All geek questions in one place

Windows stack - where is it?

I'm a little confused about where the exe stack is. I know that CRT before starting the program initializes the heap, allocating the amount of heap (which, in turn, is allocated to the OS, which allocates pages), but where is the stack? Is this also on the page? Or is it used by all programs in user mode (ring3) using the ring3 handle in GDT (I think it’s not, but I’m not sure)?

+4
source share
3 answers

Windows will reserve an adjacent virtual memory area (default 1 MB) per stream. He then makes a few of the topmost pages of this memory area and marks a couple lower than the protection pages. As the thread stack grows down, if access to the protection page occurs, an exception is thrown and Windows captures the protection page and places pages below this as protection.

You can study this behavior with the excellent SysInternals VMMap utility . The following is a snippet of this tool:

enter image description here

+5
source

Each thread is assigned its own stack. This is just a piece of memory allocated for this purpose.

All memory is allocated on pages, including the stack (on Windows, I consider the stack to be 1 MB by default, so it will span multiple pages, given that most memory pages are 4 KB.)

But this is really just a piece of memory pointed to by the register pointer of the stack.

+3
source

Every program on Windows is a process. Usually processes do not share their memories.

Sharing and sharing is a matter of how the virtual address space of each process is displayed in physical memory.

If two processes have parts of their address spaces that are displayed on the same pages of physical memory, this memory is effectively shared by them, and each process can read and, possibly, write and observe the recording of another process.

There is very little point in stack memory allocation, so each process has its own stack. In fact, processes are more like containers. The objects that execute the code and use the stack are threads. There is at least one thread in each process. Themes have their own stacks, but since process threads are in the same virtual address space, they can access each other. It is sometimes useful to share data between stacks between threads, but this must be done carefully so as not to damage the state of the threads and not cause freezes or crashes.

+1
source

Source: https://habr.com/ru/post/1434352/

More articles:


All Articles