<b>xp下用户程序空间分配(9):还剩下什么?</b>[VC/C++编程]
本文“<b>xp下用户程序空间分配(9):还剩下什么?</b>[VC/C++编程]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
在去除前面的部份后,看看内存里还剩下什么:
基址 | 分配基址 | 分配保护 | 大小 | 状况 | 保护 | 范例 |
00010000 | 00010000 | 00000004
PAGE_READWRITE |
00002000 | 00001000
MEM_COMMIT |
00000004
PAGE_READWRITE |
00020000
MEM_PRIVATE |
7ffdd000 | 7ffdd000 | 00000004
PAGE_READWRITE |
00001000 | 00001000
MEM_COMMIT |
00000004
PAGE_READWRITE |
00020000
MEM_PRIVATE |
7ffde000 | 7ffde000 | 00000004
PAGE_READWRITE |
00001000 | 00001000
MEM_COMMIT |
00000004
PAGE_READWRITE |
00020000
MEM_PRIVATE |
7ffdf000 | 7ffdf000 | 00000004
PAGE_READWRITE |
00001000 | 00001000
MEM_COMMIT |
00000004
PAGE_READWRITE |
00020000
MEM_PRIVATE |
7ffe0000 | 7ffe0000 | 00000002
PAGE_READONLY |
00001000 | 00001000
MEM_COMMIT |
00000002
PAGE_READONLY |
00020000
MEM_PRIVATE |
这些块都对比小,毕竟是什么东西?
1.1 环境块
在毛德操的《windows内核情境解析》里说起 一个叫环境块(仿佛是这个名字)的东西,且是在内存的最低的位置,咱看看它的内容:
0x00010000 3d 00 3a 00 3a 00 3d 00 3a 00 3a 00 5c 00 00 00 3d 00 45 00 =::=::.=E
0x00010014 3a 00 3d 00 45 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 :=E:Progr
0x00010028 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 4d 00 am FilesM
0x0001003C 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 56 00 icrosoft V
0x00010050 69 00 73 00 75 00 61 00 6c 00 20 00 53 00 74 00 75 00 64 00 isual Stud
0x00010064 69 00 6f 00 20 00 39 00 2e 00 30 00 5c 00 56 00 43 00 5c 00 io 9.0VC
0x00010078 76 00 63 00 70 00 61 00 63 00 6b 00 61 00 67 00 65 00 73 00 vcpackages
0x0001008C 00 00 3d 00 46 00 3a 00 3d 00 46 00 3a 00 5c 00 65 00 6d 00 .=F:=F:em
0x000100A0 62 00 65 00 64 00 5c 00 65 00 74 00 6f 00 6f 00 6c 00 73 00 bedetools
0x000100B4 00 00 41 00 4c 00 4c 00 55 00 53 00 45 00 52 00 53 00 50 00 .ALLUSERSP
0x000100C8 52 00 4f 00 46 00 49 00 4c 00 45 00 3d 00 45 00 3a 00 5c 00 ROFILE=E:
0x000100DC 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 20 00 Documents
0x000100F0 61 00 6e 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6e 00 and Settin
0x00010104 67 00 73 00 5c 00 41 00 6c 00 6c 00 20 00 55 00 73 00 65 00 gsAll Use
0x00010118 72 00 73 00 00 00 41 00 50 00 50 00 44 00 41 00 54 00 41 00 rs.APPDATA
0x0001012C 3d 00 45 00 3a 00 5c 00 44 00 6f 00 63 00 75 00 6d 00 65 00 =E:Docume
0x00010140 6e 00 74 00 73 00 20 00 61 00 6e 00 64 00 20 00 53 00 65 00 nts and Se
0x00010154 74 00 74 00 69 00 6e 00 67 00 73 00 5c 00 00 5f d1 53 05 80 ttings开辟者
0x00010168 5c 00 41 00 70 00 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 Applicati
0x0001017C 6f 00 6e 00 20 00 44 00 61 00 74 00 61 00 00 00 42 00 58 00 on Data.BX
0x00010190 53 00 48 00 41 00 52 00 45 00 3d 00 2e 00 00 00 43 00 44 00 SHARE=..CD
0x000101A4 53 00 52 00 4f 00 4f 00 54 00 3d 00 65 00 3a 00 5c 00 65 00 SROOT=e:e
都是些unicode文本,把它的内容和系统环境变量举行对比,差别还是对比明显的 ,但是系统环境变量和用户环境变量在这块内存区里都可以找到呼应的定义.尝试在用户环境变量里添 加一个定义,再重新运路程序,公然在这块区域里找到了这个新的环境变量.
1.2 NT_TIB
每个线 程都有一块地方记录线程的基本信息,在程序里有三个线程,想必应当有三块空间,读出fs的内容,可 以发现主线程的这个信息存放在0x7ffd f000,看下它的原始数据:
0x7FFDF000 a8 ff 12 00 00 00 13 00 00 10 0e 00 00 00 00 00 ................
0x7FFDF010 00 1e 00 00 00 00 00 00 00 f0 fd 7f 00 00 00 00 ................
0x7FFDF020 30 0e 00 00 d4 07 00 00 00 00 00 00 00 00 00 00 0...............
0x7FFDF030 00 d0 fd 7f b7 00 00 00 00 00 00 00 00 00 00 00 ................
0x7FFDF040 00 b3 6e e3 00 00 00 00 00 00 00 00 00 00 00 00 ..n.............
以上是“<b>xp下用户程序空间分配(9):还剩下什么?</b>[VC/C++编程]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |