Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cracking the perimeter > Windows Memory Layout > Flashcards

Windows Memory Layout Flashcards

1
Q

The Kernel Land portion of memory is reserved for?

A

Reserved by the OS for device drivers, system cache, paged/non-paged pool, HAL, etc. There is no user access to this portion of memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is EPROCESS?

A

A Windows processes executive process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does EPROCESS contain?

A

Attributes and structures related to data structures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is PEB and what does it contain?

A

The Process Environment Block resides in user-accessible memory and contains various user-mode parameters about the running process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do Symbol Files provide?

A

Provide useful, descriptive information for functions, variables, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is TEB and what does it contain?

A

The Thread Environment Block stores information for the image loader and various Windows DLLs, as well as the location for the exception handler list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What resides in the process address space since user-mode components require writable access.

A

TEB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a DLL?

A

Dynamic Link Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

[Immunity] Shortcut for Executable Mode?

A

ALT+E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In an x86 memory map, what are the relevant Low Memory Address space components?

A

Stack, Heap, Program Image, DLLs, TEB(s), PEB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In an x86 memory map, where does the executable reside?

A

Program Image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In the Program Image, where does the executable code/CPU instructions reside?

A

.text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In the Program Image, where does the program’s global data reside?

A

.data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the Program Image, where does the program’s non-executable resources, including icons, images, and strings, reside?

A

.rsrc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The dynamically allocated portion of the memory is also known as?

A

The Heap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Unlike the stack, what component’s memory allocation must be managed by the application?

A

The Heap

17
Q

What is the stack used for?

A

The Stack is used to allocate short-term storage for local (function/method) variables in an ordered manner and that memory is subsequently freed at the termination of the given function

18
Q

The Stack is what kind of structure?

A

Last In First Out (LIFO), meaning the last item in is the first item out

19
Q

Each time a stack frame is created, a series of instructions executes to store arguments and the return address, save the base pointer of the current stack frame, and reserve space for any local variables of a what?

A

A function

cracking the perimeter (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions