Related
I've been looking a bit into Cheat Engine, which allows you to inspect and manipulate the memory of running processes on Windows: You scan for variables based on their value, then you can modify them, e.g. to cheat in a game.
In order to write a bot or something similar, you need to find a static address for the variable you want to change - i.e. one that stays the same if the process is restarted. The method for that goes roughly like this:
Look for the address of the variable you're interested in, searching by value
Look for code using that address, e.g. to find the address of the struct it belongs to (since struct offsets are fixed)
Look for another pointer pointing to that pointer until you find one with a static address (shows as green in Cheat Engine)
It seems to work just fine judging from the tutorials I've looked at, but I have trouble understanding why it works.
Don't all variables, including global static ones, get a pretty random address at runtime time?
Bonus questions:
How can Cheat Engine tell if an address is static (i.e. will stay the same on restart)?
A tutorial referred to the fact that many older and some modern games (e.g. Call of Duty 4) use only static addresses. How is that possible?
I will answer the bonus questions first because they introduce some concepts you may need to know to understand the answer for the main question.
Answering the first bonus question is easy if you know how an executable file works: all the global/static variables are inside the .data section, in which the .exe stores the address offset for the section so Cheat Engine just checks if the variable is in this address range (from this section to the next one).
For the second question, it is possible to use only static addresses, but that is nearly impossible for a game. Even the older ones. What the tutorial creator was probably trying to say is that all variables that he wants, actually had a static pointer pointing to them. But solely by the fact that you create a local variable, or even pass an argument to a function, their values are being stored into the stack. That's why it is nearly impossible to have a "static-only" program. Even if you compile a program that actually doesn't do anything, it will probably have some stuff being stored in the stack.
For the whole question itself, not all dynamic address variables are pointed by a global variable. It depends totally on the programmer. I can create a local variable and never assign its address to a global/static pointer in a C program, for example. The only certain way to find that address in this case is to actually know the code when the variable was first assigned a value in the stack.
Some variables have a dynamic address because they are just local variables, which are stored in the stack the first time they have a value assigned to them.
Some other variables have a static address because they are declared either as a global or a static variable to the compiler. These variables have a fixed address offset that is part of the .data section in the executable file.
The executable file has a fixed offset address for each section inside it, and the .data section is no exception.
But it is worth to note that the offset inside the executable itself is fixed. In the operating system things might be different (all random addresses), but that is the job of an OS, abstracting this kind of stuff for you (creating the executable's virtual address space in this case). So it just looks like static variables are actually static, but only inside the executable's memory space. On the RAM things might be anywhere.
Finally, it is difficult to try to explain this to you because you'll have to understand how executable files work. A good start would be to search for some explanations regarding low-level programming, like stack frame, calling conventions, the Assembly language itself and how compilers use some well-known techniques to manage functions (scopes in general), global/static/local/constant variables, and the memory system (sections, the stack, etc.), and maybe some research into PE (and even ELF) files.
As far as I understand it, variables declared static have a permanent offset within the program data. This means that when the program is loaded into RAM, the offset of the variable will always be the same. Because the beginning address of the program is known globally, finding a static variable based on offset, as you mentioned, should be a trivial task. Therefore, while a pointer to a static variable might be random in the scheme of things, its offset to the beginning of program memory should remain the same no matter when the program starts. So Cheat Engine (though I don't know the software) most likely stores the offset of the static variable, and then when the software starts, applies this logic to find that variable.
As to how it can tell it's a static variable in the first place... well, this is partially a guess, but when you declare a variable static in C, I'm assuming the compiler/linker puts some kind of flag so the OS knows that it's a static variable. It could also be that all static variables are stored in a certain way, or at a certain address offset, for all programs compiled for a certain target system. Again, not too sure about that, but from what I understand about memory management, that seems to make the most sense. With these assumptions, it's quite possible for a program to contain solely static variables. The difference is that memory is assigned statically at program runtime, as a opposed to dynamically (as with a call to malloc() or similar). If the variables were stored dynamically, I'm sure there'd be a way to find them easily, so I don't think it matters to Cheat Engine whether or not a variable is static or not. However, as I'm assuming Cheat Engine wants to modify a game upon startup (just like the old GameSharks used to... ahh, miss those days) it's probably more reliable to modify variables that are static, instead of trying to locate pointers and disassemble the code, etc. etc.
If you're interested in learning more, I'd recommend checking out something like this tutorial over at OSDev!
A local static variable is created once and the method will go out of scope, but the static variable is not destroyed and it will live in memory until the program ends.
A global static variable live in memory until the program ends.
So what is difference between local and global static variables?
When should we use local static variables and global static variables?
Other answers have told you the differences between a local static object (local to a function) and a non-local static object (static objects declared global or in a namespace); however, you should also understand the importance of using one over the other.
