Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page write loader with memory hooker
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-15-2024, 23:11
chants chants is offline
VIP
  
Join Date: Jul 2016
Posts: 826
Rept. Given: 47
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 737
Thanks Rcvd at 1,140 Times in 529 Posts
chants Reputation: 51
Quote:
Originally Posted by Ayumi View Post
The PE file does not describe the entire memory space of an executable. It only contains the data required to execute a program, and the OS keeps the right to add additional regions without the user's awareness.
For example...Things such as the heap, the stack and other internal memory regions required for a process to function and operate are not the responsibility of a PE file (or any executable file for that matter).

A PE doesn't define a heap, it requests a heap to be allocated for it from the OS (AllocateHeap is a Windows API that does that). There's no need to actually eat up space for a heap "placeholder" in the PE file. The same goes for the stack, the PEB, and other memory objects a process has.

Additionally, a user(i.e. programmer) does not usually need to even call AllocateHeap for it's process to have a heap. OSes usually allocate a default heap for the process when loading it (either by the loader itself or by startup code the OS runs before control is given to the PE's Entry Point). Other times the compiler prefixes the code with code that allocates a heap.

So check all those other locations too.
Wrong. Tyro detected. Microsoft literally since they made PE file format let's you control the size of both the stack and the "local heap" right in the PE optional header towards the start of the file.

Quote:
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#optional-header-standard-fields-image-only
Quote:
72/72
4/8
SizeOfStackReserve
The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached.
76/80
4/8
SizeOfStackCommit
The size of the stack to commit.
80/88
4/8
SizeOfHeapReserve
The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached.
84/96
4/8
SizeOfHeapCommit
The size of the local heap space to commit.
Certain aliases giving bad information doesn't surprise me
Reply With Quote
The Following 2 Users Say Thank You to chants For This Useful Post:
mcr4ck (05-16-2024), SofTw0rm (05-17-2024)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[HELP] How to write a simple Loader in ASM on MSDOS stoney81 General Discussion 5 12-20-2024 15:55
Macho Loader from memory - FPC Mac OS Coldzer0 Source Code 0 07-27-2018 05:43


All times are GMT +8. The time now is 20:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )