Quote:
Originally Posted by gigaman
But since the PE loader actually rounds the virtual size up to the page size only (0x1000) when mapping the image...
|
PE Loader rounds virtual size to "Section Alignment" value, which is specified in header. On NT even user-space programs can have virtual alignment not only on 4096 bytes, but on 4 bytes, for example. Whole page is reserved in this case by loader, and sections with different access rights must be aligned on physical page boundaries, cause you cannot make 32 first bytes just read/write, and other 32 bytes only read/executable