How To: Security-Oriented C Tutorial 0x12 - Scope

Security-Oriented C Tutorial 0x12 - Scope

What's up readers? We have ever so slightly touched upon this concept of scope with variables but still don't really know what it means. In this tutorial we will learn the behaviors of variables existing in our programs and within functions.

What Is a Variable Scope?

A scope refers to the existence of variables within a defined context. We have already seen an example of variable scopes with functions where the declared variables exist only within the defined function. Scopes generally exist where variables are declared within a pair of curly braces such as inside if or while bodies but can also exist outside of functions themselves and we call these global variables.

Example Code

Here is an example of variable scopes within curly braces.

We can see that we have redeclared the two variables. If we did this in the same scope, i.e. outside of the if statement, our compiler would get angry and throw an error at us however, the variables do no exist within that same scope so it's fine if we do this. From the code, we can tell that the i and j variables are not the same anymore once we enter the if statement and redeclare as they will have new values. Let's compile this and see the result.

Compiling and Running

As expected.

What happens if we declare a new variable inside our if statement? Would it continue to exist outside?

Global Variables

Global scopes occur when we define a variable outside of functions which means that they will exist everywhere, in all functions and other scopes.

Example Code

We've declared a global integer called global and have also included a function someFunction which changes the value of the global variable. We can compare the value of global inside main before calling someFunction with itself after calling someFunction. What will happen? Let's find out.

Compiling and Running

Before calling main, global is of value 68 and after calling someFunction which increments its value, global's change is affected for everyone as we can see back in main.

Static Variables

Static variables are special little things. They behave like normal variables however, they are quite persistent and are able to survive through function calls. Let's take a look at an example.

Example Code

In function, someFunction, we have declared a static integer staticVar alongside a normal integer var for comparison. We already know when a function has finished, everything inside it gets destroyed but this is not the case with the static variable. Let's see what happens when we run it.

Compiling and Running

We can clearly see that staticVar persists even when functions are destroyed but what makes a static variable be able to persist? As always, we'll utilize our ever-useful memory analysis skills.

Memory Analysis

What's this in the red? It's doesn't look like a normal variable because variables are found using the stack like the two instructions above it. What is ds:0x804a020 ?

The Data Segment

Another segment found in memory is called the Data Segment (or sometimes referred to as bss) and like the Code Segment it exists either above the heap or below the stack. The two segments even live adjacent to each other. This segment holds global scope data and also static variables.

So this is how staticVar can survive... If we print out the contents of the address, we can see its value.

Again, using our examine to get the value in hex of size word and there is our value.


That's it for this tutorial, next up, we will have a closer look at the printf function because it's hiding some secrets from us... Until then!


Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest