2009-06-12 11:39:26 UTC
i'm writing small experimental debugger but stack with problem of
finding where data and where code is defined in memory.
I'm using standard windows WaitForDebugEvent, and after i got
CREATE_PROCESS_DEBUG_EVENT i'm detecting module baseAddress and size
(also fileName if LOAD_DLL event is occurred). With
that I can read memory of associated module (i'm having same logic for
LOAD_DLL event also).
After I read memory, I need to disassembly it. Now my problem is how
to detect which part of that memory belongs to code and which is for
data (is same memory shared for stack?).
So, my question is how to detect all parts of process memory to know
where is data, where is code, etc?