further to the thread Predefined WNDCLASSEX? Any dis-/advantage? I ponder upon how it works. If I start a program hInstance points at address 400000h as the start position for the code. If I start another program that code also starts at address 400000h. At least I think so. If the first program is running in the background it uses stack and registers at the same time as I am running the other program. This means that both programs uses for example EAX at the same time. To my question. Are there more registers and stacks or are there one set for each program or how does it works. How can a program find its register, stack and code start point.
Posted on 2002-12-04 03:00:21 by minor28
The OS saves and restores each program's registers when it switches tasks. :)
Posted on 2002-12-04 04:43:05 by S/390

What happens is that the operating system provides a seperate memory space for each running EXE file that has the same starting address for each program.

The mechanics of this are done in the operating system's loader so you don't really have to worry much about it. With each PE EXE file you write, the starting address is almost always 400000h and this is how these EXE files run in a multitasking environment.

A DLL is a different matter as it can be used by more than one program so it does not have a fixed starting address, this is determined at load time by the operating system. It is usually referred to as "relocation".

When you have a bit more work done and if you are interested, there is a lot of data available on the file format of PE files and that will give you a very good idea of how the OS loader and PE files work.


Posted on 2002-12-04 04:54:32 by hutch--
An exe file almost always loads at 40000h in the memory. So therefore the hinstance is almost always 40000h.
Posted on 2002-12-04 05:49:06 by roticv
Out of curiosity (though I suppose it probably doesn't make a difference) would using org 100000h (or anything other than 40000h) affect where your program would begin in memory?

Speaking of the stack, I was looking at the thread about constructing strings on the stack (here). I noticed he was doing

mov ebp, esp

mov dword ptr[ebp-8], "TATS"

I tried it last night, but increasing from ebp instead of coming from underneath. Ie, I was doing

mov dword ptr[ebp+4], "lleH"

Is either way fine? The stack pointer decreases when you use push, so maybe this isn't a good way to do it :confused:
Posted on 2002-12-04 12:22:32 by Miko
Thanks Hutch

Interesting answer. I searched the web and found that PE means Portable executeble file format. Understood a few words. I take your advice and don't worry and when I have a bit more work done I might come back to PE and OS loader.

Posted on 2002-12-04 13:31:46 by minor28