|This entry needs a lot of work. Please contribute if you can. |
Check this page to see if there are some suggestions for adding to Windows internals.
Each process can be separated into 2 parts, it's own virtual memory, and the virtual memory of the kernel
Page table in win 32 is located at virtual address 0xc0000000
IDT of the first CPU is usually located at 0x8003f400 (physical address 0x3f400). Other processors's, hyperthreaded or not, are located at random locations
The GDT is usually right in front of the IDT of the main cpu (usually at 0x8003f000, physical=3f000), and used by all cpus
KiFastSystemCall is called by int 0x2e and sysenter