OSTEP:通过分段管理内存
第十六章:分段
这里记录一个样例作为例子,其他的答案则跳过重复的计算步骤
运行第一个
seed
可以得到以下输出1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18ARG seed 0
ARG address space size 128
ARG phys mem size 512
Segment register information:
Segment 0 base (grows positive) : 0x00000000 (decimal 0)
Segment 0 limit : 20
Segment 1 base (grows negative) : 0x00000200 (decimal 512)
Segment 1 limit : 20
Virtual Address Trace
VA 0: 0x0000006c (decimal: 108) --> PA or segmentation violation?
VA 1: 0x00000061 (decimal: 97) --> PA or segmentation violation?
VA 2: 0x00000035 (decimal: 53) --> PA or segmentation violation?
VA 3: 0x00000021 (decimal: 33) --> PA or segmentation violation?
VA 4: 0x00000041 (decimal: 65) --> PA or segmentation violation?对于
VA 0: 0x0000006c (decimal: 108)
的情况计算如下- 由
Address Size
为128(2^7)
得到高位为第7位 - 将
VA
的0x6c(108)
转为二进制,按7位来算则是1 101100
,因此可以知道这是SEG 1
的地址 - 栈是从最下方的内存反方向增加,
VA
最底部内存位为0x80(128)
,因此0x6c(108)
的VA
对应偏移量为108 - 128 = -20
VA
中0x80(128)
的地址对应PA为0x200(512)
,因此按偏移量-20
算可以得到VA中0x6c(108)
对应的PA
为0x1ec(492)
答案
1
2
3
4
5
6Virtual Address Trace
VA 0: 0x0000006c (decimal: 108) --> VALID in SEG1: 0x000001ec (decimal: 492)
VA 1: 0x00000061 (decimal: 97) --> SEGMENTATION VIOLATION (SEG1)
VA 2: 0x00000035 (decimal: 53) --> SEGMENTATION VIOLATION (SEG0)
VA 3: 0x00000021 (decimal: 33) --> SEGMENTATION VIOLATION (SEG0)
VA 4: 0x00000041 (decimal: 65) --> SEGMENTATION VIOLATION (SEG1)- 由
以第一题为参考;在虚拟地址中
SEG 0
的范围是0-19
,SEG 1
的范围是108-127
,非法地址为20-107
。以下为通过运行
-A
标志对分界点进行分别测试有如下结果1
2
3
4
5
6
7Virtual Address Trace
VA 0: 0x00000000 (decimal: 0) --> VALID in SEG0: 0x00000000 (decimal: 0)
VA 1: 0x00000013 (decimal: 19) --> VALID in SEG0: 0x00000013 (decimal: 19)
VA 2: 0x00000014 (decimal: 20) --> SEGMENTATION VIOLATION (SEG0)
VA 3: 0x0000006b (decimal: 107) --> SEGMENTATION VIOLATION (SEG1)
VA 4: 0x0000006c (decimal: 108) --> VALID in SEG1: 0x000001ec (decimal: 492)
VA 5: 0x0000007f (decimal: 127) --> VALID in SEG1: 0x000001ff (decimal: 511)设置为以下指令即可
1
./segmentation.py -a 16 -p 128 -A 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 --b0 0 --l0 2 --b1 16 --l1 1 -c
输出结果
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17Virtual Address Trace
VA 0: 0x00000000 (decimal: 0) --> VALID in SEG0: 0x00000000 (decimal: 0)
VA 1: 0x00000001 (decimal: 1) --> VALID in SEG0: 0x00000001 (decimal: 1)
VA 2: 0x00000002 (decimal: 2) --> SEGMENTATION VIOLATION (SEG0)
VA 3: 0x00000003 (decimal: 3) --> SEGMENTATION VIOLATION (SEG0)
VA 4: 0x00000004 (decimal: 4) --> SEGMENTATION VIOLATION (SEG0)
VA 5: 0x00000005 (decimal: 5) --> SEGMENTATION VIOLATION (SEG0)
VA 6: 0x00000006 (decimal: 6) --> SEGMENTATION VIOLATION (SEG0)
VA 7: 0x00000007 (decimal: 7) --> SEGMENTATION VIOLATION (SEG0)
VA 8: 0x00000008 (decimal: 8) --> SEGMENTATION VIOLATION (SEG1)
VA 9: 0x00000009 (decimal: 9) --> SEGMENTATION VIOLATION (SEG1)
VA 10: 0x0000000a (decimal: 10) --> SEGMENTATION VIOLATION (SEG1)
VA 11: 0x0000000b (decimal: 11) --> SEGMENTATION VIOLATION (SEG1)
VA 12: 0x0000000c (decimal: 12) --> SEGMENTATION VIOLATION (SEG1)
VA 13: 0x0000000d (decimal: 13) --> SEGMENTATION VIOLATION (SEG1)
VA 14: 0x0000000e (decimal: 14) --> SEGMENTATION VIOLATION (SEG1)
VA 15: 0x0000000f (decimal: 15) --> VALID in SEG1: 0x0000000f (decimal: 15)要让90%的地址可以被访问,则对于
SEG 0
的界限寄存器到SEG 1
的界限寄存器中间地址差要为总虚拟地址的10%
即可。所以地址都失效代表没有可以访问的地址,因此
l0
和l1
界限寄存器都设置为0即可
OSTEP:通过分段管理内存
https://halc.top/p/783d8b13