I am currently studying the Portable Executable file format and I've learned about the 9 common sections such as .code, .data, .rdata, .debug, and etc... However, one piece of information which seems to be obscure and absent from the papers I've read is the location (address space) of the program's "heap" in memory in regards to these section, and how it is assigned as well. Is it part of one of these data sections? I've heard rumors that it appears after the .bss section but these are just rumors. Is there even a set heap size (for each specific exe of course) when the Windows loader loads the PE and if so what is it based off of?
How and where is the heap allocated in regards to a portable executable on Windows NT/10?
360 Views Asked by the_endian At
1
There are 1 best solutions below
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in MEMORY-MANAGEMENT
- Polars with Rust: Out of Memory Error when Processing Large Dataset in Docker Using Streaming
- how is strncpy able to copy from source to empty destination?
- Mallocing int* inside of int** gives unexpected integer values in the first and sometimes second allocation
- How to prevent R from slowing down in long analysis besides freeing up memory?
- React Navigation: Navigate into page, increase RAM, navigate back and RAM stays high
- Java Memory UTF-16 Vs UTF-8
- How to protect a page so that it cannot be write in mips arch?
- How does pre-allocating a pool of SocketAsyncEventArgs objects upfront improve the performance of a server application in c#
- Finding total RAM consumption of process, including swap
- How do special libraries in C cause memory allocation to fail or interact improperly?
- Does CLR add overhead fields to type which value is null?
- How do I improve the performance of this C# code - looping through a DataTable and building a Dictionary?
- Numpy memmap still using RAM instead of disk while doing vector operation
- Does the Direct Memory Access (DMA) interfere with the execution of user program execution?
- How to read and process big csv file fast and keep memory usage low in java?
Related Questions in PORTABLE-EXECUTABLE
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- How to protect MSI installer digital signature from tampering
- How can I extract raw bytes of DOS stub using python's pefile library?
- How can I decompile an exe protected by a PE packer?
- Spurious trampoline when calling function from DLL
- Trying to convert MASM into C equivalent, but getting different result
- Parse PE File with C in Windows
- PE Loader with Relocation
- How do file pointers point to the of data on the disk?
- Software copyright infringement
- Getting the forwarded function name
- parsing a PE file to find the export table address using CFF explorer and msdn doc
- Extract/parse resources from Portable Executable (PE) file
- A “universal” binary?
- Relocation Table and IDA
Related Questions in WINDOWS-NT
- Compiling Windows Native program in Visual Studio
- WNetAddConnection2 returns error 86, Net Use Works
- How could I go about loading functions from NTDLL without linking against it or any other DLLs?
- Windows10 NT Shell ,using WPF Application to replace Explorer.exe
- Windows NtCreateFile returning STATUS_INVALID_PARAMETER (using undocumented NT syscall interface)
- Will Go compiled binaries run on Windows NT including the use of Ethernet ports?
- Proper PE base relocation
- How to copy filename with tilde in Windows 7?
- Official Documentation for hidden NT driver functions
- How do debuggers bypass Image File Execution Options when launching their debugee?
- NtQueryInformationProcess ProcessConsoleHostProcess returns wrong Process ID
- How to check if windows NT user is valid?
- How to run a C# application on WindowsNT?
- Run with elevated rights a PowerShell script, with spaces in path, from Windows Command Prompt (CMD)
- How can I install ssh2 in Windows_NT (Azure web service) to connect VM from web service?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
There are a couple of fields in
IMAGE_OPTIONAL_HEADERthat controls the initial size of the default process heap (GetProcessHeap) but the heap itself is not part of the PE layout.A program can create additional heaps with
HeapCreate. The heap can also operate in different modes (serialized or not) and there is also a low-fragmentation heap implementation.You can use VMMap to see where the heaps are in virtual memory but you should not rely on this information. ASLR will move them if you reboot your computer.