Abstract
A process is defined as a program under execution. Whether a program is clean or malicious, it needs to execute as a process to carry out its desired intention. In this chapter, we go through the various steps involved in loading a program as a process. We also explore the various components of a process and understand important concepts like virtual memory, which is a memory-related facility that is abstracted by the operating system (OS) for all processes running on the system. We also dissect the PE file format, which is used by all executable files in Windows, and explore how its various headers and fields are used by the OS to load the PE executable program as a process. We also cover other types of PE files, such as DLLs, and explore how they are loaded and used by programs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Abhijit Mohanta, Anoop Saldanha
About this chapter
Cite this chapter
Mohanta, A., Saldanha, A. (2020). Virtual Memory and the Portable Executable (PE) File. In: Malware Analysis and Detection Engineering. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-6193-4_4
Download citation
DOI: https://doi.org/10.1007/978-1-4842-6193-4_4
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-6192-7
Online ISBN: 978-1-4842-6193-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books