Home/ Questions/Q 7500827
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T20:19:17+00:00

Can I get the scope of process code in the memory through PE file

  • 0

Can I get the scope of process code in the memory through PE file or someway?

If I have a process like this

example.exe

#include <stdio.h>
#include <string.h>

void func()
{
  char str[10];

  strcpy( str, "iambuffer\n" );

  printf( "%s", str );
} // func()

int main()
{
  func();

  return 0;
} // main()

I can use Ollydgb to know that the scope of example.exe in the memory, and my question is how can I know these information without using Ollydgb?

thanks a lot

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So long as you have a pointer to the PE (casted from an HMODULE), you can get the processes virtualized code size like so (not, it’ll always be a multiple of the page size):

    inline ULONG_PTR GetModuleSize(HMODULE hModule)
{
    IMAGE_DOS_HEADER* pDOSHeader = (IMAGE_DOS_HEADER*)hModule;
    IMAGE_NT_HEADERS* pNTHeaders =(IMAGE_NT_HEADERS*)((BYTE*)pDOSHeader + pDOSHeader->e_lfanew);
    return pNTHeaders->OptionalHeader.SizeOfImage;
}

    So of course the range will become (ULONG_PTR)hModule to (ULONG_PTR)hModule + GetModuleSize(hModule)

    One can enumerate the various sections if you want a finer grained memory mapping. See the Win32 PE reference. If you want the stack bounds, you can get those from the TIB.
    (funnily enough I also made this function cause I wanted that feature of olly’s).

    • 0