1.gdb中dump内存
http://ioctl.eu/blog/2009/05/06/memory_dump_gdb
Memory Dump with GDB
Altough gdb is not a real low-level debugger, it has some quite interesting low-level functionality.
(gdb) dump binary memory dump.raw 0x00800000 0x01000000
Dumps the memory of the currently debugged application into a file 'dump.raw' from address 0x00800000 to address 0x01000000.
Now, this file can be searched, processed or even modified using external tools. If desired, using the command restore it can be loaded back into the memory.
Interesting regions to dump and inspect can be found using tools like vmmap (on MacOS X). You will be probably most interested in MALLOC_* regions.
2.http://sourceforge.net/apps/trac/elpi/wiki 系统高级编程
3.ELF文件在Linux系统中加载进内存之后的布局简图,转自scz
--------------------------------------------------------------------------
0x08048000 code .text,代码,只读
data .data,包含已经初始化的数据,只读
bss .bss,未初始化数据,初始化成0,读/写
... 堆区,动态分配获取的内存从.bss往内存高端增长
... (heap),读/写
...
stack 栈区,起始地址大于0xBFFF0000
arguments main()的形参
environment 环境变量区域
program name execve()第一形参,不是argv[0]
0xBFFFFFFC null(dword) 最后四个字节固定为零
0xC0000000
--------------------------------------------------------------------------