Questions tagged [virtual-memory]
In computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage (such as random-access memory and disk storage), allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which behaves like directly addressable read/write memory (RAM).
29 questions
0
votes
1
answer
128
views
Can VirtualBox .sav files expose sensitive data (RAM contents) and how to extract them?
I have a .sav file created by VirtualBox when a VM was suspended. The VM handles secure keys, and I’m concerned that the .sav file may contain sensitive data.
From my understanding, .sav files can ...
- 3
1
vote
0
answers
220
views
IAT/IDT in memory PE file
Can anyone please explain me this:
First, we look at the last value of the Optional Header, Data
Directories, the Import Directory RVA value. This value gives us the
address of the Import table when ...
0
votes
1
answer
685
views
How to get information about segments of physical memory not described in System.map on linux
When I do in linux root shell cat /boot/System.map-$(uname -r) it returns me segments of memory but there is a big gap around phys_startup_64:
00000000000228c0 D softnet_data
0000000000022a80 d ...
- 57
1
vote
1
answer
694
views
Do modern GPUs have memory protection?
What mechanisms (if any) modern GPUs implement to prevent different processes from accessing each other's memory (on graphics card)?
- 111
1
vote
0
answers
361
views
Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR
I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I'm trying to run the attack on my Intel ...
- 111
1
vote
1
answer
2k
views
Writing to .fini_array
I'm learning about format string exploits, and am attempting to use one on an example program to overwrite the .fini_array section in virtual memory with a stack address containing shellcode (and ...
1
vote
0
answers
873
views
seDebugPrivilege and OpenProcess() - Trying to understand how Windows restricts access to a process' virtual memory
I’ve been trying to understand how operating systems protect processes from each other. My understanding of Windows security is that a process can call OpenProcess() (thereby allowing read and write ...
- 11
2
votes
2
answers
834
views
Docker container which reads memory belonging to another container
The field of maliciously accessing another process's memory has been broadly studied in the Linux environment.
But for some reason I am not able to find similar discussion/similarities for the ...
- 151
1
vote
2
answers
641
views
Can a rootkit write to a virtual memory of a kernel process and rewrite a instruction to jump into his own malicious code inside that process?
So lets say we have a rootkit on our system
can this rootkit write something inside a kernel process?
for example in windows, can a rootkit write to ntoskrnl process, changing some functions and ...
- 97
3
votes
1
answer
153
views
Why code memory pages should be readable?
I understand that each instruction should be read into CPU for execution, which probably is the reason why code pages should be "r-x".
But my observation is that the behavior of reading code into ...
- 330
2
votes
1
answer
908
views
Would it be sufficient to perform ASLR by randomizing only the base address of the executable?
According to Wiki, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
...
- 441
1
vote
1
answer
327
views
Can you encrypt memory of server which hold luks keys?
I have a cloud VM. It's Centos 7 and I used full disk encryption during install. I also installed dropbear SSH to remotely unlock said server in case of a reboot. No one but me have administrative ...
- 13
11
votes
2
answers
6k
views
Ring 1 and Ring 2 Memory Protection Architecture
I have heard that Ring 1 and Ring 2 memory protections are basically no-longer used within modern systems.
However, when I checked into things, all I found was that these rings are somehow associated ...
- 113
5
votes
1
answer
4k
views
Is the Windows paging file safe in the encrypted partition?
I came across this setting called ClearPageFileAtShutdown. The setting is described here and says:
If you are truly worried about security, boot Windows off a fully-encrypted drive. Then you needn't ...
- 73
29
votes
7
answers
6k
views
Reading physical memory frame previously owned by another process to read contents of its memory page
I had a conversation with @anger32 who states that zeroing a physical memory page frame when passing the page backed by that frame to another process is not the responsibility of OSes like Windows and ...
- 920