静态内存布局

进程内存布局由多个段(segment)组成,包括:

  • 未初始化的数据段或由符号段开始块BSS
  • 数据段(Data段)
  • 文本段或代码段Text段(或Code段)
  • 栈段(Stack段)
  • 堆段(Heap段)

借助系统工具可以比较直观辅助分析静态内存布局:

  • size
  • objdump

如下示例在linux系统上的使用

1 size

shell
1
2
3
4
5
❯ size test_c

   text    data     bss     dec     hex filename
   1143     512       8    1663     67f test_c

2 objdump

2.1 objdump -S ${obj}

汇编源码

shell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
❯ objdump -S test_c

test_c:     file format elf64-x86-64


Disassembly of section .init:

0000000000001000 <_init>:
    1000:       f3 0f 1e fa             endbr64
    1004:       48 83 ec 08             sub    $0x8,%rsp
    1008:       48 8b 05 c1 2f 00 00    mov    0x2fc1(%rip),%rax        # 3fd0 <__gmon_start__@Base>
    100f:       48 85 c0                test   %rax,%rax
    1012:       74 02                   je     1016 <_init+0x16>
    1014:       ff d0                   call   *%rax
    1016:       48 83 c4 08             add    $0x8,%rsp
    101a:       c3                      ret

Disassembly of section .text:

0000000000001020 <_start>:
    1020:       f3 0f 1e fa             endbr64
    1024:       31 ed                   xor    %ebp,%ebp
    1026:       49 89 d1                mov    %rdx,%r9
    1029:       5e                      pop    %rsi
    102a:       48 89 e2                mov    %rsp,%rdx
    102d:       48 83 e4 f0             and    $0xfffffffffffffff0,%rsp
    1031:       50                      push   %rax
    1032:       54                      push   %rsp
    1033:       45 31 c0                xor    %r8d,%r8d
    1036:       31 c9                   xor    %ecx,%ecx
    1038:       48 8d 3d da 00 00 00    lea    0xda(%rip),%rdi        # 1119 <main>
    103f:       ff 15 7b 2f 00 00       call   *0x2f7b(%rip)        # 3fc0 <__libc_start_main@GLIBC_2.34>
    1045:       f4                      hlt
    1046:       66 2e 0f 1f 84 00 00    cs nopw 0x0(%rax,%rax,1)
    104d:       00 00 00
    1050:       48 8d 3d b9 2f 00 00    lea    0x2fb9(%rip),%rdi        # 4010 <__TMC_END__>
    1057:       48 8d 05 b2 2f 00 00    lea    0x2fb2(%rip),%rax        # 4010 <__TMC_END__>
    105e:       48 39 f8                cmp    %rdi,%rax
    1061:       74 15                   je     1078 <_start+0x58>
    1063:       48 8b 05 5e 2f 00 00    mov    0x2f5e(%rip),%rax        # 3fc8 <_ITM_deregisterTMCloneTable@Base>
    106a:       48 85 c0                test   %rax,%rax
    106d:       74 09                   je     1078 <_start+0x58>
    106f:       ff e0                   jmp    *%rax
    1071:       0f 1f 80 00 00 00 00    nopl   0x0(%rax)
    1078:       c3                      ret
    1079:       0f 1f 80 00 00 00 00    nopl   0x0(%rax)
    1080:       48 8d 3d 89 2f 00 00    lea    0x2f89(%rip),%rdi        # 4010 <__TMC_END__>
    1087:       48 8d 35 82 2f 00 00    lea    0x2f82(%rip),%rsi        # 4010 <__TMC_END__>
    108e:       48 29 fe                sub    %rdi,%rsi
    1091:       48 89 f0                mov    %rsi,%rax
    1094:       48 c1 ee 3f             shr    $0x3f,%rsi
    1098:       48 c1 f8 03             sar    $0x3,%rax
    109c:       48 01 c6                add    %rax,%rsi
    109f:       48 d1 fe                sar    %rsi
    10a2:       74 14                   je     10b8 <_start+0x98>
    10a4:       48 8b 05 2d 2f 00 00    mov    0x2f2d(%rip),%rax        # 3fd8 <_ITM_registerTMCloneTable@Base>
    10ab:       48 85 c0                test   %rax,%rax
    10ae:       74 08                   je     10b8 <_start+0x98>
    10b0:       ff e0                   jmp    *%rax
    10b2:       66 0f 1f 44 00 00       nopw   0x0(%rax,%rax,1)
    10b8:       c3                      ret
    10b9:       0f 1f 80 00 00 00 00    nopl   0x0(%rax)
    10c0:       f3 0f 1e fa             endbr64
    10c4:       80 3d 45 2f 00 00 00    cmpb   $0x0,0x2f45(%rip)        # 4010 <__TMC_END__>
    10cb:       75 33                   jne    1100 <_start+0xe0>
    10cd:       55                      push   %rbp
    10ce:       48 83 3d 0a 2f 00 00    cmpq   $0x0,0x2f0a(%rip)        # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
    10d5:       00
    10d6:       48 89 e5                mov    %rsp,%rbp
    10d9:       74 0d                   je     10e8 <_start+0xc8>
    10db:       48 8b 3d 26 2f 00 00    mov    0x2f26(%rip),%rdi        # 4008 <__dso_handle>
    10e2:       ff 15 f8 2e 00 00       call   *0x2ef8(%rip)        # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
    10e8:       e8 63 ff ff ff          call   1050 <_start+0x30>
    10ed:       c6 05 1c 2f 00 00 01    movb   $0x1,0x2f1c(%rip)        # 4010 <__TMC_END__>
    10f4:       5d                      pop    %rbp
    10f5:       c3                      ret
    10f6:       66 2e 0f 1f 84 00 00    cs nopw 0x0(%rax,%rax,1)
    10fd:       00 00 00
    1100:       c3                      ret
    1101:       66 66 2e 0f 1f 84 00    data16 cs nopw 0x0(%rax,%rax,1)
    1108:       00 00 00 00
    110c:       0f 1f 40 00             nopl   0x0(%rax)
    1110:       f3 0f 1e fa             endbr64
    1114:       e9 67 ff ff ff          jmp    1080 <_start+0x60>

0000000000001119 <main>:
    1119:       55                      push   %rbp
    111a:       48 89 e5                mov    %rsp,%rbp
    111d:       89 7d fc                mov    %edi,-0x4(%rbp)
    1120:       48 89 75 f0             mov    %rsi,-0x10(%rbp)
    1124:       b8 00 00 00 00          mov    $0x0,%eax
    1129:       5d                      pop    %rbp
    112a:       c3                      ret

Disassembly of section .fini:

000000000000112c <_fini>:
    112c:       f3 0f 1e fa             endbr64
    1130:       48 83 ec 08             sub    $0x8,%rsp
    1134:       48 83 c4 08             add    $0x8,%rsp
    1138:       c3                      ret

2.2 objdump -s ${obj}

所有节的全部内容

shell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
❯ objdump -s test_c

test_c:     file format elf64-x86-64

Contents of section .interp:
 0318 2f6c6962 36342f6c 642d6c69 6e75782d  /lib64/ld-linux-
 0328 7838362d 36342e73 6f2e3200           x86-64.so.2.
Contents of section .note.gnu.property:
 0338 04000000 30000000 05000000 474e5500  ....0.......GNU.
 0348 028000c0 04000000 01000000 00000000  ................
 0358 010001c0 04000000 01000000 00000000  ................
 0368 020001c0 04000000 00000000 00000000  ................
Contents of section .note.gnu.build-id:
 0378 04000000 14000000 03000000 474e5500  ............GNU.
 0388 58897ab2 d2c653d1 6fffd334 79da5d6d  X.z...S.o..4y.]m
 0398 68bce377                             h..w
Contents of section .note.ABI-tag:
 039c 04000000 10000000 01000000 474e5500  ............GNU.
 03ac 00000000 04000000 04000000 00000000  ................
Contents of section .gnu.hash:
 03c0 01000000 01000000 01000000 00000000  ................
 03d0 00000000 00000000 00000000           ............
Contents of section .dynsym:
 03e0 00000000 00000000 00000000 00000000  ................
 03f0 00000000 00000000 10000000 12000000  ................
 0400 00000000 00000000 00000000 00000000  ................
 0410 43000000 20000000 00000000 00000000  C... ...........
 0420 00000000 00000000 5f000000 20000000  ........_... ...
 0430 00000000 00000000 00000000 00000000  ................
 0440 6e000000 20000000 00000000 00000000  n... ...........
 0450 00000000 00000000 01000000 22000000  ............"...
 0460 00000000 00000000 00000000 00000000  ................
Contents of section .dynstr:
 0470 005f5f63 78615f66 696e616c 697a6500  .__cxa_finalize.
 0480 5f5f6c69 62635f73 74617274 5f6d6169  __libc_start_mai
 0490 6e006c69 62632e73 6f2e3600 474c4942  n.libc.so.6.GLIB
 04a0 435f322e 322e3500 474c4942 435f322e  C_2.2.5.GLIBC_2.
 04b0 3334005f 49544d5f 64657265 67697374  34._ITM_deregist
 04c0 6572544d 436c6f6e 65546162 6c65005f  erTMCloneTable._
 04d0 5f676d6f 6e5f7374 6172745f 5f005f49  _gmon_start__._I
 04e0 544d5f72 65676973 74657254 4d436c6f  TM_registerTMClo
 04f0 6e655461 626c6500                    neTable.
Contents of section .gnu.version:
 04f8 00000200 01000100 01000300           ............
Contents of section .gnu.version_r:
 0508 01000200 22000000 10000000 00000000  ...."...........
 0518 751a6909 00000300 2c000000 10000000  u.i.....,.......
 0528 b4919606 00000200 38000000 00000000  ........8.......
Contents of section .rela.dyn:
 0538 103e0000 00000000 08000000 00000000  .>..............
 0548 10110000 00000000 183e0000 00000000  .........>......
 0558 08000000 00000000 c0100000 00000000  ................
 0568 08400000 00000000 08000000 00000000  .@..............
 0578 08400000 00000000 c03f0000 00000000  .@.......?......
 0588 06000000 01000000 00000000 00000000  ................
 0598 c83f0000 00000000 06000000 02000000  .?..............
 05a8 00000000 00000000 d03f0000 00000000  .........?......
 05b8 06000000 03000000 00000000 00000000  ................
 05c8 d83f0000 00000000 06000000 04000000  .?..............
 05d8 00000000 00000000 e03f0000 00000000  .........?......
 05e8 06000000 05000000 00000000 00000000  ................
Contents of section .init:
 1000 f30f1efa 4883ec08 488b05c1 2f000048  ....H...H.../..H
 1010 85c07402 ffd04883 c408c3             ..t...H....
Contents of section .text:
 1020 f30f1efa 31ed4989 d15e4889 e24883e4  ....1.I..^H..H..
 1030 f0505445 31c031c9 488d3dda 000000ff  .PTE1.1.H.=.....
 1040 157b2f00 00f4662e 0f1f8400 00000000  .{/...f.........
 1050 488d3db9 2f000048 8d05b22f 00004839  H.=./..H.../..H9
 1060 f8741548 8b055e2f 00004885 c07409ff  .t.H..^/..H..t..
 1070 e00f1f80 00000000 c30f1f80 00000000  ................
 1080 488d3d89 2f000048 8d35822f 00004829  H.=./..H.5./..H)
 1090 fe4889f0 48c1ee3f 48c1f803 4801c648  .H..H..?H...H..H
 10a0 d1fe7414 488b052d 2f000048 85c07408  ..t.H..-/..H..t.
 10b0 ffe0660f 1f440000 c30f1f80 00000000  ..f..D..........
 10c0 f30f1efa 803d452f 00000075 33554883  .....=E/...u3UH.
 10d0 3d0a2f00 00004889 e5740d48 8b3d262f  =./...H..t.H.=&/
 10e0 0000ff15 f82e0000 e863ffff ffc6051c  .........c......
 10f0 2f000001 5dc3662e 0f1f8400 00000000  /...].f.........
 1100 c366662e 0f1f8400 00000000 0f1f4000  .ff...........@.
 1110 f30f1efa e967ffff ff554889 e5897dfc  .....g...UH...}.
 1120 488975f0 b8000000 005dc3             H.u......].
Contents of section .fini:
 112c f30f1efa 4883ec08 4883c408 c3        ....H...H....
Contents of section .rodata:
 2000 01000200                             ....
Contents of section .eh_frame_hdr:
 2004 011b033b 18000000 02000000 1cf0ffff  ...;............
 2014 34000000 15f1ffff 4c000000           4.......L...
Contents of section .eh_frame:
 2020 14000000 00000000 017a5200 01781001  .........zR..x..
 2030 1b0c0708 90010000 14000000 1c000000  ................
 2040 e0efffff 26000000 00440710 00000000  ....&....D......
 2050 1c000000 34000000 c1f0ffff 12000000  ....4...........
 2060 00410e10 8602430d 064d0c07 08000000  .A....C..M......
 2070 00000000                             ....
Contents of section .init_array:
 3e10 10110000 00000000                    ........
Contents of section .fini_array:
 3e18 c0100000 00000000                    ........
Contents of section .dynamic:
 3e20 01000000 00000000 22000000 00000000  ........".......
 3e30 0c000000 00000000 00100000 00000000  ................
 3e40 0d000000 00000000 2c110000 00000000  ........,.......
 3e50 19000000 00000000 103e0000 00000000  .........>......
 3e60 1b000000 00000000 08000000 00000000  ................
 3e70 1a000000 00000000 183e0000 00000000  .........>......
 3e80 1c000000 00000000 08000000 00000000  ................
 3e90 f5feff6f 00000000 c0030000 00000000  ...o............
 3ea0 05000000 00000000 70040000 00000000  ........p.......
 3eb0 06000000 00000000 e0030000 00000000  ................
 3ec0 0a000000 00000000 88000000 00000000  ................
 3ed0 0b000000 00000000 18000000 00000000  ................
 3ee0 15000000 00000000 00000000 00000000  ................
 3ef0 07000000 00000000 38050000 00000000  ........8.......
 3f00 08000000 00000000 c0000000 00000000  ................
 3f10 09000000 00000000 18000000 00000000  ................
 3f20 fbffff6f 00000000 00000008 00000000  ...o............
 3f30 feffff6f 00000000 08050000 00000000  ...o............
 3f40 ffffff6f 00000000 01000000 00000000  ...o............
 3f50 f0ffff6f 00000000 f8040000 00000000  ...o............
 3f60 f9ffff6f 00000000 03000000 00000000  ...o............
 3f70 00000000 00000000 00000000 00000000  ................
 3f80 00000000 00000000 00000000 00000000  ................
 3f90 00000000 00000000 00000000 00000000  ................
 3fa0 00000000 00000000 00000000 00000000  ................
 3fb0 00000000 00000000 00000000 00000000  ................
Contents of section .got:
 3fc0 00000000 00000000 00000000 00000000  ................
 3fd0 00000000 00000000 00000000 00000000  ................
 3fe0 00000000 00000000                    ........
Contents of section .got.plt:
 3fe8 203e0000 00000000 00000000 00000000   >..............
 3ff8 00000000 00000000                    ........
Contents of section .data:
 4000 00000000 00000000 08400000 00000000  .........@......
Contents of section .comment:
 0000 4743433a 2028474e 55292031 332e322e  GCC: (GNU) 13.2.
 0010 31203230 32333038 303100             1 20230801.

