内存管理篇——线性地址的管理

写在前面

  此系列是本人一个字一个字码出来的,包括示例和实验截图。由于系统内核的复杂性,故可能有错误或者不全面的地方,如有错误,欢迎批评指正,本教程将会长期更新。 如有好的建议,欢迎反馈。码字不易,如果本篇文章有帮助你的,如有闲钱,可以打赏支持我的创作。如想转载,请把我的转载信息附在文章后面,并声明我的个人信息和本人博客地址即可,但必须事先通知我

你如果是从中间插过来看的,请仔细阅读 羽夏看Win系统内核——简述 ,方便学习本教程。

  看此教程之前,问几个问题,基础知识储备好了吗?保护模式篇学会了吗?练习做完了吗?没有的话就不要继续了。


🔒 华丽的分割线 🔒


内核线性地址管理概述

  在开始线性地址管理之前,我们先从宏观上了解内核线性地址的划分区域:

  如下是系统的全局变量:

  可以看出微软把操作系统的内存区域的用途划分的十分清晰,当然你处于0环时,可以不用遵守这种约定,但最好不要与其冲突。如果自己写个处于保护模式下的操作系统玩玩自己随便定。

线性地址管理

  我们在3环的程序,如果你对虚拟地址了解比较多的话一定会知道下面的表格:

分区 x86 32位Windows
空指针赋值区 0x00000000 - 0x0000FFFF
用户模式区 0x00010000 - 0x7FFEFFFF
64KB禁入区 0x7FFF0000 - 0x7FFFFFFF
内核 0x80000000 - 0xFFFFFFFF

  一个进程不可能每一个线性地址都对应一个物理页,如果要清楚地了解线性地址的使用,就必须有一个记录,在EPROCESS结构体中,有一个成员VadRoot,如下所示:

kd> dt _EPROCESS
ntdll!_EPROCESS
   ……
   +0x118 HardwareTrigger  : Uint4B
   +0x11c VadRoot          : Ptr32 Void
   +0x120 VadHint          : Ptr32 Void
   +0x124 CloneRoot        : Ptr32 Void
   +0x128 NumberOfPrivatePages : Uint4B
   +0x12c NumberOfLockedPages : Uint4B
   ……

  而这个VadRoot的记录是由二叉树结构组织的,我们来看看它的结构:

kd> dt _MMVAD
nt!_MMVAD
   +0x000 StartingVpn      : Uint4B
   +0x004 EndingVpn        : Uint4B
   +0x008 Parent           : Ptr32 _MMVAD
   +0x00c LeftChild        : Ptr32 _MMVAD
   +0x010 RightChild       : Ptr32 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : Ptr32 _CONTROL_AREA
   +0x01c FirstPrototypePte : Ptr32 _MMPTE
   +0x020 LastContiguousPte : Ptr32 _MMPTE
   +0x024 u2               : __unnamed

  里面有两个共用体类型,我翻了翻Win2000泄露代码如下所示:

typedef struct _MMVAD {
    ULONG_PTR StartingVpn;
    ULONG_PTR EndingVpn;
    struct _MMVAD *Parent;
    struct _MMVAD *LeftChild;
    struct _MMVAD *RightChild;
    union {
        ULONG_PTR LongFlags;
        MMVAD_FLAGS VadFlags;
    } u;
    PCONTROL_AREA ControlArea;
    PMMPTE FirstPrototypePte;
    PMMPTE LastContiguousPte;
    union {
        ULONG LongFlags2;
        MMVAD_FLAGS2 VadFlags2;
    } u2;
    union {
        LIST_ENTRY List;
        MMADDRESS_LIST Secured;
    } u3;
    union {
        PMMBANKED_SECTION Banked;
        PMMEXTEND_INFO ExtendedInfo;
    } u4;
} MMVAD, *PMMVAD;

  可以看出,上面的结构体比XP多了两个共用体,共用体的成员仅供参考。其中第一个共用体成员十分重要,它描述了大量主要的属性,其结构体如下:

kd> dt _MMVAD_FLAGS
nt!_MMVAD_FLAGS
   +0x000 CommitCharge     : Pos 0, 19 Bits
   +0x000 PhysicalMapping  : Pos 19, 1 Bit
   +0x000 ImageMap         : Pos 20, 1 Bit
   +0x000 UserPhysicalPages : Pos 21, 1 Bit
   +0x000 NoChange         : Pos 22, 1 Bit
   +0x000 WriteWatch       : Pos 23, 1 Bit
   +0x000 Protection       : Pos 24, 5 Bits
   +0x000 LargePages       : Pos 29, 1 Bit
   +0x000 MemCommit        : Pos 30, 1 Bit
   +0x000 PrivateMemory    : Pos 31, 1 Bit

