Windows Memory Layout Flashcards Preview

OSCE > Windows Memory Layout > Flashcards

Flashcards in Windows Memory Layout Deck (11)
Loading flashcards...
1
Q

Kernel land

A

0x7fffffff to 0xffffffff

2
Q

Peb range

A

0x7ffdf000 and higher

3
Q

Userland

A

0x00000000 to 0x7fffffff

4
Q

Win32 layout

A
0x00000000
                                Stack [grows to lower address]
                                Heap [grows to higher address]
0x00400000  Program image
                                DLL
                                TEB
0x7ffdf0000   PEB
============
0x7fffffff to 0xffffffff Kernel land
5
Q

Executive process is?

A

Structure containing process attributes and pointers to related data structures

6
Q

Process Environment Block

A

EPROCESS structure inside user land

7
Q

Thread

A

Threads serve as the basic unit to which OS allocates processor time

8
Q

TEB

A

Thread env block stores

  1. context information for image loader and various windows dll
  2. location of exception handler list
9
Q

DLL

A

Shared code libraries which allow for efficient code reuse and memory allocation

10
Q

Program Image

A

This memory location is where executable resides.
.text contains executable code
.data contains global variables
.rsrc non exec resources such as icons, text and strings

11
Q

Heap

A

Arbitrary but persistent portion of memory used to store global variables.
The memory allocation at heap is managed by the application.
Memory is freed when program terminates or voluntarily frees itself.