All Questions
7
questions
0
votes
0
answers
39
views
Why mov empty block to register?
Why MOV a bunch of 00s to register?
I have seen these empty blocks a lot of times being referenced this way.
- 1
1
vote
0
answers
40
views
Is it possible for different dynamic memory addresses to share the same offset value?
I am currently using cheat engine to hack a game. I used the pointer scanner to find some pointers to the pistol ammo memory location. I then went to look for pointers to the shotgun ammo memory ...
- 131
0
votes
1
answer
104
views
Expanding .data section at particular area
I have a program which creates a hard-coded number of objects. I patched the binary so that now it can attempt to create more objects than the limit allows, however when it does it allocates them to ...
- 61
4
votes
1
answer
770
views
IAT vs GOT address resolving: which of them resolve during runtime and which during load time by default?
So based on my knowledge on windows apps, as far as i know the IAT gets filled with correct addresses when the library gets loaded (correct me if I'm wrong)
now in linux, they use GOT, and again ...
- 518
0
votes
2
answers
677
views
Is relocation table only used for absolute addresses?
I was reading about mapped and unmapped PE format, and how the alignment between sections changes after loading it into memory and that caused two question for me:
is the relocation table used before ...
- 232
3
votes
1
answer
2k
views
PE file format: How can I find the heap memory space in a running WinNT program?
I've been researching the Portable Executable format and one great work I've been reading is "ARTeam PE file format Tutorial" which is a collection of research from Michael J'OLeary, Randy Kath, Matt ...
- 1,880
1
vote
1
answer
99
views
How can force free part of memory in process? [closed]
I need to allocate in Special address. How can I force free parts of the memory to be allocated in the process ?
ZwFreeVirtualMemory(0,(LPVOID*)&(ImageBase),&(SizeOfImage),MEM_RELEASE );
- 41