The information I use here comes from Effective C++ Third Edition by Scott Myers (a recommended and excellent read)
A static object is one that exists from the time it's constructed until the end of the program.
As others have mentioned, a non-local static object is constructed before main whereas a local static object is constructed the first time the function is called.
But what if you had two static objects and one relied on the other. How could you be sure that one would be constructed before the other? You can't: The relative order of initialisation of non-local static objects defined in different translation units is undefined
Scott Myers definition of a translation unit (from aforementioned book):
A translation unit is the source code giving rise to a single object file. It's basically a single source file, plus all of the #include files.
So imagine you have these two non-local static objects in separate source files, you couldn't guarantee one would be constructed before the other. This is where a local static object prevails!
Consider Scott Myers' example of a FileSystem class and a Directory class, where the Directory relies on the FileSystem:
class FileSystem
{
public:
size_t numDisks() const;
};
extern FileSystem tfs;
and
class Directory
{
public:
Directory()
{
size_t disks = tfs.numDisks();
...
}
};
If Directory gets constructed before FileSystem, then you are going to be using an uninitialised class! Fortunately, you can get around this by using local static objects!
class FileSystem
{
public:
size_t numDisks() const;
};
FileSystem& tfs()
{
static FileSystem fs;
return fs;
}
Now when Directory is constructed, even if it's constructed before FileSystem is, FileSystem is guaranteed to be constructed before it's used!
An addition what others have said :
Scope and Lifetime are two different things.
Static variables' lifetime = Program's lifetime, that's why static variable is not destroyed and it will live in memory until program got end.
Scope means where we work with the variable/use the variable
Lifetime on the other hand is the complete execution time of the program, there may be certain cases where we terminate the program but in backgroud still bits and pieces are running.
When we have to use local static variable and global static variable?
We should use a local static when we need a variable restricted to that function only
We should use a global static when we need a variable common to all functions in the program. Eg:- A variable which contains the Budget of the organisation, whic is same for all departments
Hope this helps. Thanks
Differences I can think of:
The scope of the variable. A global static variable is visible to the entire program. A function static variable is visible only in the function.
Initialization. A global variable is initialized before main is executed. The function static variable is initialized when the function is called the first time.
A local static is visible only within the function. This allows the name to be kept secret. This could be used to implement profiling logic, where the number of calls for each function are tracked.
The more significant benefit of a local static, is the point in time when it is constructed. Global data is constructed before main is called. This occurs from the top of the file to the bottom of the file for each C++ file in the program, but the order of files in the construction is undefined. A local static is only constructed the first time it is called (C++ 11 guarantees only once, earlier C++ requires some synchronization if it can be called multi-threaded.) This means a complex object which requires some facility of your program to be initialized (e.g. some database) then this can be controlled as you can perform that initialization in main before your functions containing these static variables are called.
Global static variables can be accessed, and potentially changed, by other scopes. For example, two functions can share state using a global static variable. A local static variable is just that: local. Other functions cannot see it directly.
The fact that global static variables may be changed by other functions is a primary reason why they are so dangerous. Programmers often make unwarranted assumptions about the variable. For example, if a method uses, but does not modify a global static variable, it is still possible for the value to change from the beginning of the method to the end. People will tend to assume, however, that the value is unchanging.
A local Static is visible only inside the function, it has the scope of function level only, while Global Static has the program scope. And initialization, global is initialized at before main, local static would be initialized the first time function will get called.
Global Static variables if not used properly can cause issues, because in a large program it would be hard to keep track what is changing it's values.
Another possible drawback may be the linkage, what if you are using a global static variable named varnew and you are using an external library which also have the same variable.
It is always suggested to limit the scope of your variables to avoid unnecessary errors.
I wonder where constant variables are stored. Is it in the same memory area as global variables? Or is it on the stack?
How they are stored is an implementation detail (depends on the compiler).
For example, in the GCC compiler, on most machines, read-only variables, constants, and jump tables are placed in the text section.
Depending on the data segmentation that a particular processor follows, we have five segments:
Code Segment - Stores only code, ROM
BSS (or Block Started by Symbol) Data segment - Stores initialised global and static variables
Stack segment - stores all the local variables and other informations regarding function return address etc
Heap segment - all dynamic allocations happens here
Data BSS (or Block Started by Symbol) segment - stores uninitialised global and static variables
Note that the difference between the data and BSS segments is that the former stores initialized global and static variables and the later stores UNinitialised ones.
Now, Why am I talking about the data segmentation when I must be just telling where are the constant variables stored... there's a reason to it...
Every segment has a write protected region where all the constants are stored.
For example:
If I have a const int which is local variable, then it is stored in the write protected region of stack segment.
If I have a global that is initialised const var, then it is stored in the data segment.
