进程 #ps au
4.a.out 所对应的PID即为所需