  下面我将会用实验进行介绍。

实验讲解

  我在虚拟机开了一个记事本,输入如下指令:

kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
……
Failed to get VadRoot
PROCESS 89d37da0  SessionId: 0  Cid: 018c    Peb: 7ffd3000  ParentCid: 05e8
    DirBase: 13a40260  ObjectTable: e1f4db50  HandleCount:  44.
    Image: notepad.exe

kd> dt _EPROCESS 89d37da0
ntdll!_EPROCESS
   ……
   +0x118 HardwareTrigger  : 0
   +0x11c VadRoot          : 0x89d080a8 Void
   +0x120 VadHint          : 0x89e22630 Void
   +0x124 CloneRoot        : (null) 
   ……

  对于Windbg来说,它提供了一个十分简单查看线性地址的记录情况的指令,如下所示:

kd> !vad 0x89d080a8
VAD   Level     Start       End Commit
89eb60e8  3        10        10      1 Private      READWRITE          
89cf10e8  2        20        20      1 Private      READWRITE          
89d310c8  5        30        3f      6 Private      READWRITE          
89f833e0  4        40        7f     18 Private      READWRITE          
89d372d0  3        80        82      0 Mapped       READONLY           Pagefile section, shared commit 0x3
89d350a8  4        90        91      0 Mapped       READONLY           Pagefile section, shared commit 0x2
89e22630  1        a0       19f     21 Private      READWRITE          
89cff0b8  4       1a0       1af      6 Private      READWRITE          
89e31380  3       1b0       1bf      0 Mapped       READWRITE          Pagefile section, shared commit 0x3
89d350d8  4       1c0       1d5      0 Mapped       READONLY           \WINDOWS\system32\unicode.nls
89cf50d8  2       1e0       220      0 Mapped       READONLY           \WINDOWS\system32\locale.nls
89cf70a8  4       230       270      0 Mapped       READONLY           \WINDOWS\system32\sortkey.nls
89d200a8  3       280       285      0 Mapped       READONLY           \WINDOWS\system32\sorttbls.nls
89d080a8  0       290       2d0      0 Mapped       READONLY           Pagefile section, shared commit 0x41
89d170d8  5       2e0       3a7      0 Mapped       EXECUTE_READ       Pagefile section, shared commit 0x3
89f68f20  6       3b0       3bf      8 Private      READWRITE          
89aeaf98  7       3c0       3c0      1 Private      READWRITE          
89abfd58  8       3d0       3d0      1 Private      READWRITE          
89d790d8 10       3e0       3e1      0 Mapped       READONLY           Pagefile section, shared commit 0x2
89d140d8  9       3f0       3f1      0 Mapped       READONLY           Pagefile section, shared commit 0x2
89d96330 10       400       40f      3 Private      READWRITE          
89d250e8  4       410       41f      8 Private      READWRITE          
89d100b8  3       420       42f      4 Private      READWRITE          
89d250b8  4       430       432      0 Mapped       READONLY           \WINDOWS\system32\ctype.nls
89dd71f8  2       440       47f      3 Private      READWRITE          
89d56260  5       480       582      0 Mapped       READONLY           Pagefile section, shared commit 0x103
89d280a8  4       590       88f      0 Mapped       EXECUTE_READ       Pagefile section, shared commit 0x1a
89de0f60  3       890       90f      1 Private      READWRITE          
89d060a8  5       910       95f      0 Mapped       READONLY           Pagefile section, shared commit 0x50
89d8ae80  4       960       960      0 Mapped       READWRITE          Pagefile section, shared commit 0x1
89d42ec0  6       970       9af      0 Mapped       READWRITE          Pagefile section, shared commit 0x10
89d42e90  5       9b0       9bd      0 Mapped       READWRITE          Pagefile section, shared commit 0xe
89d310e8  7       9c0       abf    123 Private      READWRITE          
89dd9e80  6       ad0       b4f      0 Mapped       READWRITE          Pagefile section, shared commit 0x7
89abfcd8  1      1000      1012      3 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\notepad.exe
89d280d8  7     58fb0     59179      9 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\AppPatch\AcGenral.dll
89d0e0d8  8     5adc0     5adf6      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\uxtheme.dll
89d100d8  6     5cc30     5cc55     20 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\shimeng.dll
89d2e248  7     62c20     62c28      1 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\lpk.dll
89d230d8  5     72f70     72f95      3 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\winspool.drv
89cf70d8  8     73640     7366d      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\MSCTFIME.IME
89d790a8  7     73fa0     7400a     16 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\usp10.dll
89dd93e0  8     74680     746cb      3 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\MSCTF.dll
89d0e0a8  6     759d0     75a7e      3 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\userenv.dll
89d200d8  7     76300     7631c      1 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\imm32.dll
89d080d8  4     76320     76366      4 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\comdlg32.dll
89d342d0  8     76990     76acc      8 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\ole32.dll
89cc50a8  7     76b10     76b39      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\winmm.dll
89d140a8  8     770f0     7717a      4 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\oleaut32.dll
89d170a8  6     77180     77282      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
89a865b8  8     77bb0     77bc4      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\msacm32.dll
89d0f0d8  9     77bd0     77bd7      1 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\version.dll
89d230a8  7     77be0     77c37      7 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\msvcrt.dll
89abfd18  8     77d10     77d9f      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\user32.dll
89cf50a8  5     77da0     77e48      5 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\advapi32.dll
89d590a8  6     77e50     77ee1      1 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\rpcrt4.dll
89d590d8  8     77ef0     77f38      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\gdi32.dll
89d010a8  9     77f40     77fb5      2 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\shlwapi.dll
89d270d8  7     77fc0     77fd0      1 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\secur32.dll
89d372a0  3     7c800     7c91d      5 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\kernel32.dll
89eb60b8  2     7c920     7c9b2      5 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\ntdll.dll
89cf60d8  5     7d590     7dd83     30 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\shell32.dll
89d9e908  4     7f6f0     7f7ef      0 Mapped       EXECUTE_READ       Pagefile section, shared commit 0x7
89d010d8  3     7ffa0     7ffd2      0 Mapped       READONLY           Pagefile section, shared commit 0x33
89abfc58  4     7ffd3     7ffd3      1 Private      READWRITE          
89ac1ac8  5     7ffdf     7ffdf      1 Private      READWRITE          

