Access to a specific memory address

Question

I'm a new C programmer, still learning the language itself.

Anyway - I'm trying to access a specific memory address.

I've written this code:

#include <stdio.h>

int main()
{
    int* p = (int*) 0x4e0f68;
    *p = 12;
    getchar();
}

When I try to access a specific memory address like that, the program crashes.

I don't know if this information is relevant, but I'm using Windows 7 and Linux Ubuntu.
(I've tried this code only on Windows 7).

Any explanations why the program crashes? How can I access a specific memory address (an address which is known at compile-time, I don't mean to dynamic memory allocation)?

Thanks.

Answer 1

What you're getting is a segfault - when you're trying to access memory you don't have permission to access. Pointers, at least for userspace, must point to some variable, object, function, etc. You can set a pointer to a variable with the & operator - int* somePtr = &variableToPointTo, or to another pointer - int* someNewPtr = somePtr. In kernel mode (ring 0) or for OS development, you can do that, BUT IT IS NOT ADVISED TO DO SO. In MS-DOS, you could destroy your machine because there was no protection against that.

Answer 2

Just to clrify one phrase the OP wrote: strictly speaking, no address associated to a program (code or data) is known at compile time. Programs usually are loaded at whatever address the OS determines. The final address a program sees (for example, to read a global variable) is patched by the OS in the very program code, using some sort of relocation table. DLL functions called by a program have a similar mechanism, where the IDATA section of the executable is converted into a jump table to jump to the actual address of a function in a DLL, taking the actual addresses from the DLL in memory.

That said, it is indeed possible to know by advance where a variable will be placed, if the program is linked with no relocation information. This is possible in Windows, where you can tell the linker to load the program to an absolute virtual address. The OS loader will try to load your program to that address, if possible.

However, this feature is not recommended because it can lead to easily exploiting possible security holes. If an attacker discovers a security hole in a program and try to inject code into it, it will be easier for him if the program has all its variables and functions in specific addresses, so the malicious code will know where to make patches to gain control of that program.

Answer 3

Strictly speaking you cannot create a valid pointer like this. Valid pointers must point to valid objects (either on your stack or obtained from malloc).

For most modern operating systems you have a virtual memory space that only your process can see. As you request more memory from the system (malloc, VirtualAlloc, mmap, etc) this virtual memory is mapped into real usable memory that you can safely read and write to. So you can't just take an arbitrary address and try to use it without OS cooperation.

An example for windows:

#include <windows.h>
#include <stdio.h>

int main(void)
{
    SYSTEM_INFO sysinfo;
    GetSystemInfo(&sysinfo);
    unsigned pageSize = sysinfo.dwPageSize;
    printf("page size: %d\n", pageSize);

    void* target = (void*)0x4e0f68;
    printf("trying to allocate exactly one page containing 0x%p...\n", target);
    void* ptr = VirtualAlloc(target, pageSize, MEM_COMMIT, PAGE_READWRITE);

    if (ptr)
        printf("got: 0x%p\n", ptr); //   ptr <= target < ptr+pageSize
    else
        printf("failed! OS wont let us use that address.\n");

    return 0;
}

Note that this will give you different results on different runs. Try it more than once.

Answer 4

That's memory you don't own and accessing it is undefined behavior. Anything can happen, including crashing.

On most systems, you'd be able to inspect the memory (although technically still undefined behavior), but writing to it is a whole different story.