Mastering Reverse Engineering
上QQ阅读APP看书,第一时间看更新

Memory

When a Windows executable file executes, the system allocates a memory space, reads the executable file from the disk, writes it at predefined sections in the allocated memory, then allows the code to execute from there. This block of memory is called a process block and is linked to other process blocks. Basically, every program that executes consumes a memory space as a process.

The following screenshot shows a Windows Task Manager's view of the list of processes: