OS Structures, Security & Reverse Engineering

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/31

flashcard set

Earn XP

Description and Tags

how OS components fit together, how software interfaces with hardware, and how attackers or analysts manipulate those interactions

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

32 Terms

1
New cards

I/O (Input/Output)

data transfer between CPU/memory and external devices (disk, network, etc)

2
New cards

Device Driver

kernel module managing communication between hardware and OS

3
New cards

Interrupt Handler/ISR

function executed in response to an interrupt

4
New cards

DMA (Direct Memory Access)

allows hardware to transfer data directly to memory without CPU intervention

5
New cards

Polling

continuously checking device status (inefficient compared to interrupts)

6
New cards

System Clock

generates periodic interrupts used for timing and scheduling

7
New cards

Bootloader

initializes hardware and loads the OS kernel at startup

8
New cards

Monolithic Kernel

where all services (I/O, FS, drivers) run in kernel space (e.g., Linux)

9
New cards

Microkernel

where most services are in user space; more moduler (e.g., Minix)

10
New cards

System Call Interface (SCI)

boundary between user space and kernel space

11
New cards

Shell

user command interpreter (bash, PowerShell, etc)

12
New cards

File System

structure for storing and organizing data on disk

13
New cards

Inode (Unix)

data structure storing file metadata (permissions, owner, size, etc)

14
New cards

Process Control Block (PCB)

data structure storing process state (registers, stack pointer, memory info, etc)

15
New cards

PID (Process ID)

unique identifier for each process

16
New cards

Fork()

system call creating a new process by duplicating the current one (UNIX)

17
New cards

Exec()

system call that replaces current process image with a new program

18
New cards

Wait() / Sleep() / Exit()

common process management calls

19
New cards

Signals

software interrupts used for process communication (SIGINT, SIGKILL)

20
New cards

Pipes/Sockets

inter-process communication (IPC) mechanisms

21
New cards

User/Kernel Privilege Levels

CPU modes that restrict access to hardware (ring levels on x86: Ring 3 - user, Ring 0 = kernel)

22
New cards

Access Control

mechanisms that determine which users/processes can access which resources

23
New cards

Privilege Escalation

exploit allowing unauthorized elevation to higher privileges

24
New cards

System Call Hooking

intercepting system calls to alter or monitor behavior (often used in malware)

25
New cards

Sandbox

isolated environment restricting program access

26
New cards

Breakpoint

pauses program execution at a specific instruction

27
New cards

Disassembly

translating machine code into assembly code for analysis

28
New cards

Decompilation

translating binary code into approximate high-level code

29
New cards

Symbol Table

maps names of functions/variables to memory addresses (useful for debugging)

30
New cards

Import Table (PE Files)

lists external functions the program calls (e.g., Windows API Functions)

31
New cards

Obfuscation

making code intentionally hard to understand (used by malware)

32
New cards

Packers

compress/encrypt executables and unpack themselves at runtime