Total VADs: 66, average level: 6, maximum depth: 10
Total private commit: 0x161 pages (1412 KB)
Total shared commit:  0x21d pages (2164 KB)

  其中VAD就是MMVAD结构体的地址,Level就是二叉树的层级,根节点是0,如果不懂请具体请自行学习二叉树的相关知识。
  咱们的物理页大小都是4KB,用十六进制来表示的话就是0x1000,所以上面的StartEnd就是除掉0x1000的结果。如果这两个值相等,就只是使用一个物理页。
  上面还有一个Commit,这个就是你使用VirtualAlloc函数传参时MEM_COMMIT的物理页个数。下面我们开始手动遍历VAD看看情况:

kd> dt _MMVAD 0x89d080a8
nt!_MMVAD
   +0x000 StartingVpn      : 0x290
   +0x004 EndingVpn        : 0x2d0
   +0x008 Parent           : (null) 
   +0x00c LeftChild        : 0x89e22630 _MMVAD
   +0x010 RightChild       : 0x89abfcd8 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : 0x89e7e540 _CONTROL_AREA
   +0x01c FirstPrototypePte : 0xe15a69f0 _MMPTE
   +0x020 LastContiguousPte : 0xe15a6bf0 _MMPTE
   +0x024 u2               : __unnamed

  上面的内容对应用!vad的记录:

VAD   Level     Start       End Commit
89d080a8  0       290       2d0      0 Mapped       READONLY           Pagefile section, shared commit 0x41

  StartingVpnEndingVpn分别对应的是记录中StartEndParent就是二叉树的父节点,LeftChildRightChild分别对应二叉树的左子节点和右子节点,我们来看看它的VadFlags属性:

kd> dx -id 0,0,805539a0 -r1 (*((ntkrnlpa!__unnamed *)0x89d080bc))
(*((ntkrnlpa!__unnamed *)0x89d080bc))                 [Type: __unnamed]
    [+0x000] LongFlags        : 0x1000000 [Type: unsigned long]
    [+0x000] VadFlags         [Type: _MMVAD_FLAGS]
kd> dx -id 0,0,805539a0 -r1 (*((ntkrnlpa!_MMVAD_FLAGS *)0x89d080bc))
(*((ntkrnlpa!_MMVAD_FLAGS *)0x89d080bc))                 [Type: _MMVAD_FLAGS]
    [+0x000 (18: 0)] CommitCharge     : 0x0 [Type: unsigned long]
    [+0x000 (19:19)] PhysicalMapping  : 0x0 [Type: unsigned long]
    [+0x000 (20:20)] ImageMap         : 0x0 [Type: unsigned long]
    [+0x000 (21:21)] UserPhysicalPages : 0x0 [Type: unsigned long]
    [+0x000 (22:22)] NoChange         : 0x0 [Type: unsigned long]
    [+0x000 (23:23)] WriteWatch       : 0x0 [Type: unsigned long]
    [+0x000 (28:24)] Protection       : 0x1 [Type: unsigned long]
    [+0x000 (29:29)] LargePages       : 0x0 [Type: unsigned long]
    [+0x000 (30:30)] MemCommit        : 0x0 [Type: unsigned long]
    [+0x000 (31:31)] PrivateMemory    : 0x0 [Type: unsigned long]

