Processes and Call Stacks

In Windows, our process information looks something like this. On the left list here we have our process. Within it we have code sections, global variables, process heap, process resources, open files and handles, our environment block, and thread info which include our thread local storage, and stack data. And within the call stack, we have various frames which will unwind with our process, with the bottom-most function frame being the beginning of the call stack. This usually starts with a prologue involving LdrpInitializeProcess, BaseThreadInitThunk, and RtlUserThreadStart.

Inside a Process Block: Code: Executable instructions Global variables: Variables accessible throughout the process Process heap: Dynamic memory allocation Process resources: System resources assigned to the process Open files and handles: Files the process has opened for reading or writing Environment block Threads/Thread Local Storage Stack

Inside a Call Stack: Frame 0: Top-level function frame. Frame 1: Calling function's frame. Frame 2: Caller of Frame 1's function frame. Frame 3: Caller of Frame 2's function frame. Frame N: Bottom-most function frame.