Difference between revisions of "Windows internals"
Jump to navigation
Jump to search
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Help]] | ||
{{NeedWork}} | {{NeedWork}} | ||
| + | Each process can be separated into 2 parts, it's own virtual memory, and the virtual memory of the kernel | ||
| + | |||
Page table in win 32 is located at virtual address 0xc0000000 | Page table in win 32 is located at virtual address 0xc0000000 | ||
| + | |||
| + | IDT of the first CPU is usually located at 0x8003f400 (physical address 0x3f400). Other processors's, hyperthreaded or not, are located at random locations | ||
| + | |||
| + | The GDT is usually right in front of the IDT of the main cpu (usually at 0x8003f000, physical=3f000), and used by all cpus | ||
| + | |||
| + | KiFastSystemCall is called by int 0x2e and sysenter | ||
| + | |||
... | ... | ||
| − | |||
Latest revision as of 14:14, 19 March 2017
| This entry needs a lot of work. Please contribute if you can. Check this page to see if there are some suggestions for adding to Windows internals. |
Each process can be separated into 2 parts, it's own virtual memory, and the virtual memory of the kernel
Page table in win 32 is located at virtual address 0xc0000000
IDT of the first CPU is usually located at 0x8003f400 (physical address 0x3f400). Other processors's, hyperthreaded or not, are located at random locations
The GDT is usually right in front of the IDT of the main cpu (usually at 0x8003f000, physical=3f000), and used by all cpus
KiFastSystemCall is called by int 0x2e and sysenter
...
