DocumentCode :
3012896
Title :
VAD: A Detail Investigation into Process´s Memory
Author :
Li, Xudong ; Zhang, Chunxia ; Lin, Xing ; Lin, Shuguang
Author_Institution :
Software Coll., Nankai Univ., Tianjin, China
Volume :
1
fYear :
2009
fDate :
11-14 Dec. 2009
Firstpage :
531
Lastpage :
536
Abstract :
This paper discusses a process´ s memory layout on Windows. We describe the structures of the Virtual Address Descriptor (VAD) and AVL tree of VADs in Windows Research kernel (WRK), and how to extract useful information from these structures, and how to locate process heaps using PEB. We recommend a way to get process´ s memory layout in user space using VAD tree traverse on WRK, which is illustrated by one full example. We also present that how to reserve, commit and release memory.
Keywords :
operating system kernels; AVL tree; Windows research kernel; process enviroment block; process memory; virtual address descriptor; virtual page number; Computational intelligence; Data mining; Data structures; Educational institutions; Forensics; Kernel; Memory management; Operating systems; Security; Space technology; AVL Tree; Memory; Process; Process Enviroment Block (PEB); Virtual Address Descriptor (VAD); Virtual Page Number(VPN); Windows Research Kernel (WRK);
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computational Intelligence and Security, 2009. CIS '09. International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5411-2
Type :
conf
DOI :
10.1109/CIS.2009.130
Filename :
5375915
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3012896
بازگشت