Explain the process-separation mechanisms implemented in Windows operating systems and ways in which attackers can subvert these protections. Windows uses one of two modes for all processes. User Mode is where all user-initiated processes are run. Kernel Mode is reserved for the operating system and its components, including device drivers. System memory is divided into two main sections: one for User Mode and one for Kernel Mode.

Within User Mode, each process is allocated its own memory space. For a thread to execute an instruction, the instructions must be located in the process memory space in which that thread exists. Threads from one user process cannot access or alter memory that belongs to another user process.

By loading ...