1.8.9 Using malloc() when exploiting the C library
If heap support is required for bare machine C, you must implement _init_alloc()
and__rt_heap_extend()
.
_init_alloc()
must be called first to supply initial heap bounds, and
__rt_heap_extend()
must be provided even if it only returns failure. Without
__rt_heap_extend()
, certain library functionality is included that causes problems when you are writing bare machine C.
Prototypes for both
_init_alloc()
and
__rt_heap_extend()
are in
rt_heap.h.
以上摘自http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.swdev.comp6/index.html
程序包含头文件:rt_heap.h,stdlib.h。注意不要勾选MicroLIB。
汇编代码中设置Heap大小,我设置为4KB。
Heap_Size EQU 0x00004000
跟高级的方法如下:
简单的测试代码如下:
调试可看到如下结果:
其中p,k是两次malloc得到的地址,i为两次得到的mallac得到地址的间隔,需要注意malloc得到的内存是8字节对其的。a是写入的一个数据。该程序执行一段时间后会内存泄漏,因为没free,去掉free()的注释即可。以下是free(p)的调试结果:经过多次malloc后得到的内存地址始终是0x20002570。
总结:
- .If heap support is required for bare machine C, you must implement
_init_alloc()
and__rt_heap_extend()
.
- 分配的内存地址8byte对齐;
- #define HEAP_BASE 0x20002558这里的地址可以看*.map文件Heap_Mem的值。这里应该可以通过汇编和C的混合编程来实现,暂时没试。
饿死了,以上暂作笔记用,找时间再整理下测试下