• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

How to get data segement, .bss and heap area offsets of a process?

Hi,

I've got a handle to a running process (launched externally to my app) and can read various vals from its memory area using readProcessMemory, but I was wondering if there is a simple way to obtain the offset (from image base) of the Data area (in particular, separate offsets for the start of the data segment, .bss area and heap?). (Win32 / MFC).

Thanks if you can help!
Chris J
0
chrispauljarram
Asked:
chrispauljarram
1 Solution
 
pgnatyukCommented:
If you a static variable has a special value, for example it is a string that begins from 'zzzvvtttss', you can find it it he executable. It's simple. Other things are not simple at all.
If you build your project with "Generate map-file", it is possible to find the functions.

If you don't have these links about PE format:
http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
http://msdn.microsoft.com/en-us/library/ms809762.aspx
http://msdn.microsoft.com/en-us/library/ms680330(VS.85).aspx

CodeProject (source code is here):
http://www.codeproject.com/KB/system/inject2exe.aspx
http://www.codeproject.com/KB/tips/PE_File.aspx
http://www.codeproject.com/KB/tips/Self-generating-code.aspx
0
 
chrispauljarramAuthor Commented:
Cheers pgnatyuk, I think I can derive what I need from that - actually for the most part the image never changes, and it looks like I can just read the data area start address from the PE header (and offset the image base) for the majority of my purposes.

Thanks again for the quick response :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now