Okay so, lets say I have an integer.
When I execute the program, that integer gets an address.
Makes sense.
But, there is many programs out there. Lets see, when creating any game hack, lets say minesweeper I find address of where that data stored and change it.
But... That hack, that simple hack which just changing some address... Works on every computer and every-time.
The question is, that data is getting same address every-time.
And on my computer, there is about 30 exe running now.
Don't other programs want that address ? What If they want that address ? Why that hack works every-time ? Why other programs dont want that very same address ? How its working every-time ?
Every application gets it's own virtual addressing space (4GB on 32 bit machines) to overcome that problem in a multitasking operating system.
Here is a pretty good article covering the subject.
Your "hack" is probably locating a process using something like OpenProcess and editing the memory using WriteProcessMemory. That's why it works on "all" machines.
Basically, you need to read about virtual memory. The purpose of virtual memory is to abstract away the physical address space, and give each process (i.e. each application) its own "virtual" address space, which avoids the problem that you're describing.
If your minesweeper hack consists of manipulating data stored on a specified static address, there's no way it would work on every computer.. Program memory allocation is OS dependent.
Related
I am currently looking for a way to synchronize confidential files between two PCs (and possibly an always running raspberry pi - would serve as a host and backup).
On each PC I have an LUKS-encrypted partition. I want to synchronize the files in those partitions with the rpi, but I don't want to store them on rpi in clear text.
I think the only reliable way is to encrypt the files while still on the PC (in every other way the files could be obtained as long as there is physical access to the rpi).
One possible way is storing the files also in a encrypted partition of the rpi and sending the pass-phrase to the rpi every time I want to sync, but I did not find an extremely simple way to do this (e.g. Unison doesn't over such a feature) + the pass-phrase could be obtained by simple manipulations.
The second way I thought of was storing the files in an encrypted container an synchronizing the container, but with every little change the whole file would have to be uploaded to the rpi.
So, is there a fast way to encrypt single files (esp. only the changed ones and possibly combine it with synchronization right away)?
I read openssl is one way of encrypting single files.
I don't know much about encryption or synchronization, but I want to find a way that is reasonably safe and not more than reasonably complex and doesn't use any external services...
Thank you very much for reading and considering my question,
Max
Edit: One part that might solve my problem right away:
If I use a container (luks) and change some files, will the changes in the container file be proportional to the changes I made in the files AND will rsync only transmit the changed parts of the big container file?
Edit: After editing my question the first time I continued researching and found this article: Off Site Encrypted Backups using Rsync and AES
This article covers backing up files to a remote machine and encrypting them before transmitting them. The next step will be to compare files and use the more recent one. I can probably use a local sync mechanism (which rsync offers) if there not an option for that already.
Edit: I finally found this discussion debating whether a truecrypt container could be synced via rsync. The discussion concluded that it in fact is possible. This might be the perfect solution for me then. I would still be interested whether it is possible with luks-containers as well (I might try that out), but I will probably simply use truecrypt.
This discussion presents a solution.
If a truecrypt container is synced by rsync only the affected blocks of the container will be updated.
I tried out the procedure explained in the article using an LUKS-container (aes-xts-plain) and it worked, too. So, this answers my question.
I understand that xen allocates all the physical memory required by the guest when the guest gets started. Also it maintains a shadow page table (I'm assuming it uses struct page_info to maintain this. Am I correct? If not can anyone explain?) which I wish to access, because I need to traverse that list to check whether the guest to which this page is assigned to has at least accessed it once.
struct page_info {
union {
};
pointer next, prev;
union {
};
};
Can anyone explain me how I can acheive this?
I understand that xen allocates all the physical memory required by the guest when the guest gets started.
Possibly. I think that the current Xen toolstack does do this, but there are proposals to instead just perform a reservation for the physical memory of the guest without actually performing the allocation until the guest actually accesses it. The motivation for this is to allow memory overcommit to increase the host's capacity for guests that allow memory ballooning, and the avoid the time-consuming scrub of all of the guest memory, that is required for security purposes and isolation enforcement, prior to running the guest.
Also it maintains a shadow page table
For some guests, in some configurations, yes. It will do so for fully-virtualized (aka HVM) guests, where Xen is not using hardware extended page table support (eg. Intel EPT). It will not do so for paravirtualized guests.
