CMU 的编程难题:如何找到堆栈基址的过程控制块的位置
我在 CMU 读到了《专家 C 编程:Peter Van der Linden 所著的深层 C 秘密》一书中的一个编程难题。
该难题规定编写一个程序来读取数字文件并打印平均值。程序必须运行得尽可能快,并且必须用 PASCAL 或 C 语言编写程序。
看起来程序员创建的程序实际上只花了零下三秒。经过仔细检查,发现程序员知道进程控制块相对于堆栈基址的存储位置。因此,他制作了一个指针来访问进程控制块,并用一个非常高的值覆盖了“CPU-time-used”。操作系统没有预期到如此高的值,因此,它在二进制补码方案下将该高正值视为负数。
现在,我想知道他是怎么做到的。我知道使用这段代码我们可以找到堆栈的基地址。
int main()
{
int i;
printf("The base value of the stack is %#d", &i);
return 0;
}
我可以理解,堆栈向下增长,堆栈的底部将位于物理内存的顶部。因此,堆栈的基址将位于系统内存(内核内存/内核地址空间)下方。所以,他使用堆栈作为基础。但他怎么知道进程控制块存放在系统内存的什么地方呢。 另外,进程控制块的结构是怎样的。
有谁知道这件事吗。
I read a programming puzzle at CMU from the book Expert C programming: deep C secrets By Peter Van der Linden.
The puzzle stated to code a program to read a file of numbers and print the average. The program must run as fast as possible and the program had to be written in PASCAL or C.
It seems a programmer had created a program that actually took minus three seconds. On scrutinizing, it was found that the programmer knew where the process control block was stored relative to the base of the stack. So, he crafted a pointer to access the process control block and overwrote the "CPU-time-used" with a very high value. The operating system didn't expected such a high value and so, it treated that high positive value as a negative number under the two's complement scheme.
Now, I wanted to know how did he do that. I know that using this code we can find the base address of the stack.
int main()
{
int i;
printf("The base value of the stack is %#d", &i);
return 0;
}
I can understand that the stack grows downwards and base of the stack will be at top of the physical memory. So, the base of the stack will be below the system memory (kernel memory / kernel address space). So, he used stack as the base. But how did he knew where the process control block is stored in the system memory.
Moreover, what is the structure of the Process Control Block.
Do anyone know about this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为今天的情况并不那么简单,包括虚拟内存等等(我的猜测;我不知道这本书是什么时候写的)。
我的建议是阅读经典的为了乐趣和利润而粉碎堆栈以获得介绍。如果这些概念对您来说是新的,那么您会很高兴阅读它并学习一些非常重要的东西。
I don't think it's as straight forward today, with virtual memory and all (my guess; I don't know when the book was written).
My suggestion is to read the classic Smashing the stack for fun and profit to get an intro. If those concepts are new to you, you'll have a blast reading it and learning some really important stuff.
在某些实现中,*nix 将用户结构映射到用户空间内存中,并且堆栈位于其下方。如今,这几乎不可能实现。
相关排序: Linux 下的伪随机堆栈指针?
It used to be true in some implementations that *nix mapped the user structure into user space memory and the stack was under it. Today, it's pretty unlikely that this is possible.
Sort of related: Pseudo-random stack pointer under Linux?