Question about allocating memory for a Windows PE file

Mike McCormack mike at codeweavers.com
Wed Dec 6 20:05:56 CST 2006


Stephen Torri wrote:
> I am trying to create a custom Windows PE loader (binary & DLL) for the
> purpose of security research. I am having a difficult time finding how
> to allocate memory for a binary at the desired address in memory
> (especially if its non-relocatable). I would like to see why I cannot
> get memory allocated at the exact address request in the binary headers.
> Is there a program or system call that allows me to see a list of memory
> address ranges allocated to the running processes on a system?

In Wine, if you put the program in a sleep with kernel32.Sleep() or 
sleep(3), you can cat /proc/<pid>/maps to see which memory is allocated.

That or, cause the program to crash or enter winedbg with a break point, 
then winedbg will give you a backtrace containing the list of modules 
loaded at each address.

I think the default load address of PE exes is 0x00400000, so it's 
possible that address is already taken by the first .exe you loaded.

Mike



More information about the wine-devel mailing list