[Replying here instead of tor-project@ because this is technical.] On Wed, 04 Apr 2018 07:16:00 +0000 Georg Koppen <gk@torproject.org> wrote:
best thing I've been able to come up with is bouncing up the rbp register until we get an address that's out of range in order to get a good estimate of where the stack memory map begins/ends
Heh. Depending on how good the estimate needs to be, something like: extern char **environ; void *addr = (environ & ~(4096-1)) + 4096 - stacksize; Will at worst, be off by 31 pages. If you are certain that the ELF auxiliary vectors, env vars, command line arguments, and a negligible amount of overhead for bookkeeping won't exceed a page, it will be exact[0]. See "System V Application Binary Interface AMD64 Architecture Processor Supplement" 3.4.1 and the Linux kernel source for more details. nb: Firefox appears to trample over environ so, the value needs to be cached fairly early on in the process' lifetime. Regards, -- Yawning Angel [0]: I quite happily make this assumption because the way I happen to spawn firefox guarantees this. start-tor-browser.sh might not be able to do so.