  CommitCharge是几,那个Commit记录的就是几。有关线性地址的属性有两个,一个是Private(私有),另一个就是Mapped(映射)。由于我们示例的页是映射的只读内存,所以PrivateMemory值为0,有关线性内存的属性,也就是Protection的值,我们先看看如下枚举:

#define MM_READONLY            1
#define MM_EXECUTE             2
#define MM_EXECUTE_READ        3
#define MM_READWRITE           4  // bit 2 is set if this is writable.
#define MM_WRITECOPY           5
#define MM_EXECUTE_READWRITE   6
#define MM_EXECUTE_WRITECOPY   7

  这个属性就介绍完了,我们再看看ImageMap属性,这个就是使用!vad的信息中有的记录有Exe这个字样,如果ImageMap为1,那么就是镜像文件。
  重要的成员介绍完后,我们继续接着一个支线继续遍历:

kd> dt _MMVAD 0x89abfcd8
nt!_MMVAD
   +0x000 StartingVpn      : 0x1000
   +0x004 EndingVpn        : 0x1012
   +0x008 Parent           : 0x89d080a8 _MMVAD
   +0x00c LeftChild        : 0x89dd71f8 _MMVAD
   +0x010 RightChild       : 0x89eb60b8 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : 0x89b1af50 _CONTROL_AREA
   +0x01c FirstPrototypePte : 0xe1faebd8 _MMPTE
   +0x020 LastContiguousPte : 0xfffffffc _MMPTE
   +0x024 u2               : __unnamed
kd> dt _MMVAD 0x89eb60b8
nt!_MMVAD
   +0x000 StartingVpn      : 0x7c920
   +0x004 EndingVpn        : 0x7c9b2
   +0x008 Parent           : 0x89abfcd8 _MMVAD
   +0x00c LeftChild        : 0x89d372a0 _MMVAD
   +0x010 RightChild       : 0x89d010d8 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : 0x89fad2d8 _CONTROL_AREA
   +0x01c FirstPrototypePte : 0xe13e1b38 _MMPTE
   +0x020 LastContiguousPte : 0xfffffffc _MMPTE
   +0x024 u2               : __unnamed
kd> dt _MMVAD 0x89d010d8
nt!_MMVAD
   +0x000 StartingVpn      : 0x7ffa0
   +0x004 EndingVpn        : 0x7ffd2
   +0x008 Parent           : 0x89eb60b8 _MMVAD
   +0x00c LeftChild        : 0x89d9e908 _MMVAD
   +0x010 RightChild       : 0x89abfc58 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : 0x89faa1f8 _CONTROL_AREA
   +0x01c FirstPrototypePte : 0xe100f658 _MMPTE
   +0x020 LastContiguousPte : 0xe100f7e8 _MMPTE
   +0x024 u2               : __unnamed
kd> dt _MMVAD 0x89abfc58
nt!_MMVAD
   +0x000 StartingVpn      : 0x7ffd3
   +0x004 EndingVpn        : 0x7ffd3
   +0x008 Parent           : 0x89d010d8 _MMVAD
   +0x00c LeftChild        : (null) 
   +0x010 RightChild       : 0x89ac1ac8 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : (null) 
   +0x01c FirstPrototypePte : (null) 
   +0x020 LastContiguousPte : (null) 
   +0x024 u2               : __unnamed

  可以看到最后一个成员没有了左子树,说明到头了。为了更好的讲解上面的成员,我用这个记录:

VAD   Level     Start       End Commit
89eb60b8  2     7c920     7c9b2      5 Mapped  Exe  EXECUTE_WRITECOPY  \WINDOWS\system32\ntdll.dll

