Image of the process in memory. We assume that there is now a program, its function call order is as follows. Main (...) -> func_1 (...) -> func_2 (...) -> func_3 (... That is: the main function main call function func_1; function func_1 call function func_2; function func_2 call function FUNC_3 When the program is transferred to memory operation, the image corresponding to the memory is shown below. (Memory Ga) -------------------------------------- | ...... .. omissions we don't need to care about the area ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | Env strings | / ------------------------------------- - / | Argv strings | / ----------------------------------- --- / | ENV Pointers | SHELL environment variables and command line parameters ----------------------- ------------- / | Argv Pointers | / --------------------- --------------- / | argc (the number of command line parameters) | / --------------------- ----------------- | Main function stack frame | / -------------------------------------------------------------------------------------------------------------------------------- ------------------ / | Func_1 function stack frame | / --------------------- ---------------- / | FUNC_2 functions | / ---------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------- / | FUNC_3 function stack frame | Stack .................... .................. / | | / ...... / | | / .............. ...................... / | HEAP (Heap) | /
-------------------------------------- | Uninitialiad (BSS) Data | Non-initialization data ( BSS) District -------------------------------------- | Initialiad Data | Initialization Data Area ------------------------------------ | Text | Text Region ---- -------------------------------- (Memory low site) The following is: i) The function calling layer increases, the function stack frame is a block extending in the memory low address direction. As the function calls the number of functions, that is, the returns of each function call, the stack frame will be abandoned one block The resettlement of the memory. The size of the stack frames of each function varies with the nature of the function, and the number of local variables of the function is determined. II) The dynamic application of the process to the memory is in Heap (heap) That is, as the number of memory numbers of the system is increased, Heap may extend to the college or low site, depending on the implementation of the CPU. But it is generally high to memory. Address direction growth. III) In the case of BSS data or stack, the growth of the system is allocated to the free memory of the process, the process will be blocked, and the operating system is reselected with a larger memory module to schedule operation. (Although nothing to do with Exploit, knowing still) IV) The stack frame contains the parameters of the function (as for the argument of the called function is a stack frame placed in the call function or called the function stack frame. Then rely on the implementation of different systems), its local variables and stack frames that recover the function of the function ( That is, the data required for the previous stack frame, which contains the address of the next execution instruction of the call function. V) Non-initialization data (BSS) area for static variables of the program, this part of the memory is initialized Zero. Initialization Data Area is used to store initialization data in executable files. These two districts are called data area. Vi) Text is a read-only area, any attempt to write to the area Error. The text area is shared by a plurality of processes running the executable. The text area stores the program's code. 2) The function of the stack frame. The stack frame created when the function call contains the following information: i) The return address of the function is stored in a stack frame stored in the stack frame of the calling function or the call function, depending on the implementation of the different systems. II) The stack frame information of the function, that is, the top and the bottom of the stack. III) The space IV assigned by the local variable assignment of the function is the space allocated by the parameter of the modified function - depending on the implementation of different systems.