I have an address (i.e. 0x010f73fc) and I need to know where this address exist ? is it on stack or heap ?
In another way, how to differentiate between addresses that belong to the stack and addresses that belong to heap ?
Asked
Active
Viewed 2,286 times
1
-
It depends on the OS and the compiler. – user93353 Aug 03 '13 at 18:27
-
I think there is a memory map feature, which lists regions of memory together with their purpose. – CodesInChaos Oct 06 '13 at 18:38
3 Answers
1
As a general rule, you can't know just from the address. But with some context you can. Look at the SP register, for example. The stack and the heap typically grow toward each other, so in a low memory pressure environment, the addresses should be far apart.
tylerl
- 82,225
- 25
- 148
- 226
1
You cannot really know that because each thread has its own stack, and the stacks for threads are allocated... on the heap.
A given OS will normally have a reserved pre-allocated area for the stack of the "main thread", but this depends on the exact version of the OS and it may even, conceptually, be moved around randomly at each execution. Your debugger, though, if attached to the process, should be able to give you the list of currently running threads and, for each of them, their current stack pointer, giving you clues as to the whereabouts of all these stacks.
Tom Leek
- 168,808
- 28
- 337
- 475
0
Well you can find it on your system at a particular time but you cannot judge that at all times that address ( even on your machine) will be in stack or heap .
In old days before ASLR you could simply open the program in a debugger ( like immunity) and see where the address belongs to , for that particular program . Now its not possible even for the same program .
oldnoob
- 300
- 1
- 3