Demystifying Debuggers: Anatomy of a Running Program
This article delves into the low-level mechanics of a running program. Using the analogy of a video game cartridge on an NES, it explains how modern operating systems virtualize program execution. Key concepts like virtual address spaces, threads of execution, executable images, loaders, modules, and processes are detailed. The article explains how virtual address spaces, via page tables, map virtual addresses to physical addresses, allowing multiple programs to share physical memory without interference. It also covers thread scheduling, executable image formats (PE and ELF), the loader's role, and dynamic module loading/unloading. Finally, it summarizes the concept of a process, which integrates threads, modules, and virtual address spaces.
Read more