I am using a basic process that uses execve (), which defines the specific environment variable described If I look at the memory location $ esp + 0x240 in the parent process's basic process, then I get all the environmental variables. Even after the hair process starts, I am unable to find the memory address where the predefined environment variable is stored Did Or.
I would have thought that since the execve () changes the original process with the original process, the child passes the process to the environment variable 0xbffffffa will be located in the length of the environment variable string (in Linux) from zero. However, when the baby process is initiated then I do not have access to that place in memory. I execve () 0xbffff120 before running the original process, once the baby process has started esp jumps to 0xbf9835a0. (I think this is because the child has basic privileges in the process which was not in the original process) Now when I see the memory above the heap up to that point where I do not have access to memory, then there is no one there Signed any environment variable passed through the parent process. Where will they be located? Also, on a more general note, when you run a process, the environmental variable is at the very bottom end in the memory of the very bottom of the pile?
#include & lt; Stdio.h & gt; # Include & lt; Stdlio.h & gt; #include & lt; String.h & gt; # Include & lt; Unistd.h & gt; Four envvari [] = "\ x31 \ xc0 \ ...." Any environment variable may be int main (int argc, char * argv []) {char * env [2] = {envvari; 0}; Unsigned int i, ret; Four * buffer = (four *) molk (160); Char * args [] = {"NotesChurch", Buffer, 0}; Ret = 0xbffffffa - (size envvari -1) - Stellen ("./ notesearch"); (I = 0; i & lt; 160; i + = 4) * ((unsigned int *) (buffer + i) = for; Execve ("./ notesearch", args, env); Free (buffer); }
execve () does not create a hair process, it changes the current process In addition, execution () does not give () the system call that makes the hair process if execve () is successful, then execve () after the free (buffer) call will not be executed.
No comments:
Post a Comment