CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 5 of 5
  1. #1
    Join Date
    Oct 2013
    Posts
    8

    windows api related

    I am confused as to how a process gets virtual address space and then the OS maps the exe and also maps the references to the DLL used for windows api. When the software interrupt occurs the system goes into kernel mode and I would think that the kernel would then load the DLL into memory...but wait, isn't the user process supposed to load the DLL ? How does the reference of the DLL go from user space to loading the DLL in kernel space?

  2. #2
    2kaud's Avatar
    2kaud is offline Super Moderator Power Poster
    Join Date
    Dec 2012
    Location
    England
    Posts
    7,822

    Re: windows api related

    The best book for this sort of explanation of how the internals of windows work is
    Windows Internals by Mark Rossinovich

    http://www.amazon.co.uk/Windows-Inte..._bxgy_b_text_y

    There are part1 and part2. Part 2 covers memory.
    All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

    C++23 Compiler: Microsoft VS2022 (17.6.5)

  3. #3
    Join Date
    Oct 2013
    Posts
    8

    Re: windows api related

    by reading the section on memory management, basically what I got from it is that a user process is able to load a DLL into kernel space and then the processor switches modes to kernel mode in order to call the function from the DLL and execute it. Can someone please confirm that this is how it works? thank you.

  4. #4
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: windows api related

    You're going to get more responses if you post in the appropriate forum:
    C++ and WinAPI

  5. #5
    Join Date
    Apr 2000
    Location
    Belgium (Europe)
    Posts
    4,626

    Re: windows api related

    an exe or dll is never "loaded in memory".
    the exe/dll image is mapped into the virtual process space, and any pages being accessed are paged in (and later discarded) as per system demand.

    On Win32: The upper part of the virtual memory range is reserved for the kernel, when the exe starts, the OS will map the appropriate parts of the kernel there so the various system dll's (mainly ntdll) can call into the kernel.

    onWin64: the same is true for WIn64 apps
    Win32 on Win64 is a bit different, the OS doesn't need to map any kernel into the 32bit application space since calling into the kernel is done by a switch to 64bit mode (from the system dlls).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured