StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2821219
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2010-05-12T17:27:29.173
FavoriteCount
0
LastActivityDate
2010-05-13T08:06:53.650
LastEditDate
2010-05-13T08:06:53.650
LastEditorUserId
267256
OwnerUserId
267256
ParentId
2050829
PostTypeId
2
Score
1
ViewCount
0
LastEditorDisplayName
text
Body
Global Data By "Global" I'm going to assume you mean all the data that is not dynamically allocated using new, malloc, HeapAlloc, VirtualAlloc etc - the data that you may declare in your source code that is outside of functions and outside of class definitions. You can locate these by loading each DLL as a PE File in a PE file reader and determining the locations of the .data and .bss sections (these may have different names for different compilers). You need to do this for each DLL. That gives you the general locations for this data for each DLL. Then, if you have debugging information, or failing that, a MAP file, you can map the DLL addresses against the debug info/mapfile info to get names and exact locations for each variable. You may find the <a href="http://www.objectmedia.ltd.uk/freeSoftware/peFileDLL.html" rel="nofollow noreferrer">PE Format DLL</a> helps you perform this task much easier than writing the code to query the PE file yourself. Thread Stacks Enumerate the threads in the application using ToolHelp32 (or PSAPI library if on Windows NT 4). For each thread, get the thread context and read the ESP register (RSP for x64). Now do a VirtualQuery on the address in the ESP/RSP register read from each context. The 1MB (default value) region around that address (start at mbi.AllocationBase and work upwards 1MB) is the stack location. Note that the stack size may not be 1MB, you can query this from the PE header of the DLL/EXE that started the thread if you wish. EDIT, Fix typo where I swapped some register names, thanks @interjay
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow can I locate a process' global and stack areas in Win32?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USStephen Kellett
UserOwnerUserId
1. USStephen Kellett
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. CODid you mean ESP instead of EIP?
 singulars
 PostPostId
 PO
 UserUserId
 USinterjay
2. CO@interjay. Whoops! Yes I did. ESP/RSP rather than EIP/RIP. Edited the article to fixup. Thank you for the save.
 singulars
 PostPostId
 PO
 UserUserId
 USStephen Kellett

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.