Process Memory Basics for Reverse Engineers Module 1 - Watching Memory Allocations With a Debugger (Patreon)

This is the first in a short three-part series on memory allocation with a focus on tracking memory with a debugger. In this tutorial we look at the basics, how is memory allocated, and how to follow memory allocations with x64dbg.

Further Reading

• X64dbg (hopefully you already have this installed) 
• X64dbg command line reference  
• NtAllocateVirtualMemory Documentation 
• Allocating 32-bit memory on 64-bit systems (Stack Overflow) 
• PEB Documentation 

Hands-On Example

Attached to this post is the compiled example we analyzed in the tutorial. You are encouraged to analyze the binary with x64dbg. See if you can watch all of the memory allocations with a breakpoint on NtAllocateVirtualMemory.