General memory layout

Memory Layout of C Programs - GeeksforGeeksGeeksforGeeks

Binary Exploitationsh4dy's blog

Given the following general memory layout illustration from GeeksforGeeks:

Important things to note

In this image, the low address is placed at the bottom of the drawing, while the high address is at the top

1. The stack grows towards lower memory addresses

2. The heap grows towards higher memory addresses

Fields within the memory

1. Stack

• Stores local variables in a function, return addresses and function call information

• stores variables with values that changes during runtime (but are usually of fixed size)

• The variables are automatically cleared when function returns (stack pointer adjusted)

1. Heap

• Dynamically allocated memory

• Explicitly requested and freed by the programmer

• Size can vary during runtime

• eg. malloc(), new int[x] , etc.

1. Unitialized data (bss)

• This segment stores all uninitialized global and static variables

• These variables are automatically initialized to zero by the system at runtime

1. Initialized data

• This section stores all initialized global and static variables of the program

• Variables in this segment retain their values throughout the lifetime of the program execution

1. Text

• The text segment (or code segment) contains the executable code of the compiled program — in the form of machine code

Example print "hello world!" binary

• We will be using the following print "hello world!" binary as an example:

CTF-Workshop/Reversing/Challenges/HelloWorld/hello_world at master · kablaa/CTF-WorkshopGitHub

We can use the info files command which simply shows the names of targets and files being debugged:

gef> info files
...
        Entry point: 0x8048300
        0x08048134 - 0x08048147 is .interp
        0x08048148 - 0x08048168 is .note.ABI-tag
        0x08048168 - 0x0804818c is .note.gnu.build-id
        0x0804818c - 0x080481ac is .gnu.hash
        0x080481ac - 0x080481fc is .dynsym
        0x080481fc - 0x08048246 is .dynstr
        0x08048246 - 0x08048250 is .gnu.version
        0x08048250 - 0x08048270 is .gnu.version_r
        0x08048270 - 0x08048278 is .rel.dyn
        0x08048278 - 0x08048290 is .rel.plt
        0x08048290 - 0x080482b3 is .init
        0x080482c0 - 0x08048300 is .plt
        0x08048300 - 0x08048492 is .text
        0x08048494 - 0x080484a8 is .fini
        0x080484a8 - 0x080484bd is .rodata
        0x080484c0 - 0x080484ec is .eh_frame_hdr
        0x080484ec - 0x080485b8 is .eh_frame
        0x080495b8 - 0x080495bc is .init_array
        0x080495bc - 0x080495c0 is .fini_array
        0x080495c0 - 0x080495c4 is .jcr
        0x080495c4 - 0x080496ac is .dynamic
        0x080496ac - 0x080496b0 is .got
        0x080496b0 - 0x080496c8 is .got.plt
        0x080496c8 - 0x080496d0 is .data
        0x080496d0 - 0x080496d4 is .bss

From the output, we can see multiple sections such as: .text , .data .bss

Summary table of the memory sections

Binary Exploitationsh4dy's blog

text, data, bss, and decmirzafahad.github.io

Memory Layout of C Programs - GeeksforGeeksGeeksforGeeks

Section	Notes	Reference
.init	Small init code ran by the loader before the main() function	https://ftp.math.utah.edu/u/ma/hohn/linux/misc/elf/node3.html
.plt	Procedure Linkage Table
.fini	Cleanup code that is ran after main() exists	https://ftp.math.utah.edu/u/ma/hohn/linux/misc/elf/node3.html
.rodata (Read-Only Data)	Read-only constant data — non-writable	https://wiki.osdev.org/Program_Memory_Allocation_Types
.text	Text/code segment contains machine code of the compiled program
.got (Global Offset Table)	A section inside of programs that holds addresses of functions that are dynamically linked
.data	Initialized data segment global and static variables that are initialized
.bss (Block started by symbol)	Unitialized data segment global and static variables that do not have explicit initialization all uninitialized variables are initialized to zero at load time (by the loader)