Author: pfabrice37
Subject: Process default heap
Posted: 25 May 2013 at 10:24pm
Hi,
Subject: Process default heap
Posted: 25 May 2013 at 10:24pm
Hi,
I'm looking for a way to dump and restore the default heap for a win32 process.
Ideally, I'd like to store it in a section of the executable. I'm doing this in C.
I know the structure of PE exec. What I don't know is how the default heap is allocated at first.
Is there a way to force its base virtual address? My concern is that there
are pointers in the data I expect to dump, so I'd like to restore the
heap at the same virtual address it has been dumped. Or maybe there
is some trick to achieve the same effect by looking at another level (pages).
Any idea will be welcome.
Thanks in advance,
Fabrice