If I have an uninitialised const var, then it is stored in the BSS segment...
To summarize, "const" is just a data QUALIFIER, which means that first the compiler has to decide which segment the variable has to be stored and then if the variable is a const, then it qualifies to be stored in the write protected region of that particular segment.
Consider the code:
const int i = 0;
static const int k = 99;
int function(void)
{
const int j = 37;
totherfunc(&j);
totherfunc(&i);
//totherfunc(&k);
return(j+3);
}
Generally, i can be stored in the text segment (it's a read-only variable with a fixed value). If it is not in the text segment, it will be stored beside the global variables. Given that it is initialized to zero, it might be in the 'bss' section (where zeroed variables are usually allocated) or in the 'data' section (where initialized variables are usually allocated).
If the compiler is convinced the k is unused (which it could be since it is local to a single file), it might not appear in the object code at all. If the call to totherfunc() that references k was not commented out, then k would have to be allocated an address somewhere - it would likely be in the same segment as i.
The constant (if it is a constant, is it still a variable?) j will most probably appear on the stack of a conventional C implementation. (If you were asking in the comp.std.c news group, someone would mention that the standard doesn't say that automatic variables appear on the stack; fortunately, SO isn't comp.std.c!)
Note that I forced the variables to appear because I passed them by reference - presumably to a function expecting a pointer to a constant integer. If the addresses were never taken, then j and k could be optimized out of the code altogether. To remove i, the compiler would have to know all the source code for the entire program - it is accessible in other translation units (source files), and so cannot as readily be removed. Doubly not if the program indulges in dynamic loading of shared libraries - one of those libraries might rely on that global variable.
(Stylistically - the variables i and j should have longer, more meaningful names; this is only an example!)
Depends on your compiler, your system capabilities, your configuration while compiling.
gcc puts read-only constants on the .text section, unless instructed otherwise.
Usually they are stored in read-only data section (while global variables' section has write permissions). So, trying to modify constant by taking its address may result in access violation aka segfault.
But it depends on your hardware, OS and compiler really.
offcourse not , because
1) bss segment stored non inilized variables it obviously another type is there.
(I) large static and global and non constants and non initilaized variables it stored .BSS section.
(II) second thing small static and global variables and non constants and non initilaized variables stored in .SBSS section this included in .BSS segment.
2) data segment is initlaized variables it has 3 types ,
(I) large static and global and initlaized and non constants variables its stord in .DATA section.
(II) small static and global and non constant and initilaized variables its stord in .SDATA1 sectiion.
(III) small static and global and constant and initilaized OR non initilaized variables its stord in .SDATA2 sectiion.
i mention above small and large means depents upon complier for example small means < than 8 bytes and large means > than 8 bytes and equal values.
but my doubt is local constant are where it will stroe??????
This is mostly an educated guess, but I'd say that constants are usually stored in the actual CPU instructions of your compiled program, as immediate data. So in other words, most instructions include space for the address to get data from, but if it's a constant, the space can hold the value itself.
This is specific to Win32 systems.
It's compiler dependence but please aware that it may not be even fully stored. Since the compiler just needs to optimize it and adds the value of it directly into the expression that uses it.
I add this code in a program and compile with gcc for arm cortex m4, check the difference in the memory usage.
Without const:
int someConst[1000] = {0};
With const:
const int someConst[1000] = {0};
Global and constant are two completely separated keywords. You can have one or the other, none or both.
Where your variable, then, is stored in memory depends on the configuration. Read up a bit on the heap and the stack, that will give you some knowledge to ask more (and if I may, better and more specific) questions.
It may not be stored at all.
Consider some code like this:
#import<math.h>//import PI
double toRadian(int degree){
return degree*PI*2/360.0;
}
This enables the programmer to gather the idea of what is going on, but the compiler can optimize away some of that, and most compilers do, by evaluating constant expressions at compile time, which means that the value PI may not be in the resulting program at all.
Just as an an add on ,as you know that its during linking process the memory lay out of the final executable is decided .There is one more section called COMMON at which the common symbols from different input files are placed.This common section actually falls under the .bss section.
Some constants aren't even stored.
Consider the following code:
int x = foo();
x *= 2;
Chances are that the compiler will turn the multiplication into x = x+x; as that reduces the need to load the number 2 from memory.
I checked on x86_64 GNU/Linux system. By dereferencing the pointer to 'const' variable, the value can be changed. I used objdump. Didn't find 'const' variable in text segment. 'const' variable is stored on stack.
'const' is a compiler directive in "C". The compiler throws error when it comes across a statement changing 'const' variable.
Static variables are usually: (in most programming languages) shared, persistent, and allocated on the code section of the program
But what does that have anything to do with the word static? What is so static about that? I thought static means doesn't change?
