0x7fffffff to 0xffffffff
0x7ffdf000 and higher
0x00000000 to 0x7fffffff
0x00000000 Stack [grows to lower address] Heap [grows to higher address] 0x00400000 Program image DLL TEB 0x7ffdf0000 PEB ============ 0x7fffffff to 0xffffffff Kernel land
Executive process is?
Structure containing process attributes and pointers to related data structures
Process Environment Block
EPROCESS structure inside user land
Threads serve as the basic unit to which OS allocates processor time
Thread env block stores
- context information for image loader and various windows dll
- location of exception handler list
Shared code libraries which allow for efficient code reuse and memory allocation
This memory location is where executable resides.
.text contains executable code
.data contains global variables
.rsrc non exec resources such as icons, text and strings
Arbitrary but persistent portion of memory used to store global variables.
The memory allocation at heap is managed by the application.
Memory is freed when program terminates or voluntarily frees itself.