flat assembler
Message board for the users of flat assembler.

Index > Main > base address of the data and the code?

Author
Thread Post new topic Reply to topic
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle 22 Dec 2003, 08:19
question 1.

why the data address is 0x00401000 and the code 0x00402000?
Could I change it?



question 2.

How can I find this data in physical memory?
Is it possible in Windows?


Code:
format PE console
include '%fasminc%/win32a.inc'
entry go_first


        ;----------------------------------------------
         section '.dane'data readable writeable
        ;----------------------------------------------


liczba_d       dd 0xffff
napis1         db 'address:0x'                  ,0
napis2         db 'equ:0x'                      ,0
format_string  db 'data %s%x%s%x  code %s%x%s%x',0



        ;----------------------------------------------
        section '.kod' code readable executable
        ;----------------------------------------------


        liczba_k dd 0xaaaa ; DATA IN CODE SECTION TO IDENTIFY BASE ADDRESS


go_first:
cinvoke printf,format_string,napis1,liczba_d,napis2,[liczba_d],napis1,liczba_k,napis2,[liczba_k]

g:
        jmp g  ; THIS IS NO NEEDED WHEN YOU RUN THE PRG IN COMMAND_LINE MODE
        invoke ExitProcess,0
;------------------------THE END OF CODE--------










        ;-----------------------------------------------
        section '.idata' import data readable executable
        ;-----------------------------------------------




library KERNEL32,'KERNEL32.DLL',\
       CRTDLL,'CRTDLL.DLL'

        import KERNEL32,\
                        ExitProcess,'ExitProcess'

        import CRTDLL,\
                        printf,'printf'
  
    

_________________
Microsoft: brings power of yesterday to computers of today.
Post 22 Dec 2003, 08:19
View user's profile Send private message Reply with quote
roticv



Joined: 19 Jun 2003
Posts: 374
Location: Singapore
roticv 22 Dec 2003, 12:23
All sections are aligned to 1000h. 400000 is your image base. Since your code section comes before your data section and the size of your code section is smaller than 1000h, therefore the code section starts at 401000h and your data section 402000h. Why would you want to change it?

What data? As long as you know your image base value (which would be usually 400000), everything is simple.
Post 22 Dec 2003, 12:23
View user's profile Send private message Visit poster's website MSN Messenger Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle 22 Dec 2003, 13:10
the question is not why, the question is how?

if you want to know why:
becaus I am a Human, and like most of them I am curious.


--------------
aloha, Privalov ,please say something.

_________________
Microsoft: brings power of yesterday to computers of today.
Post 22 Dec 2003, 13:10
View user's profile Send private message Reply with quote
roticv



Joined: 19 Jun 2003
Posts: 374
Location: Singapore
roticv 22 Dec 2003, 13:59
Use a PE editor to edit the imagebase value and the Virtual Address, and you get different values.

Once you know the imagebase, you know where is the image mapped onto. Using that info you can read the section header and from the section header and the pe header you can know what's the address of data and code section.
Post 22 Dec 2003, 13:59
View user's profile Send private message Visit poster's website MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.