Any tool(s) for knowing the layout (segments) of running process in Windows? -

-

I am always keen about

  1. How does the process look in memory?
  2. What are the different segments in it?
  3. How will the program (on disk) & amp; Are the processes related (in memory)?

My previous question:

In my search, I finally got an answer. I found this great article that cleared most of my queries:

In the above article, the author shows how to obtain different sections of the process (LINUX) and; He compared this with its ELF file, I am quoting this section here:

Motivator to see the actual layout of the process segment? We can use the file / proc / maps to reveal it. PID of the process that we want to inspect Before proceeding, we have a small problem here. Our test program runs so fast that before we can dump related / proc entry. I use gdb to solve it

A console (or a terminal emulator such as xterm) do this: 

  $ gdb test ( Gdb) main breakpoint 1 0x8048376 at (gdb) r breakpoint 1, 0x08048376 in main ()

right here, open another console and find the program "PID" If you want a quick way out, type: 

  $ cat / proc / `pgrep test` / maps

You see an output like the one below (You can get different output): 

  [1] 0039d000-003b2000 r-xp 00000000 16:41 1080084 / lib /ld-2.3.3. Then [2] 003b2000-003b3000r - p 00014000 16:41 1080084 / lib / dollar -2.3.3.So [3] 003b3000-003b4000 rw-p 00015000 16:41 1080084 / lbb / double -2.3.3.so [ 4] 003b6000-004cb000 r-xp 00000000 16:41 1080085 / lib /tls/libc-2.3.3.so [5] 004cb000-004cd000r - p 00115000 16:41 1080085 / lobby / tls / lcc-2.3. 3.so [6] 004cd000-004cf000 rw-p 00117000 16:41 1080085 / lib /tls/libc-2.3.3.so [7] 004cf000-004d1000 rw-p 004cf000 00:00 0 [8] 08048000-08049000 R -xp 00000000 16:06 66,970 / tmp / test [9] 08049000-0804a000 rw-p 00000000 16:06 66,970 / tmp / test [10] b7fec000-b7fed000 rw-p b7fec000 00:00 0 [11] bffeb000-c0000000 rw -P bffeb000 00:00 0 [12] ffffe000-fffff000 --- P 00000000 00:00 0

No E: I add numbers to each row as reference < / P>

gdb back, type:.

(gdb) q

So, in total, we see 12 segment (which is also known as virtual memory area - VMA).

But I want to know about Windows Process & amp; PE file format.

  1. Any device (s) to get the layout (class) of the layout running in Windows?
  2. Any other good resources to learn more on this topic?

Edit:

There are any good articles in between the PE file sections & amp; nbsp; Mapping reveals; VA sections ?

P>


Comments

Post a Comment

Popular posts from this blog

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), ...
Read more

c# - TypeConverter in propertygrid only converts from string, not to -

-
When the property grid is reached, only the conversion mechanism (often called) is called "Foo!" Returns the property string in the grid when I click to edit I get an exception Type.oo. Object type can not be changed to type. (Not properly translated,) What is a clue from the convert format, why not? And the error indicates that it is trying to convert to a string, not from. I think that when I want to edit this object, it will have to be converted from foo to string, and when the editing ends. Public class FooTypeConverter: StringConverter {public override object ConvertFrom (ITypeDescriptorContext Reference, CultureInfo Culture, Object Value) {New Foo (string) value); } Convert the public override object (Type the ITE DiskText Contact Reference, CultureInfo Culture, Object Value, Type Type) {Return "Foo!"; } Public override bool CanConvertFrom (ITypeDescriptorContext reference, type source type) {back true; } Public Override Bull CanConvertTo (ITypeDescrip...
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more