Geek Answers Handbook

Positioning an object in memory using Java?

I used simple test code and created an object in Java.

I used the System.identityHashCode function to get a roughly equivalent address. Please review this question. I asked for more context: Click here

Start

1220081709 164644435 164644435 1220081709 1714981267 164644435 1220081709 164644435 164644435 1739421607 1714981267 1789308653 1714981267 1714981267 164644435 164644435 1220081709 1220081709 2094048729 164644435 764062238 1789308653 1697022030 1118942403 550670442 1611083771 2011117821 1612097414 1867546546 233814070 1965484127 1298264335 1494824825 109647522 304933128 1115100554 405223709 924232526 826845731 429521180 1269934693 2099901365 1295986757 1870277025 1027818036 179274584 148376547 536111262 1728081269 1293046055 1838022392 1522234469 1222033772 90080249 2773808 188006096 870010735 54270722 821556544 1594958326 1573703228 1728468445 1357862146 280371153 618846953 697436650 852031224 667823572 623839641 857681633 1361235382 1139773783 1144967167 2009698649 1382393727 265792796 1052756192 555551311 2039470468 413536612 1393665909 738794734 172647384 458379578 434175791 43086831 961725657 1761189877 919753123 1551156138 981863753 1977220433 703447155 1813126941 938857350 431546 457 949026880 933725891 1468041408 932323873 1526644999 187883837 962687369 744814285 411509632 1345041684 1702714666 158311540 9814147 1737611457 405642246 1516132944 1752918153 2114727925 1377877625 1673077774 267273800 1682450723 1032121412 1639154665 1352230939 125955572 1663906309 741284129 1209719856 1533933643 281555666 1199604121 1169983611 1554278145 761700907 757124182 1145518399 536836638 1034573819 2054569821 1765421434 1803974286 1221696456 961187025 1298336441 559226720 1535043768 1759557365 2030814365 1939430784 1506392522 1254402771 2014336824 900409598 2026789660 868206906 1949571424 141437242 2018812712 2091111631 1743299062 1507939013 1476473244 1649966228 912270823 526060285 305035296 684754483 303731508 246826037 1614281502 458505352 2068291563 928125628 1833701635 485561348 1554207397 391717236 1720122918 681026912 2078955121 1439781957 1094315738 569616903 69190395 1114655658 1517791225 1706359509 1287645725 1268989256 1242327235 1957822511 1378503043 2046227094 1135645800 2111789711 1387438808 1306606930 2122381935 1169804875 697745840 1753620260 1030138392 522792230 1213409733 1272670619 837969413 554167265 252645816 643059393 1761506447 429297187 1800251636 932143669 645440018 970481529 744758938 1628776250 868385441 655241875 354051309 2010648173 161174419 881581266 1246657009 1713890131 1153274506 2044708167 1376843475 1471987900 689021860 1158576396 959260223 1126829932 2119867878 1865721816 1777831665 2076812944 1943435117 87740549 1481625201 1601866242 1710930502 802913784 466046775 975286816 1932213587 2050322608 1249472894 1795829092 1764374306 1384763166 1434248423 2056791433 449348672 1650627452 901833818 1486975107 181398600 1323423210 1285758491 1762502123 2131238190 1840511017 1114211331 492438277 8146001 432162720 569140886 658707264 614785763 1160493024 959772314 1143608781 654141617 1189367926 928946006 2005037700 589409152 1323900765 355235176 433064372 690820521 722090788 749784719 197731637 379905859 608889682 1118421150 8 49307419 2133473171 749131038 2096216952 1649083229 717881621 873275301 1234740309 1145892402 380254118 19627754 1318663487 745988969 827070797 2064721795 590956692 97255069 330889316 1421571929 1603837828 487638052 935143012 1663273938 850442967 1891275584 1763281041 190127487 17007273 225912260 156265924 2136368034 10969598 1829923591 1412485250 1355362812 1223737555 906199566 542081238 1133736492 86821213 1062730578 691332347 1336225759 1709834834 1715374531 331781542 1384828782 389572888 2021372560 17320380 1193334315 1020052872 666665703 1228283922 669356328 7578443 302785728 1352461710 1857040122 1893488603 1530970753 2023870964 1205807115 1791844235 1362875764 197005066 1096264275 792386646 1651462312 755301112 2048423956 569951967 1551083435 186888796 1405643749 1418902458 1835195318 1967571412 2019524978 1177264411 1516115866 1465888207 1250696665 888911819 2044693401 855703640 1128671313 113093521 1300650792 239779852 1615734796 801818331 700804192 724000057 626614097 2433233 91 727368649 1407965019 545768040 820791943 1762721320 1520314875 1171672119 2015744690 2066473405 2112978551 2040919865 2131361171 1759969037 359851081 703168415 549041464 2654289 1660962283 653163028 1922091779 27832 467772424 2060982148 15735326 323135501 2099705691 154777486 742510685 349610078 381322754 800323830 1352529649 851407248 918077175 453076530 2027711095 1322379422 922682751 549581070 481877743 758393764 1008546603 554330850 854535264 1951034559 1110027070 1034524001 1217278695 1873805543 202077946 1152392515 105987312 1064809421 1270708296 1355087478 69461457 891166311 1281234799 894738324 1186515174 227383376 1258992419 729212242 2133512606 180977865 1411915083 858132903 139527469 362500631 136998678 434311562 177506381 494959784 444914211 1584924857 135085423 1614486788 490489482 1223566071 171551625 1345107101 654694538 1892376585 940452025 697542255 479450812 771153740 717098535 596850781 1254691612 374961130 1459992991 954049115 1590567303 788223665 1996002959 9796 82126 760370133 2013125681 998462082 714994516 1741825447 363211825 1352618001 188855665 116331389 971536153 1289955330 1431814845 1957835280 1593111626 600987386 1179404661 980075617 931322429 1875244867 770476297 68732269 1984526644 1370784151 564660841 524518594 163638423 1491907201 465264835 718123118 637148086 1194417460 2044601711 1735121130 1500389297 1289931605 1033068770 381531395 11985823 1729747990 1388338491 1395193582 644591081 1734782899 110708174 951442116 724408050 1041301507 1310188746 44937684 1500894891 1197515375 424167941 1492359994 209052924 1555011902 269247176 1632905845 489242803 2136389305 368471295 1701700764 297529802 1241451998 132616134 1938822199 2015322662 1415899750 1706427008 760805843 746169063 274617771 558519794 391156721 723566380 429405933 1927739346 1480462011 1379484735 1759136625 766488133 1401888126 683347213 1490642445 274064735 2001061977 107251772 1853955208 841752171 1584946533 809222743 1787577195 592705150 1566301264 970799122 513694835 784830905 808460461 665933458 1806344089 248786184 198733779 781552568 1544025324 241230120 2052984951 898315108 1171981746 777194738 1316420512 1703013790 890721314 244621161 1064152569 968414967 371789756 1640499969 340435150 797130442 1368348708 434359633 985435678 823554482 948074059 2099532520 1539259783 1751161119 501544898 591786211 1154079020 533789436 1359857333 1601224357 1660187542 516992923 381221099 1239291892 334936591 724646150 748080913 1626635253 1391870861 571253872 1811924614 1698873038 16579154 1620450815 529236451 2147249730 363524275 2012387303 161514210 1473444918 149997662 1554803269 997525387 4347180 948887574 48610262 739893596 1461351842 169937755 2138081422 890594303 1609592259 257430931 1205215856 997133288 2004273875 565595754 402530283 752978331 185677346 385415131 861427365 511307135 1822459128 1456946298 1287887392 1035719231 1978156482 1681653767 522583802 2005327631 933138199 1564136253 180636552 1090681244 159257116 1685129668 869724450 959993440 565 106169 1566695349 1151734776 1936269821 2067178556 1079549526 2047033626 1806127242 899205949 1111960904 1324217334 1747698677 290340673 672845127 2006648034 1650314950 2092063645 563929184 1112461277 1144051757 1656788308 1368125554 978777649 591210723 71786792 1782287177 1798675483 211543962 1333933549 1839367010 1214238505 169456094 485255936 1701108693 1084010740 1864729679 135370635 989080272 1948703724 590388871 1291305757 506121317 198249052 1224680467 1721336021 1742296210 1832874625 1618389807 249613347 1215960438 1192696614 1039630400 1141180808 649388699 1000613778 763970039 239720060 295726648 371327189 308587341 254432682 610145197 475911554 207251401 55821173 354199555 1416386650 1883584519 1348570406 880403204 1331353030 275558166 1418257117 774321798 1726367366 404765745 1817166166 352697688 1746807975 735176496 1637947081 383719474 1884243356 279807577 1684225630 798212303 1729331687 223833712 1154734929 833984911 158635208 820233764 971341455 165149691 1121984713 1431 67084 1027496148 1211753909 1360524062 2069520425 1784636163 475893892 1119541416 2028347345 1278414937 745957924 305297482 796347291 1090831733 541042092 848678846 158981348 529858968 1872474714 1457155060 501583032 1232704349 1287251034 1077868560 1712325475 625904878 1208381540 515693101 9949215 1860215686 1578101576 1730147382 1658468894 1696447045 45104096 2814081 51619133 2126858590 1247017815 1335505632 344078580 1902716336 774471675 647057258 234146798 1115192682 1953619005 1597138052 1701136111 1544825066 797592032 536357250 686231088 1567434291 1498711626 1010602519 2104764160 1420603736 748372710 88416491 363803606 561263033 277466206 1399618007 1991458058 1902942311 1187526605 2110683211 2117846131 46635017 98474692 373145787 1501740254 808992869 1024180126 932500338 1313946977 197524960 1939768105 556518731 2066253024 733295628 90969663 96263158 839710315 1119029232 2010005445 1896219768 1108319296 1615404108 249253794 1608577782 695149991 1074859057 523732435 1983049639 1 69081233 627418050 870459580 1155557696 866838863 1763576851 431709193 1536647185 790899473 1871151428 691523728 1352134125 257798932 646286321 161910521 368345698 831013236 1738275632 1753301011 2106971390 2010296347 2140326105 2109759485 1625168778 690485778 367145653 896472140 261989628 918201446 394215580 594202065 955147905 730578010 1660604171 1076825585 1362913826

 End

Now the question is how to find out that the numbers above are caused by ASLR. I am using Windows 7 and cannot disable ASLR.

In other words, if ASLR is disabled, do you think that I will get the same number generated every time I run the code?

Sample code that I used:

 // public class HashCodeTest { public int hashCode() { return 0xDEADBEEF; } public static void main(String[] argv) { HashCodeTest o1 = new HashCodeTest(); System.out.println("First: " + o1); System.out.println("Using System.identityHashCode():"); System.out.println("First: " + System.identityHashCode(o1)); } }

EDIT:

What am I trying to do? I want to see if address layout randomization (ASLR) is effective in Windows 7 than in Windows Vista. I want to plot the frequency distribution or use some other statistical tools for the data to make sure that it is more predictable in one OS than others for ALL applications in general.

+4
source share
3 answers

I was the person who suggested that the OP should use identityHashcode() values ​​as ersatz memory addresses. My idea is that although they are not real memory addresses, they are based on the memory address of the object in question, when identityHashcode() first called ... on a typical JVM implementation. This makes them a reasonable proxy for real memory addresses for the purposes of this experiment.

My answer to OP is that these results strongly indicate that ASLR is either not enabled or not efficient at randomizing the actual addresses of Java objects.

I would expect some natural unpredictability of the object address due to non-deterministic factors in the JVM bootstrap sequence. That is why you see 3 or 4 different hash values ​​for this object in different runs. However, the fact that you see certain values ​​multiple times indicates that systematic randomization does not occur. In other words, there is no ASLR.

Strictly speaking, we need to study the JVM source code to verify that identityHashcode does communicate something that would change if ASLR were effective ... but I don't have time right now.

(FWIW: I agree with other people who answered / commented that ASLR is not required for Java anyway. Modify some unsupported error in the JVM native code, Java JVM just does not allow an isolated executable program as an isolated Java program (for example, native) code. And even a privileged Java program could only do this through its own custom library.)

+2
source

In general, in Java, the identityHashCode() function does not indicate anything about memory addresses. The only thing indicated is that these numbers are constant throughout the life of the object and that they are different in different ways for different objects.

  • In 64-bit virtual machines with sufficient memory, you can create more than 2 ^ 32 objects at a time, so even the second condition cannot mean "always different for different objects."

  • Modern Sun VMs use a collective garbage collector, which means objects move around their lives. Then the memory address is changed, and the identification hash code must be the same - therefore, it can not always be the memory address.

Therefore, you cannot rely on anything other than the above condition. On some virtual machines (especially old ones with non-moving garbage collectors), the number may be something that could be converted in C to a memory address (or the starting address when creating the object), but another valid implementation would be the pseudo-random number specified at creation object, or simple counter.

+6
source

Address Space Allocation Randomization (ASLR):

  • not required for Java applications
  • unlikely to be useful for Java applications
  • actively played out by memory management methods of many JVM implementations

The Sun JVM, for example, will allocate a large section of virtual memory at startup (presumably using the heap functions of the OS to capture one large block), and then proceed to manage this memory as its own heap in very good condition - a known method. That is, the spaces Eden, Survivor, Tenured heap and PermGen are all laid out equally, and I am sure that ASLR can not do anything about it.

However, hacker methods that ASLR is trying to prevent are simply impossible in any case in Java for several reasons:

  • Most JVM implementations often copy objects from one place to another in memory. Therefore, it is impossible to predict with any certainty where any object will be at any given time.

  • Java code cannot allocate objects of arbitrary size on the Java stack, so stack overflows are not possible.

  • It is not possible to undermine the Java memory model from Java code; the only code for which this is possible is platform-based code called through JNI. (Or sun.misc.Unsafe , which is an insecure shell, mostly for the same thing.) Therefore, if you use the Java SecurityManager functions correctly, none of the rogue processes can write to any dangerous memory location.

Perhaps you should describe what you are trying to accomplish and why you think ASLR will help you with this. I am sure that (a) ASLR has no effect on your Java programs, and (b) that OK, because you really do not want this.

+1
source

More articles:


All Articles