  然后在Windbg如下所示:

kd> dt _MMVAD 89eb60b8
nt!_MMVAD
   +0x000 StartingVpn      : 0x7c920
   +0x004 EndingVpn        : 0x7c9b2
   +0x008 Parent           : 0x89abfcd8 _MMVAD
   +0x00c LeftChild        : 0x89d372a0 _MMVAD
   +0x010 RightChild       : 0x89d010d8 _MMVAD
   +0x014 u                : __unnamed
   +0x018 ControlArea      : 0x89fad2d8 _CONTROL_AREA
   +0x01c FirstPrototypePte : 0xe13e1b38 _MMPTE
   +0x020 LastContiguousPte : 0xfffffffc _MMPTE
   +0x024 u2               : __unnamed
kd> dx -id 0,0,805539a0 -r1 (*((ntkrnlpa!__unnamed *)0x89eb60cc))
(*((ntkrnlpa!__unnamed *)0x89eb60cc))                 [Type: __unnamed]
    [+0x000] LongFlags        : 0x7100005 [Type: unsigned long]
    [+0x000] VadFlags         [Type: _MMVAD_FLAGS]
kd> dx -id 0,0,805539a0 -r1 (*((ntkrnlpa!_MMVAD_FLAGS *)0x89eb60cc))
(*((ntkrnlpa!_MMVAD_FLAGS *)0x89eb60cc))                 [Type: _MMVAD_FLAGS]
    [+0x000 (18: 0)] CommitCharge     : 0x5 [Type: unsigned long]
    [+0x000 (19:19)] PhysicalMapping  : 0x0 [Type: unsigned long]
    [+0x000 (20:20)] ImageMap         : 0x1 [Type: unsigned long]
    [+0x000 (21:21)] UserPhysicalPages : 0x0 [Type: unsigned long]
    [+0x000 (22:22)] NoChange         : 0x0 [Type: unsigned long]
    [+0x000 (23:23)] WriteWatch       : 0x0 [Type: unsigned long]
    [+0x000 (28:24)] Protection       : 0x7 [Type: unsigned long]
    [+0x000 (29:29)] LargePages       : 0x0 [Type: unsigned long]
    [+0x000 (30:30)] MemCommit        : 0x0 [Type: unsigned long]
    [+0x000 (31:31)] PrivateMemory    : 0x0 [Type: unsigned long]

  如果仔细的话有的后面会跟着文件路径,而这个名称有是在哪里记录着呢?它在ControlArea这个属性中,我们就拿着上面刚举例的继续:

kd> dx -id 0,0,805539a0 -r1 ((ntkrnlpa!_CONTROL_AREA *)0x89fad2d8)
((ntkrnlpa!_CONTROL_AREA *)0x89fad2d8)                 : 0x89fad2d8 [Type: _CONTROL_AREA *]
    [+0x000] Segment          : 0xe13e1af8 [Type: _SEGMENT *]
    [+0x004] DereferenceList  [Type: _LIST_ENTRY]
    [+0x00c] NumberOfSectionReferences : 0x1 [Type: unsigned long]
    [+0x010] NumberOfPfnReferences : 0x53 [Type: unsigned long]
    [+0x014] NumberOfMappedViews : 0x15 [Type: unsigned long]
    [+0x018] NumberOfSubsections : 0x5 [Type: unsigned short]
    [+0x01a] FlushInProgressCount : 0x0 [Type: unsigned short]
    [+0x01c] NumberOfUserReferences : 0x16 [Type: unsigned long]
    [+0x020] u                [Type: __unnamed]
    [+0x024] FilePointer      : 0x89fbe9a0 : "\WINDOWS\system32\ntdll.dll" - Device for "\FileSystem\Ntfs" [Type: _FILE_OBJECT *]
    [+0x028] WaitingForDeletion : 0x0 [Type: _EVENT_COUNTER *]
    [+0x02c] ModifiedWriteCount : 0x0 [Type: unsigned short]
    [+0x02e] NumberOfSystemCacheViews : 0x0 [Type: unsigned short]

  看到FilePointer这个成员了吗?而这个又是_FILE_OBJECT结构体指针,具体的可以在Windbg查看文件名到底存储在哪里。

本节练习

本节的答案将会在下一节进行讲解,务必把本节练习做完后看下一个讲解内容。不要偷懒,实验是学习本教程的捷径。

  俗话说得好,光说不练假把式,如下是本节相关的练习。如果练习没做好,就不要看下一节教程了,越到后面,不做练习的话容易夹生了,开始还明白,后来就真的一点都不明白了。本节练习不多,请保质保量的完成。

1️⃣ 写代码实现需输入进程的PID来获取打印其VAD树。

下一篇

  内存管理篇——私有内存和映射内存

posted @ 2022-02-17 22:21  寂静的羽夏  阅读(822)  评论(0编辑  收藏  举报