if you put a number thats out of the range of an array, could you mess with other programs memory? and if so, could I write a virus that makes itself start on boot and c̶o̶m̶p̶l̶e̶t̶e̶l̶y̶ to a certain extent ruin the host computer?
noob C++ arrays/subscipt operator question
- Thread starter Nyap
- Start date
- Views 812
- Replies 6
Depends what operating system. Modern security tends to get a bit touchy about executables touching others, most operating systems are designed to virtualise memory in some way, even if you manage it then a lot of programs use ASLR or a similar technology that randomises memory locations for outside reads. This also assumes your compiler does not catch it (though I suppose you could force it if so).
This also does not account for permissions level security (adding things to boot/startup tending to be a restricted activity).
There are things you can do by what is almost a buffer overflow you programmed yourself but in the scenario you describe you would already have arbitrary code execution so there is no point in really considering it from that angle.
This also does not account for permissions level security (adding things to boot/startup tending to be a restricted activity).
There are things you can do by what is almost a buffer overflow you programmed yourself but in the scenario you describe you would already have arbitrary code execution so there is no point in really considering it from that angle.
What FAST said, but just to tack onto the point about the compiler... In case the compiler doesn't catch it, you run into a wonderful world of pain and unpredictable behaviour. Most likely, as arrays and by extension vectors have no bounds checking (too unperformant), you'd run into memory leakage as the trend for OSes now is to isolate memory space on a per-application basis. Your program would probably just crash.
Didn't they say the same about "random" jumps/branches? And then we got return oriented programming.
For small out of bounds access, you'd just get whatever garbage is after your array in memory. If you escape your application's allocated memory, you'll likely get an exception of some sort.
A sandbox is usually a specific way things are run and thus it would not quite qualify, or at least risk confusion as asking someone to run something in a sandbox means something. It is possible for programs to fiddle with the contents of other programs (it is how your debugger works, your hex editor might well have the functionality and so forth) but it is not normal for them to do it in end user machines -- it is why you have DLL/library calls, terminal/command line stuff and a bunch of other APIs depending upon the programming style. In X86 at least there is also the concept of rings (you might have heard of things like ring 0 root kits or ring 0 drivers or ring 0 DRM) that theoretically protect things from other programs running at higher rings but let us not go there.
If you want to get a bit more complex then http://www.plantation-productions.c...indows/HTML/MemoryArchitecturea3.html#1023797 and http://www.plantation-productions.c...m/Windows/HTML/MemoryAccessandOrg.html#999687 has some stuff.
If you want to get a bit more complex then http://www.plantation-productions.c...indows/HTML/MemoryArchitecturea3.html#1023797 and http://www.plantation-productions.c...m/Windows/HTML/MemoryAccessandOrg.html#999687 has some stuff.
Similar threads
-
- Portal
