-
October 14th, 2013, 09:57 PM
#1
windows api related
I am confused as to how a process gets virtual address space and then the OS maps the exe and also maps the references to the DLL used for windows api. When the software interrupt occurs the system goes into kernel mode and I would think that the kernel would then load the DLL into memory...but wait, isn't the user process supposed to load the DLL ? How does the reference of the DLL go from user space to loading the DLL in kernel space?
-
October 15th, 2013, 05:10 AM
#2
Re: windows api related
The best book for this sort of explanation of how the internals of windows work is
Windows Internals by Mark Rossinovich
http://www.amazon.co.uk/Windows-Inte..._bxgy_b_text_y
There are part1 and part2. Part 2 covers memory.
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
C++23 Compiler: Microsoft VS2022 (17.6.5)
-
October 15th, 2013, 01:21 PM
#3
Re: windows api related
by reading the section on memory management, basically what I got from it is that a user process is able to load a DLL into kernel space and then the processor switches modes to kernel mode in order to call the function from the DLL and execute it. Can someone please confirm that this is how it works? thank you.
-
October 20th, 2013, 12:22 AM
#4
Re: windows api related
You're going to get more responses if you post in the appropriate forum:
C++ and WinAPI
-
October 21st, 2013, 08:06 AM
#5
Re: windows api related
an exe or dll is never "loaded in memory".
the exe/dll image is mapped into the virtual process space, and any pages being accessed are paged in (and later discarded) as per system demand.
On Win32: The upper part of the virtual memory range is reserved for the kernel, when the exe starts, the OS will map the appropriate parts of the kernel there so the various system dll's (mainly ntdll) can call into the kernel.
onWin64: the same is true for WIn64 apps
Win32 on Win64 is a bit different, the OS doesn't need to map any kernel into the 32bit application space since calling into the kernel is done by a switch to 64bit mode (from the system dlls).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|