(I'm assuming it uses struct page_info to maintain this. Am I correct? If not can anyone explain?)
Hmm. The shadow page tables are a very sophisticated and intricate piece of software. They use multiple datastructures to maintain the virtualized address space of the guest. I think you'll need to study the code in detail to get a handle on it. It's beyond the scope of a short answer here.
which I wish to access because I need to traverse that list to check whether the guest to which this page is assigned to has at least accessed it once.
You'll need to mark the page as absent in the guest page tables, and modify the page fault handler in Xen's shadow page table code to fix it up as present on trap, but also update your own datastructure for tracking the accesses as they occur. There is code similar to this for tracking guest pages accesses for writes, not reads, called dirty bitmap tracking which is used when performing live migration of virtual machines.
Can anyone explain me how I can achieve this?
It would help if you could explain your motivation for wanting to track guest read accesses to physical memory locations.
Is there any way to run an NBD (Network Block Device) client and server on the same machine without deadlocking the system?
I am very exhausted looking to find an answer for this. I appreciate if anyone can help.
UPDATE:
I'm writing an NBD server that talks to Google Storage system. I want to mount a file system on the NBD and backup my files. I will be hugely disappointed if I have to end up running the server on another machine. Few ideas I already had seem to lead nowhere:
telling the file system to open the block device using O_DIRECT flag to bypass the linux buffer cache
using a raw device (unfortunately, raw devices are character devices and FSes refuse to use them as underlying device)
Just for the record, having the NBD client and server on the same machine has been possible since 2008.
Use a virtual machine (not a container) - you need two kernels, but you don't need two physical machines.
Since the front page of the Sourceforge project for NBD say that a deadlock will happen "within seconds" in this scenario, I'm guessing the answer is a big "No."
Try to write a more complete question of what actual goal you're trying to accomplish. There's some times that you need to bang away at a little problem, and some times that you need to look at the big picture.
Suppose I'm starting two instances of the same program. Will the text region of both programs have same virtual addresses?
Depends. On most systems, if you run the same program twice in the same environment (same parameters, etc.), you'll find the same address mapping. This is simply because most of what the process does is deterministic, dependent only on the environment, command-line parameters, contents of files read, but not on changing data such as the date or process ID. This is very useful when debugging: if you restart your program, sometimes even after a small code change and recompilation, you have a chance that the memory layout remained the same. Of course, different instances of the program running concurrently may have the same virtual addresses, but they won't have the same physical addresses.
Some systems, such as OpenBSD, or Linux with various hardening settings, implement address space layout randomization (ASLR). ASLR means that each time a process starts, the virtual addresses of its code, data, stack(s) and heap(s) are determined at random. This is a security features, designed to make exploits of security vulnerabilities harder: the exploit code can't just access known code at known addresses. However, as ASLR becomes more popular, exploits also become more sophisticated to work around it. ASLR remains useful because it increases the workload for the exploit writer without adding a lot of complexity.
Probably not, but it's possible that they could. Each process has its own independent memory space.
Is there a way to store values on client side permanently?
I have a site, flash game (the game is not developed by me, of course), after you registered, it will recognize you even after u close browser, clear cache and cookies, and even restart computer and modem. Where do they store the values? Why the flash game can recognize me after few days?
After research in google, I still cant get the answer. My guess is, is it stored in my computer RAM? How could it possible? If my guess is true, how do we store values in RAM??
FYI:
The flash game is created in : AS3
RAM is not perisistent with reboots. So its not possible to remember anything stored in RAM even after a single reboot. I have read about something called "Local Shared Objects" which are a bit more than the normal ones. Clearing normal caches/cookies wont clear them away.
It's probably stored on the server, and the client is recognised by IP address and maybe also browser id string.
Maybe it's a Flash Cookie?
Can't store in RAM if you're saying that it remembers you after reboot.
Your modem have an IP and also another ID which can be in this form:
c9067688.static.spo.virtua.com.br
Maybe it's taking this ID...
the game recognizes you only after logging in to the site or just open the url..??
if it recognizes you after login, then its probably stored it in a server.