08-05-2012, 11:35 AM
Windows NT Architecture
Seminar.pptx (Size: 906.08 KB / Downloads: 45)
Privilege Checks
The x86 architecture supports four different privilege levels (numbered 0 to 3)
only the two extreme privilege levels are used.
User mode programs are run with Privilege Level 3
The kernel runs with Privilege Level 0.
Access Checks On Memory
A segment selector for destination is loaded into the Code-Segment register(CS).
CS cannot be modified directly. Only implicitly through JMP, CALL, RET, INT, IRET, SYSENTER and SYSEXIT instructions.
DPL (Descriptor Privilege Level) defines the lowest level of privilege that has access (numerically highest).
Then processor checks to make sure that the current privilege level is >= DPL.
Libraries
We’ve all been to a library, but what is a library in programming?
A collection of precompiled routines or functions that a program can use.
We put commonly used routines in a library so we don’t have to re-write them
Example: sorting a list of numbers
Windows uses a special kind of library called Dynamic Link Libraries
DLLs
DLL stands for ‘Dynamic Link Library’.
A DLL is: A library of executable functions or data that can be used by a Windows application. Example: user32.dll, kernel32.dll
DLLs provide one or more functions that a Windows program accesses by creating a link to the DLL.
The word “Dynamic” means that the link is created whenever the function or data is needed (i.e., while the program is running) instead of being linked at compile time
DLLs can also contain just data--icons (e.g., shell32.dll), fonts, text, etc.
A DLL’s extension is usually .dll, but may be .sys, .fon, .drv, etc