Process Memory

Pwncollege

Memory: Process Perspective

Process memory is used for A LOT:

Memory ↔ Registers Memory ↔ Disk Memory ↔ Network Memory ↔ Video Card

There is too much memory to name every location (unlike registers).

What is process memory? 

Process memory is to the portion of a computer’s memory that is allocated to a specific running program, known as a process. 

When a program is executed, the OS creates a process and assigns it its own isolated memory space, which includes several distinct regions: 

  • the code segment (where the compiled program instructions reside), 
  • the heap (used for dynamic memory allocation), 
  • the stack (used for function calls and local variables), and 
  • the data segment (for global and static variables). 

This isolation ensures that each process operates independently, without interfering with the memory of other processes, which is essential for stability and security. The memory layout is managed by the OS using mechanisms like virtual memory and page tables, allowing processes to use a simplified, linear view of memory while the OS handles the translation to actual physical memory.

Why is process memory addressed linearly? 

Example is from Yan at pwn.college, but rewritten in a form that the author understands better. 

That said, the sheer size of process memory makes it impractical to assign names to every individual location, unlike CPU registers, which are limited in number and can each have specific names. Instead, memory is addressed linearly. 

(As a refresher, this means each location is given a unique numerical address in a continuous range). 

For most systems, this range begins at address 0x10000, a starting point chosen for security reasons, such as avoiding low-address memory that could be targeted in certain types of attacks.  (WHAT TYPES?) 

The address space extends up to 0x7fffffffffff, a limit defined by the constraints of the system architecture and the OS. 

Each memory address in this range corresponds to exactly one byte of memory, enabling fine-grained access and control. As a result of this design, a process can theoretically address up to 127 terabytes of RAM, providing an enormous space for applications to operate within, while also simplifying memory management and access patterns.

TODO

  • When a process starts up, a place in memory is created… known as the stack
  • Great stack visualization : View File 
  • Watch youtube videos and explain why the stack grows downward