Question about allocating memory for a Windows PE file
mike at codeweavers.com
Wed Dec 6 20:05:56 CST 2006
Stephen Torri wrote:
> I am trying to create a custom Windows PE loader (binary & DLL) for the
> purpose of security research. I am having a difficult time finding how
> to allocate memory for a binary at the desired address in memory
> (especially if its non-relocatable). I would like to see why I cannot
> get memory allocated at the exact address request in the binary headers.
> Is there a program or system call that allows me to see a list of memory
> address ranges allocated to the running processes on a system?
In Wine, if you put the program in a sleep with kernel32.Sleep() or
sleep(3), you can cat /proc/<pid>/maps to see which memory is allocated.
That or, cause the program to crash or enter winedbg with a break point,
then winedbg will give you a backtrace containing the list of modules
loaded at each address.
I think the default load address of PE exes is 0x00400000, so it's
possible that address is already taken by the first .exe you loaded.
More information about the wine-devel