Windows internals

From Cheat Engine
Jump to navigation Jump to search
This entry needs a lot of work. Please contribute if you can.

Check this page to see if there are some suggestions for adding to Windows internals.

Each process can be separated into 2 parts, it's own virtual memory, and the virtual memory of the kernel

Page table in win 32 is located at virtual address 0xc0000000

IDT of the first CPU is usually located at 0x8003f400 (physical address 0x3f400). Other processors's, hyperthreaded or not, are located at random locations

The GDT is usually right in front of the IDT of the main cpu (usually at 0x8003f000, physical=3f000), and used by all cpus

KiFastSystemCall is called by int 0x2e and sysenter