Assembly of data in other memory regions
It is possible to execute data in a different memory region out of the process' image space. Similar to how code was executed at the stack space, memory spaces, such as the heap and newly allocated space, can be used to manipulate data and run the code. This is a common technique used not only by malware, but also by legitimate applications.
Accessing the heap requires calling APIs, such as HeapAlloc
(Windows) or generally malloc
(Windows and Linux). A default heap space is given for every process created. Heap
is generally used when asking for a small chunk of memory space. The maximum size of a heap varies between operating systems. If the requested size of the memory space being requested for allocation doesn't fit the current heap space, HeapAlloc
or malloc
internally calls for VirtualAlloc
(Windows) or sbrk
(Linux) functions. These functions directly requests memory space from the operating system's memory manager.
Allocated memory space have...