For example, in vb.net static is written shared and that means a member function that can be accessed without object instantiation. Static within function usually means that the variable life time is the life time of the whole program. It seems that static variables are stored on the code section of the computer. Am I correct in my understanding based on the example?
Well, I think the keyword is appropriate. It means the variable you declare as static will remain stored at the same location throughout the whole execution of your program.
I thought static means doesn't change
This corresponds to the const keyword. Const implies it doesn't change, static implies it doesn't "move", as to it stays stored at the same location.
In general, what doesn't change with something that is static in
a programming language is whether it is alive or not. Static
variables are always alive; they have a single instance which
comes into being either at the beginning of the program or the
first time they are visible, and lasts until the end of the
program. Non-static variables come and go, as blocks are
entered and left, or as class instances are created and
destroyed.
In C++, for reasons of C compatibility, static, when applied to
variables at namespace scope, has a completely unrelated
meaning: it means that the variable has internal, rather than
external linkage, and is not visible in other translation units.
Why the word static was adopted for this in early C, I don't
know; I can only guess that they needed something, and didn't
want to introduce a new keyword. (Originally, in the very
earliest versions of C, variables at file scope obeyed the rules
of a Fortran named common block: all variables of the same name
referred to the same storage.) Looking back, of course (with 20/20
hindsight), the default for variables at file scope should have
been internal linkage, with a special keyword (public?) to say
that the variable had external linkage. But this was a lot less
obvious in the early 1970's.
Static is referred to the variable storage. Inside a function call, every variable that you declare is pushed on the stack. Unlike other variables, a static variable isn't pushed on the stack, it's like a global variable, that survives the whole execution of the program, with the difference that is visible only inside the block is declared.
I think you just have to learn the meaning of "static" in computer science, and not relate it to spoken English. Especially as it applies to variables and functions, with slightly different outcomes in C.
The definition of the word from http://dictionary.reference.com/browse/static?s=t
pertaining to or characterized by a fixed or stationary condition.
showing little or no change: a static concept; a static relationship.
A static variable is one that maintains its state even after it goes out of scope as opposed to a non static variable which would be re-initialised every time it came back into scope - so can be thought of in terms of having a "stationary condition" or exhibits "no change"
If you can avoid it, just don't go into static for C++. In any modern language static just means there's only ever one instance and it's never destroyed. That's not too far a stretch from the English meaning, and leads nicely to a discussion of const/final/readonly and what that means.
Static variable means ,there is only one copy of the variable,even if you create multiple instances of the class.That is, all objects of the specified class use the same memory location.Or if you want an example,say , we have two threads .On first thread you create a progressbar and on the second you need to update it.In this case you can define a static variable in your progressbar's class to store the progress and create one instance of the class in each thread.One thread for initialising and in the other you change the value of static variable.Since both use the same copy the progress will be available in the first thread.
So static means something that doesnt change its location on creating a new instance..Or we can say something tha preserves its state ;) Blah blah blah
While browsing open source code (from OpenCV), I came across the following type of code inside a method:
// copy class member to local variable for optimization
int foo = _foo; //where _foo is a class member
for (...) //a heavy loop that makes use of foo
From another question on SO I've concluded that the answer to whether or not this actually needs to be done or is done automatically by the compiler may be compiler/setting dependent.
My question is if it would make any difference if _foo were a static class member? Would there still be a point in this manual optimization, or is accessing a static class member no more 'expensive' than accessing a local variable?
P.S. - I'm asking out of curiosity, not to solve a specific problem.
Accessing a property means de-referencing the object, in order to access it.
As the property may change during the execution (read threads), the compiler will read the value from memory each time the value is accessed.
Using a local variable will allow the compiler to use a register for the value, as it can safely assume the value won't change from the outside. This way, the value is read only once from memory.
About your question concerning the static member, it's the same, as it can also be changed by another thread, for instance. The compiler will also need to read the value each time from memory.
I think a local variable is more likely to participate in some optimization, precisely because it is local to the function: this fact can be used by the compiler, for example if it sees that nobody modifies the local variable, then the compiler may load it once, and use it in every iteration.
In case of member data, the compiler may have to work more to conclude that nobody modifies the member. Think about multi-threaded application, and note that the memory model in C++11 is multi-threaded, which means some other thread might modify the member, so the compiler may not conclude that nobody modifies it, in consequence it has to emit code for load member for every expression which uses it, possibly multiple times in a single iteration, in order to work with the updated value of the member.
In this example the the _foo will be copied into new local variable. so both cases the same.
Statis values are like any other variable. its just stored in different memory segment dedicated for static memory.
Reading a static class member is effectively like reading a global variable. They both have a fixed address. Reading a non-static one means first reading the this-pointer, adding an offset to the result and then reading that address. In other words, reading a non-static one requires more steps and memory accesses.