我一直很好奇
- 进程在内存中的具体情况如何?
- 其中有哪些不同的段(部分)?
- 程序(在磁盘上)和进程(在内存中)究竟是如何相关的?
我之前的问题:more info on Memory layout of an executable program (process)
在我的探索中,我终于找到了答案。我发现这篇优秀的文章清除了我的大部分疑问:http://www.linuxforums.org/articles/understanding-elf-using-readelf-and-objdump_125.html
在上面的文章中,作者展示了如何获取进程的不同部分(LINUX),并将其与相应的 ELF 文件进行了比较。我在这里引用这一部分:
Courious to see the real layout of process segment? We can use /proc//maps file to reveal it. is the PID of the process we want to observe. Before we move on, we have a small problem here. Our test program runs so fast that it ends before we can even dump the related /proc entry. I use gdb to solve this. You can use another trick such as inserting sleep() before it calls return().
In a console (or a terminal emulator such as xterm) do:
$ gdb test
(gdb) b main
Breakpoint 1 at 0x8048376
(gdb) r
Breakpoint 1, 0x08048376 in main ()
Hold right here, open another console and find out the PID of program "test". If you want the quick way, type:
$ cat /proc/`pgrep test`/maps
You will see an output like below (you might get different output):
[1] 0039d000-003b2000 r-xp 00000000 16:41 1080084 /lib/ld-2.3.3.so
[2] 003b2000-003b3000 r--p 00014000 16:41 1080084 /lib/ld-2.3.3.so
[3] 003b3000-003b4000 rw-p 00015000 16:41 1080084 /lib/ld-2.3.3.so
[4] 003b6000-004cb000 r-xp 00000000 16:41 1080085 /lib/tls/libc-2.3.3.so
[5] 004cb000-004cd000 r--p 00115000 16:41 1080085 /lib/tls/libc-2.3.3.so
[6] 004cd000-004cf000 rw-p 00117000 16:41 1080085 /lib/tls/libc-2.3.3.so
[7] 004cf000-004d1000 rw-p 004cf000 00:00 0
[8] 08048000-08049000 r-xp 00000000 16:06 66970 /tmp/test
[9] 08049000-0804a000 rw-p 00000000 16:06 66970 /tmp/test
[10] b7fec000-b7fed000 rw-p b7fec000 00:00 0
[11] bffeb000-c0000000 rw-p bffeb000 00:00 0
[12] ffffe000-fffff000 ---p 00000000 00:00 0
Note: I add number on each line as reference.
Back to gdb, type:
(gdb) q
So, in total, we see 12 segment (also known as Virtual Memory Area--VMA).
但我想了解 Windows 进程和 PE 文件格式。
- 是否有任何工具可以获取 Windows 中正在运行的进程的布局(段)?
- 还有什么其他好的资源可以用来详细了解这个主题?
编辑:
是否有任何好的文章显示 PE 文件 sections 和 VA segments 之间的映射?
最佳答案
系统内部 VMMap也是可视化进程 VA 空间的优秀工具:
(来源:microsoft.com)
.jpg){kind=link}
关于windows - 了解 Windows 中正在运行的进程的布局(段)的任何工具?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2134411/