Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I edit random memory? [closed]

I'm getting a new computer, so a friend and I decided that we wanted to play essentially Russian roulette with our computers' memory. The general premise is that we randomly take a position in memory and assign it to a random value and see whose computer glitches/crashes fastest or the worst. None of what I'm doing is intended to be a good idea, so unsafe practices are accepted, even encouraged here.

This is what I have so far:

#include <iostream>
#include <stdlib.h>
#include <time.h>

// use preprocessor to avoid losing this data during the running of the program
// 4GB RAM (4 * 2^32 bytes)
#define NUM_MEMORY_LOCATIONS 4294967296

int main()
{
    // Intializes random number generator
    time_t t;
    srand((unsigned) time(&t));

    while (true)
    {
        // 4GB RAM (2^32 bytes)
        /** generate a 31-bit number between 0b0 (0) and 0b111 1111 1111 1111 1111 1111 1111 1111 (4294967295) **/
        // generate a 15-bit number between 0b0 (0) and 0b111 1111 1111 1111 (32767)
        unsigned long int hi = rand() % 32768;
        // shift the bits
        hi <<= 16;
        // generate a 15-bit number between 0b0 (0) and 0b111 1111 1111 1111 (32767)
        unsigned long int med = rand() % 32768;
        // shift the bits
        med <<= 1;
        // generate a 1-bit number between 0b0 (0) and 0b1 (1)
        unsigned long int lo = rand() % 2;
        // combine to make final random number
        unsigned long int randNum = hi + med + lo;

        // select a random position in memory
        void * randomPointer = 0;
        randomPointer += randNum;

        // Something like this here to break my computer:
        //*randomPointer = 0;
    }
}

I don't know how I can set this value, even to just 0. Also, I'm not sure what pointer type I should use. The void pointer doesn't seem to work, but I may just not fully understand the intricacies of unsafe memory management in c++.

Does anyone know how I could do this? Any help would be appreciated.

like image 620
DeadEli Avatar asked Sep 01 '14 06:09

DeadEli


4 Answers

You can't do that with your code: on x86-64 systems you will get an access violation for every address not pertaining to your executable address space.

The OS is in charge of deciding which addresses belong to a given process (they undergo a MMU translation process which ultimately decide if the address pertains to the process or not), in case it doesn't the processor is notified and according to the OS you might get an access violation or a segmentation fault.

On a linux system you would usually edit another process' memory wth something like ptrace to debug another process. Another possibility is to edit /dev/mem. For both you will need root access.

On a Windows system instead you could use ReadProcessMemory and WriteProcessMemory or directly inject your code into the target whose address you generated (CreateRemoteThread).

Anyway keep in mind the main reason why you can't accomplish it with your current code: modern OSes run your application in a paged environment, i.e. they provide a virtual address space which does not necessarily (and usually don't) map to physical addresses. What you're trying to do is thus wrong because those addresses won't be mapped to physical locations. If you really want to go that way you'll have to disable or bypass segmentation mechanisms, ring3/0 protections, paging, MMU-involved translations and probably deal with a ton of other issues regarding reserved addresses and MMIO registered intervals.

like image 178
Marco A. Avatar answered Oct 06 '22 20:10

Marco A.


All modern desktop operating systems use virtual process address spaces. This means that your process sees 4GB of memory (on a 32-bit operating system; much more on 64-bit systems) that it own all to itself and can't see memory owned by other processes or the operating system kernel. How that virtual address space maps to physical memory and swap space is up to the operating system and changes over time as memory is swapped in and out.

So the worst you can expect from your experiments is to crash the program you've written. To do anything else, you need to be in kernel space.

like image 42
Tom Avatar answered Oct 06 '22 19:10

Tom


Due to the virtual memory mechanism, what you are attempting to do is not possible the way you are attempting to do it. Memory addresses in your process are mapped to actual physical memory locations by the virtual memory manager (VMM) of your OS. If you try to read from or write to an address that has not been allocated to your process by the VMM you will simply crash your own process (access violation on Windows, segmentation fault on Linux, etc.).

On Linux you can accomplish this a different way if your process has root privileges; just open the /dev/mem node as a file and seek to a random location, then write random or zero values. (Effectively the same thing you are doing in your code, only with file I/O operations -- seek and write -- instead of dereferencing pointers.)

like image 45
cdhowie Avatar answered Oct 06 '22 18:10

cdhowie


For the pointer, just use an "int *".

With that said, the memory that program is trying to access is only its own memory. In order to access all of the computers RAM (and not even all of it's virtual memory), it would take some O/S-specific tricks, as well as administrative privileges, to get access to memory outside of the program itself.

like image 38
ash Avatar answered Oct 06 '22 18:10

ash