Windows Memory Layout Flashcards Preview

OSCE > Windows Memory Layout > Flashcards

Flashcards in Windows Memory Layout Deck (11):
1

Kernel land

0x7fffffff to 0xffffffff

2

Peb range

0x7ffdf000 and higher

3

Userland

0x00000000 to 0x7fffffff

4

Win32 layout

0x00000000
Stack [grows to lower address]
Heap [grows to higher address]
0x00400000 Program image
DLL
TEB
0x7ffdf0000 PEB
============
0x7fffffff to 0xffffffff Kernel land

5

Executive process is?

Structure containing process attributes and pointers to related data structures

6

Process Environment Block

EPROCESS structure inside user land

7

Thread

Threads serve as the basic unit to which OS allocates processor time

8

TEB

Thread env block stores
1. context information for image loader and various windows dll
2. location of exception handler list

9

DLL

Shared code libraries which allow for efficient code reuse and memory allocation

10

Program Image

This memory location is where executable resides.
.text contains executable code
.data contains global variables
.rsrc non exec resources such as icons, text and strings

11

Heap

Arbitrary but persistent portion of memory used to store global variables.
The memory allocation at heap is managed by the application.
Memory is freed when program terminates or voluntarily frees itself.