在本項目裡使用了自行編譯的一個DLL—cywin.dll,這個DLL占用的內存塊出奇的多:
同樣把文件裡的內容dump出來進行比較。
1.1 文件頭
通過DUMP出來的文件頭,可以發現它的Directory比其它的DLL要多,不知道是不是也因此比前面加載 的每一個系統DLL要多幾個內存塊。
OPTIONAL HEADER VALUES
10B magic # (PE32)
9.00 linker version
A5000 size of code
48A00 size of initialized data
0 size of uninitialized data
A17E0 entry point (100A17E0) __DllMainCRTStartup@12
1000 base of code
A6000 base of data
10000000 image base (10000000 to 1022EFFF)
1000 section alignment
200 file alignment
5.00 operating system version
0.00 image version
5.00 subsystem version
0 Win32 version
22F000 size of image
400 size of headers
FDA97 checksum
2 subsystem (Windows GUI)
140 DLL characteristics
Dynamic base
NX compatible
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
DC130 [ 11AB] RVA [size] of Export Directory
D9B5C [ F0] RVA [size] of Import Directory
21E000 [ 2B4] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
21F000 [ E790] RVA [size] of Base Relocation Directory
A6630 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
D6DB0 [ 40] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
A6000 [ 56C] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
Windows一如既往地分配一塊空間給它:
還是滿足了此文件提出的空間請求。
1.2 代碼段
從文件中DUMP出來的section head:
SECTION HEADER #1
.text name
A4E4C virtual size
1000 virtual address (10001000 to 100A5E4B)
A5000 size of raw data
400 file pointer to raw data (00000400 to 000A53FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
Windows分配的內存:
這個也沒什麼說的,原樣地從文件裡面把內容COPY出來。
1.3 只讀數據段
這個段的section head:
SECTION HEADER #2
.rdata name
372DB virtual size
A6000 virtual address (100A6000 to 100DD2DA)
37400 size of raw data
A5400 file pointer to raw data (000A5400 to 000DC7FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Windows為其分配的內存塊:
恰好滿足文件提出的請求。
1.4 數據段
下面是文件中定義的section head:
SECTION HEADER #3
.data name
13FEBC virtual size
DE000 virtual address (100DE000 to 1021DEBB)
1C00 size of raw data
DC800 file pointer to raw data (000DC800 to 000DE3FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
看看windows為其分配的內存塊:
從section head信息的這一行
1C00 size of raw data
及cygwin.dll裡面的全局變量的地址可 以知道,這個DLL裡的全局變量應該只存在於這個內存塊中:
至於其它的內存塊,應該是和文件頭裡的Directory相關的,暫時先放過它。
1.5 .rsrc和.reloc
文件頭裡定義的section head:
SECTION HEADER #4
.rsrc name
2B4 virtual size
21E000 virtual address (1021E000 to 1021E2B3)
400 size of raw data
DE400 file pointer to raw data (000DE400 to 000DE7FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.reloc name
F5FA virtual size
21F000 virtual address (1021F000 to 1022E5F9)
F600 size of raw data
DE800 file pointer to raw data (000DE800 to 000EDDFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
實際上windows讓這兩個section共用一個內存塊:
