1

I am currently trying to hot patch programs (update code and data in the program memory, according to a released patch).

Assume that we can stop a running program, and do the patch. If the patch changes some data initialization or assignment values, how could we know where the variables are, like those in stack or heap?

Example:

Before patch:

void func() {
    int a = 1;
}

After patch:

void func() {
    int a = 2;
}

When patching, how could we know the location of a in the stack (or maybe not in the stack)?

WindChaser
  • 960
  • 1
  • 10
  • 30
  • I would suggest you patching the initialization instruction in this case; locating the variable in the stack is not reliable (compiler dependent; also there are some optimizations which can make things harder to deal with). Would this solution be acceptable? – Carlos Cortez Feb 03 '16 at 16:44

1 Answers1

1

Unless you have a lot of knowledge of how the compiler works, you cannot know a priori where these variables are stored, or even how they are represented. Each compiler designer makes his own rules for how/where variables are stored.

You might be able to figure out for a specific compiled program, by inspecting the generated code.

Ira Baxter
  • 93,541
  • 22
  • 172
  • 341
  • If we know how one compiler works, how to get them from memory at runtime? Like memory forensics, we do not have to know a priori. – WindChaser Feb 03 '16 at 05:07
  • If you can inspect the object code with a reasonable debugger then you can obviously inspect the value of the variables with that same debugger. This is pretty obvious. I suggest you go learn how to write some assembler, and then learn how to use a debugger. Then it will be obvious to you, too. – Ira Baxter Feb 03 '16 at 05:58