Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question

[BlueSkeye]

I don't understand what you mean by "cave between sections". As I understand, the PE loader allocates a memory block for each section. However these blocks are disjoint and it seems memory areas between sections are undefined. Am I missing something ?

[hasherezade]

I redone the slides about PE, and included information about caves there: https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module1/Module1_2_pe.pdf - please let me know if it clarifies this concept.

[BlueSkeye]

Mod1.2PE refactoring and enhancement makes it much more readable. Good job. S15 (section caves) is very clear for me. So I suggest to rephrase in Mod1.3Shellcodes/S3 "cave between sections" --> "section caves"