CODEWITHSUNDEEP
memory-management
George Johnston
George Johnston

Reputation: 32258

How is an array stored in memory?

In an interest to delve deeper into how memory is allocated and stored, I have written an application that can scan memory address space, find a value, and write out a new value.

I developed a sample application with the end goal to be able to programatically locate my array, and overwrite it with a new sequence of numbers. In this situation, I created a single dimensional array, with 5 elements, e.g.

int[] array = new int[] {8,7,6,5,4};

I ran my application and searched for a sequence of the five numbers above. I was looking for any value that fell between 4 and 8, for a total of 5 numbers in a row. Unfortunately, my sequential numbers within the array matched hundreds of results, as the numbers 4 through 8, in no particular sequence happened to be next to each other, in memory, in many situations.

Is there any way to distinguish that a set of numbers within memory, represents an array, not simply integers that are next to each other? Is there any way of knowing that if I find a certain value, that the matching values proceeding it are that of an array?

I would assume that when I declare int[] array, its pointing at the first address of my array, which would provide some kind of meta-data to what existed in the array, e.g.

0x123456789 meta-data, 5 - 32 bit integers 
0x123456789 + 32 "8"
0x123456789 + 64 "7"
0x123456789 + 96 "6"
0x123456789 + 128 "5"
0x123456789 + 160 "4"

Am I way off base?

Upvotes: 7

Views: 13168

Answers (5)

Hans Passant
Hans Passant

Reputation: 941317

Debug + Windows + Memory + Memory 1, set the Address field to "array". You'll see this when you switch the view to "4-byte Integer":

0x018416BC  6feb2c84 00000005 00000008 00000007 00000006 00000005 00000004

The first address is the address of the object in the garbage collected heap, plus the part of the object header that's at a negative offset (syncblk index). You cannot guess this value, the GC moves it around. The 2nd hex number is the 'type handle' for the array type (aka method table pointer). You cannot guess this value, type handles are created by the CLR on demand. The 3rd number is the array length. The rest of them are the array element values.

The odds of reliably finding this array back at runtime without a debugger are quite low. There isn't much point in trying.

Upvotes: 8

Jonathan Wood
Jonathan Wood

Reputation: 67193

Although I see you are using C# and, presumably, .NET, most of your question is in very general terms about memory. Keep mind that, in the most general sense, all memory is just bits whether that memory holds an array, strings, or code.

With that in mind, unless you can find tell-tale signs of your current platform's way of allocating different data types, there is no difference between memory that contains arrays, strings, or code.

Also, I wouldn't make any assumptions about if an array "points" to the first item in the array. Perhaps someone else can address this issue specifically, but I would assume some sort of header is involved.

Upvotes: 0

Tom B
Tom B

Reputation: 2180

I don't know exactly but this article seems to suggest that you can get a pointer to your array, with which i would think you can determine the actual address.

Upvotes: 0

ox_n
ox_n

Reputation: 667

Memory is not always stored contiguously. If you can ensure that it is, what you are asking is possible.

Upvotes: -1

Aliostad
Aliostad

Reputation: 81660

Don't. Array is stored on the heap and subject to re-location due to garbage collection. You have to use fixed if you need to make sure memory is not moved in which can you can use but only very carefully.

If you are after high-performance arrays, use stackalloc and use your code scheme.

Upvotes: 0

Related Questions