News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

The OFFSET operator

Started by bf2, May 10, 2011, 04:30:28 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

donkey

#15
May 11, 2011, 05:08:37 PM
Quote from: bf2 on May 11, 2011, 05:01:26 PM
Quote from: jj2007
So, since we are in the Campus: Never assume your data starts at 402000h. And stay away from badly documented arbitrary pointers, too :naughty:

Correct. In my original code at the beginning of this thread the data section starts at 00403000h.

So what's the significance of the entry point address 00401000h (ignoring Vista for the time being)? Does this mean the lower 4MB of the 4Gb address space is reserved by the OS for some reason?

Windows loads your non-ASLR PE at 00400000h (your module handle BTW), at that address you will find your image headers and various linking and loading information. The next page 00401000h is generally used for the code section and the first page after that is used for data. If your code section is less than 4096 bytes (the system page size) it will be at 00402000h, if not it will be at the next page boundary rounded up from the last code address. The lower memory is generally reserved for things like the process heap, the stack and other essential items.
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

mineiro

#16
May 11, 2011, 06:13:06 PM
I have reread your subject about offset, and one thing that give me so much headcache is what is data and what is code? I'm saying this because that 'data label" quoted before. Years ago, before windows exists, I have tryed write a text in my language with sense that in true is a program,a double sense, after stay a bit mad I get that, but is so much difficult. To me, an offset is only a pointer to some place.
Code Select

.386
OPTION CASEMAP:NONE
include \masm32\include\masm32rt.inc

.DATA
msgBoxText       DB 8+1+1 dup (?)

.CODE
var1 DD 130
code_sec DB "this code section starts at:", 0
data_sec DB "this data section starts at:", 0
start1 DB "this start at offset:",0
nopping db 4096 dup (90h)

start:
MOV EAX, OFFSET start
INVOKE dw2hex, EAX, addr msgBoxText
mov byte ptr [msgBoxText+8],"h"
INVOKE MessageBox, NULL, ADDR msgBoxText, ADDR start1, MB_OK

invoke ExitProcess, NULL
END start

donkey

#17
May 11, 2011, 06:33:44 PM
Code and data are just numbers in memory. The difference is how the memory is protected, code is PAGE_EXECUTE and data is generally PAGE_READWRITE, while constants are generally PAGE_READONLY. Each section is aligned to a page boundary and the entire section is given the protection attribute depending on the type of data. You can change (within limits) the attributes of a section using VirtualProtect.

Memory Protection Constants
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable
Print
Go Up Pages 1 2
User actions