Windows 7 Memory Management IV

Heap Manager

Most applications allocate smaller blocks than the 64-KB minimum allocation granularity possible using page granularity functions such as VirtualAlloc and VirtualAllocExNuma.

• Allocating such a large area for relatively small allocations is not optimal from a memory usage and performance standpoint.
• To address this need, Windows provides a component called the heap manager, which manages allocations inside larger memory areas reserved using the page granularity memory allocation functions.
• The allocation granularity in the heap manager is relatively small: 8 bytes on 32-bit systems, and 16 bytes on 64-bit systems.
• The heap manager exists in two places: Ntdll.dll and Ntoskrnl.exe. The C runtime (CRT) uses the heap manager when using functions such as malloc, free, and the C++ new operator.
• The most common Windows heap functions are:
• HeapCreate or HeapDestroy. Creates or deletes, respectively, a heap. The initial reserved and committed size can be specified at creation.
• HeapAlloc. Allocates a heap block.
• HeapFree. Frees a block previously allocated with HeapAlloc.
• HeapReAlloc. Changes the size of an existing allocation (grows or shrinks an existing block).
• HeapLock or HeapUnlock. Controls mutual exclusion to the heap operations.
• HeapWalk. Enumerates the entries and regions in a heap.

How to compile in the current frame in Emacs

;; compilation
(setq compilation-scroll-output t)
(add-to-list 'same-window-buffer-names "*compilation*")
(defun bury-compile-buffer-if-successful (buffer string)
  "Bury a compilation buffer if succeeded without warnings"
  (if (and
         (string-match "compilation" (buffer-name buffer))
         (string-match "finished" string)
         (not (with-current-buffer buffer
                (goto-char (point-min))
                (search-forward "warning" nil t))))
      (with-current-buffer buffer
        (goto-char (point-max))
        (run-with-timer 5 nil
          (lambda (buf)
            (bury-buffer buf)
            (switch-to-prev-buffer (get-buffer-window buf) 'kill))
             buffer))))
(add-hook 'compilation-finish-functions 'bury-compile-buffer-if-successful)

This setting will ask Emacs to compile in the current frame. If there is no error, the compilation buffer will close after 5 seconds; otherwise, it will stop at the first error.

How to enable spell check (Aspell) in Emacs

;; use Aspell
(require 'go-mode-load)
(add-hook 'go-mode-hook
  (lambda ()
    (setq-default)
    (setq tab-width 2)
    (setq standard-indent 2)
    (setq indent-tabs-mode nil)))

How to set line wrap and fill prefix in Emacs

;;line wrap                                                    
(setq-default fill-column 80)
(global-visual-line-mode 1)     ; 1 for on, 0 for off.
(setq-default fill-prefix " ")

This is especially useful when you write latex document.

Emacs Sr-speedbar

;; speedbar
(require 'sr-speedbar)
(setq sr-speedbar-width 20)           ; width
(setq sr-speedbar-max-width 20)
(setq sr-speedbar-right-side nil)     ; put it to the left
(setq speedbar-show-unknown-files t)  ; show all files
(sr-speedbar-open)
(with-current-buffer sr-speedbar-buffer-name
  (setq window-size-fixed 'width))  ; keep width after resize window

Understanding an example Shellcode

Example:

1 xor ebx, ebx
2 mov ebx, fs:[0x30]
3 mov ebx, [ebx + 0x0c]
4 mov ebx, [ebx + 0x1c]
5 mov ebx, [ebx]
6 mov ebx, [ebx + 0x08]

Instruction 1: xor ebx, ebx
clear ebx

Instruction 2: mov ebx, fs:[0x30]
get a pointer to the PEB

Graphical PE Format Explanation

This diagram explains the PE layout after Windows OS Loader loads the image into the memory. The image used here is notepad.exe.

References:
http://msdn.microsoft.com/en-us/library/ms809762.aspx
http://www.csn.ul.ie/~caolan/pub/winresdump/winresdump/doc/pefile2.html