2.3 objdump -s -j .data ${obj}

查看.data块的内容

shell
1
2
3
4
5
6
7
❯ objdump -s -j .data test_c

test_c:     file format elf64-x86-64

Contents of section .data:
 4000 00000000 00000000 08400000 00000000  .........@......

3 如下3个版本的c代码比较

3.1 只定义了一个main函数

3.1.1 code

c
1
2
3
4
5
int main(int argc, char** argv)
{
    return 0;
}

3.1.2 size

shell
1
2
3
❯ size test_c
   text    data     bss     dec     hex filename
   1143     512       8    1663     67f test_c

3.1.3 data

内存地址0x4000开始16个byte上的内容

shell
1
2
3
4
5
6
❯ objdump -s -j .data test_c

test_c:     file format elf64-x86-64

Contents of section .data:
 4000 00000000 00000000 08400000 00000000  .........@......

3.2 定义2个全局变量

  • 一个未初始化
  • 一个初始化为0

3.2.1 code

c
1
2
3
4
5
6
7
int g_x;
int g_y = 0;

int main(int argc, char** argv)
{
    return 0;
}

3.2.2 size

bss从8byte->16byte,我尝试了定义3个int类型全局变量,bss依然是16byte,所以初始的时候应该被占用了4byte,但是分配了8byte。

shell
1
2
3
❯ size test_c
   text    data     bss     dec     hex filename
   1143     512      16    1671     687 test_c

3.2.3 data

为初始化的全局变量和初始化为0的全局变量都分配在bss段上,因此data段没有变化。

shell
1
2
3
4
5
6
❯ objdump -s -j .data test_c

test_c:     file format elf64-x86-64

Contents of section .data:
 4000 00000000 00000000 08400000 00000000  .........@......

3.3 定义2个全局变量

2个变量都进行初始化为非0

  • 一个声明为int类型
  • 一个声明为char类型

3.3.1 code

objdump内容一行代表一个4byte的内存内容,为了方便计算就直接将整型定义为16进制表达,更容易看出来内存序是大端序还是小端序。

c
1
2
3
4
5
6
7
8
9
10
int g_x;
int g_y = 0;

int g_i = 0x123456;
char g_j = 'a';

int main(int argc, char** argv)
{
    return 0;
}

3.3.2 size

data大小从512byte->517byte,就是g_ig_j这两个变量分配占用的内容空间。

shell
1
2
3
❯ size test_c
   text    data     bss     dec     hex filename
   1143     517      16    1676     68c test_c

3.3.3 data

从第2行开始,即内存地址0x4010开始的地址上,前4个byte放了0x56341200,g_i是int类型占用4byte,而g_i的值是0x123456,所以当前这台机器的字节序是小端序。紧随其后的1个byte存放的是0x61,对应的十进制是97,g_j的值是a,对应的ASCII是97,因此在data块上存储着初始化为非0的全局变量。

shell
1
2
3
4
5
6
7
❯ objdump -s -j .data test_c

test_c:     file format elf64-x86-64

Contents of section .data:
 4000 00000000 00000000 08400000 00000000  .........@......
 4010 56341200 61                          V4..a
C
静态内存布局
https://bannirui.github.io/2023/11/21/静态内存布局/
作者
dingrui
发布于
2023年11月21日
许可协议