Disassembly question
I'm teaching myself disassembly by throwing stuff like the Reverse Engineering Compiler at stuff I have the source code for to try to recognize how common constructs are represented at the assembly level. One thing I notice is that I'll have code that references memory just beyond the last PE section when it is loaded in memory, e.g. if I have a code section that ends at 0x00476000, I'll see references to 0x0047a000 being made. This strikes me as odd as it doesn't appear to be the stack, nor does it appear to be the heap.
What would be stored there? Global variables?
Generate a map file (usually a linker option) which will tell you the address and length of the various sections of the executable.
I'd guess its the BSS (uninitialised globals) section which is set to all zero upon program load.
I'd guess its the BSS (uninitialised globals) section which is set to all zero upon program load.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement