[panda-users] Base address
alessandro mantovani
alk13 at hotmail.it
Wed Apr 4 05:16:57 EDT 2018
Hi all,
I want to get the base address (and possibly the total offset) of a pe loaded into memory. I noted that the "osi_proc_struct" doesn't have any field for this so the only solution I can figure out (at the moment) is to get all the memory pages related to the process I want to study and then extract the start of the first page from this list of pages. The pages can be accessed using the pointer "OsiPage*" which is a field of the struct "osi_proc_struct", but I don't know if this method is correct and/or if other possible solutions exist. Is there any way to do this?
Thanks,
Alessandro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180404/9ce9a18c/attachment.html
More information about the panda-users
mailing list