Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OSCE Prep > Windows Memory > Flashcards

Windows Memory Flashcards

1
Q

Kernel Land

A

This portion of memory is reserved by the OS for device drivers, system cache, paged/non-paged pool, HAL, etc. There is no user access to this portion of memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PEB(s)

A

Every Windows process has an executive process (EPROCESS) structure that contains process attributes and pointers to related data structures. While most of these EPROCESS structures reside in Kernel Land, the Process Environment Block (PEB) resides in user-accessible memory. The PEB includes information such as the base address of the image (executable), the location of the heap, the loaded modules (DLLs), and Environment variables (Operating system, relevant paths, etc).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TEB(s)

A

Just like each program/process has a PEB, each thread has a Thread Environment Block (TEB). The TEB stores context information for the image loader and various Windows DLLs, as well as the location for the exception handler list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DLLs

A

Windows programs take advantage of shared code libraries called Dynamic Link Libraries (DLLs) which allows for efficient code reuse and memory allocation. These DLLs (also known as modules or executable modules) occupy a portion of the memory space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

OSCE Prep (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions