Code\Data segment overlapping

Question

When i look at the registers window in Olly I see that both the Code segment and the Data segment registers span the the whole memory space. Does it mean that they overlap each other ?

When I look at the memory map it seems that its populated with both code areas and data areas.

Answer 1

On win32 nearly all segment registers go from 0 to 0xffffffff. So, yes, you could say they overlap. You could for example freely exchange the segment registers in the code (but the opcode for the instruction usually gets bigger because of a prefix).

One exception is the FS register. It is set differently for each thread in a process and can be used to locate the Thread Information Block.

Windows uses memory protection to try to keep data and code savely apart. If you look at the memory map, you see which memory blocks have "E" (execute protection) in the "Access" column. This is probably all code and has no "W" (write protection).