Hacking/Windows internals

From Skypher

▼Main Page ├─▷Programming └─▼Hacking   ├─▷Shellcode   ├─▼Windows internals   │ ├─○PE   │ ├─▷DLL   │ ├─▷Process   │ ...   ├─○Vulnerabilities   ├─○Heap spraying   └─○List of security teams contact information

---

This page aims to explain the basics of windows internals using OllyDbg v2 as a tool to view these internals.

When an executable is started a new process is created. Each process gets an address space and memory is mapped into this address space in which various things are loaded or created by Windows before the executable can start running. Here is a list of some of the more important things:

• All Windows user land libraries (kernel32.dll', ntdll.dll, etc...).
• The executable itself.
• All libraries that the executable imports.
• The PEB, which stores information about the process.
• A TEB for the main thread.
• A stack for the main thread.
• One or more heaps.

Once all this is done, the main thread starts executing code at the entry point of the main executable.