PwnSec Notes
  • AppSec
    • General Notes
    • Payloads
    • Fuzzing
    • Code Review
    • ReDos
    • SSTI
    • LFI-RFI
    • PHP Tricks
    • Javascript
    • Serialization
    • SQL Injection
    • JWT
    • GraphQL
    • Side Channel
    • Command Execution
    • WebSockets
    • Ruby
    • 0Auth
    • Latex Injection
    • NoSQL
    • JS Analysis
    • Apache Lucene
  • Forensics
    • Basics
    • Network Captures
    • Windows Logs
    • Memory
    • Browser
    • Threat Intelligence
    • Disk
  • Binary-Exploitation
    • Concepts
    • Binary Analysis
    • Debugging
    • Shellcodes
  • Malware-Analysis
    • Memory Mapping
    • Macros
    • Unpacking
    • Analysis
    • Resources
  • Reverse-Engineering
    • GDB basics
    • MASM Basics
    • Decompilers
    • Useful Codes
  • Services
    • SNMP
    • Grafana
    • Consul
  • Network Pentesting
    • C2 Servers
    • Pivoting
    • CrackMapExec
    • Kubernetes
    • Docker
  • MISC
    • Slack
    • Git
    • Pyjails
    • Privilege Escalation
    • Python LOL Code
  • Cloud Hacking
    • AWS S3
    • AWS Cognito
  • Mobile Pentesting
    • Frida
    • ADB
    • Drozer
    • Smali
    • Static Analysis
    • Dynamic Analysis
    • Bypass SSL Pinning
    • APK Labs
    • Android Malwares
    • Abusing Firebase
    • Root Detection
Powered by GitBook
On this page
  1. Malware-Analysis

Memory Mapping

PreviousMalware-AnalysisNextMacros

Last updated 2 years ago

Memory-mapping is a mechanism that maps a portion of a file, or an entire file, on disk to a range of addresses within an application's address space. The application can then access files on disk in the same way it accesses dynamic memory.

Unmaping mechanism

To unmap the PE file manually we must make Raw Addr = Virtual Addr and Raw Size = Virtual size

PE-bear used to unmap the PE file

mapped
unmapped