Any application that accepts input from a user, from a file, or from the network has to store that input, at least temporarily. Except in special cases, most application memory is stored in one of two places, either the stack or the heap. The heap provides general-purpose storage for an application, and memory that is dynamically allocated by a program generally will be allocated within the program's heap. Alternatively, the stack is a part of an application's address space devoted to storing data specific to a particular instance of a construct, such as, for example, automatically allocated function local variables. Local variables in a function are typically placed on the call stack frame for that function. When the function is called, the stack grows, allocating space for all the local variables required. Stack space is a limited resource, however, and once a process runs out of stack space, it can not make any additional function calls because the return address and frame pointers also consume space on the stack. This pressure to operate within a constrained space is even greater on mobile devices with limited memory, or inside the kernel of an OS.
Additionally, controlling the visibility of allocations in stack space creates a special kind of access control problem. Without some additional security, sensitive data stored in a program's stack could become vulnerable to unwanted access by reverse engineers. Reverse engineering is one process by which secure or protected aspects of data, software or hardware products can be uncovered through the analysis of the operation of the products. The stack is especially vulnerable to reverse engineering in that it can be inspected to determine how many local variables are required by a particular function to operate, or to determine the call graph of a program. The stack can be parsed and traversed at runtime, revealing the entire call stack (the list of functions and call sites currently invoked in a running program). Almost all debuggers and reverse engineering tools take advantage of this well-known and understood stack convention.
One manner of protecting a program's local variables against reverse engineers is to use data obfuscation to make the reverse engineering of program data structures more difficult. Data obfuscation is a technique in which data stored in memory is scrambled, encrypted, rearranged or relocated in a manner that makes it difficult for an external user or program to make use of protected data should it be accessed by unauthorized parties.