LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Read memory? (http://www.linuxquestions.org/questions/linux-general-1/read-memory-912020/)

southpau1 11-05-2011 10:10 AM

Read memory?
 
Hello! I have a need to read my Linux RAM, and specifically, I need to know the memory addresses of everything in memory. What is the easiest way to do this?

I know /dev/mem has the contents of memory, but when I open it it is just jibberish. I also don't know if /dev/mem will include the memory addresses.

Please help!

jefro 11-05-2011 11:23 AM

Kind of a risky thing to try to read all ram. You can't easily freeze a system nor read all ram unless you have magnetic core ram.

What are you trying to do exactly?

southpau1 11-05-2011 11:28 AM

Ok I guess what I am really trying to do it somehow write a specific string to memory, and then determine the address of that string.

For example, I want to write 'hello' to memory, and then determine the memory location..

I'm trying to do this with malloc right now, but have never used it before.

jefro 11-05-2011 02:10 PM

In machine language you could do that easier I'd think. Been a very long time since I did that.

Every bit of the computer for the most part is a memory address. Ram and hard drive chips and hard drive area are simply a memory location.

Might be in your interest to create a virtual hard drive or ramdisk/ramdrive. It is a ram based hard drive that you can write to and read from.

Still don't know why you want this task. You'd have to see that the area is free to begin with, then lock it for your use then write to it. That can be done with a few web pages help. Then a number of ways to read it. Some hex editors can access by ram address. I'm sure other apps can read or display a memory address.

southpau1 11-05-2011 06:32 PM

So its another buffer overflow issue. I need to exploit a buffer overflow and overwrite the RET address of a program with the memory address of some code that I want to execute. So I need to be able to put the code I want to run in memory, and I also need to know its memory address so I can set the RET address to the correct value.

onebuck 11-06-2011 10:37 AM

Hi,

Quote:

Originally Posted by southpau1 (Post 4516864)
So its another buffer overflow issue. I need to exploit a buffer overflow and overwrite the RET address of a program with the memory address of some code that I want to execute. So I need to be able to put the code I want to run in memory, and I also need to know its memory address so I can set the RET address to the correct value.

If I understand your request, I think that you are looking at this issue wrong. When you develop a program the 'calls' when executed will push a return address onto the stack. When the 'ret' is executed then that return address is popped off the stack. If you are debugging then breakpoints can be used within to allow stepping the program through the program. If the program that you are calling supports externals then it should be easy to find the address or modify to suit if Open Source. Other wise you would need to disassemble, which can be a hassle at times. Better if you have the source. :) If you are not careful the stack will be mangled for that program.

Whenever you compile then link the addressing is allocated. Look at linker then look at Assembler Language wiki section 2.2 Macros for some examples related to ASM. The above links should provide enough to understand procedural aspects.

You could look at things from a high level language perspective. In-line is nothing new. CS in such short time/post is difficult.

HTH!

southpau1 11-10-2011 09:52 AM

Thanks, I'll keep digging!


All times are GMT -5. The time now is 05:09 PM.