I am trying to learn more about how to read process memory. So I opened the "whole memory" of the Firefox process in WinHex and saw the following hexadecimal values, starting at offset 10000.
00 00 00 00 00 00 00 00 EC 6B 3F 80 0C 6D 00 01 EE FF EE FF 01 00 00 00
My question is: Is it possible for a person to interpret this without additional knowledge? Are these pointers or values? Is there something that is common to different programs created with different compilers regarding process memory, other than things like endianness? Why does it start with a lot of zeros, isn't that a very weird way to start using space?
David source
share