tailieunhanh - Windows Internals covering windows server 2008 and windows vista- P8

Windows Internals covering windows server 2008 and windows vista- P8: In this chapter, we’ll introduce the key Microsoft Windows operating system concepts and terms we’ll be using throughout this book, such as the Windows API, processes, threads, virtual memory, kernel mode and user mode, objects, handles, security, and the registry. | NtCreateUserProcess calls MmCreatePeb which first maps the systemwide national language support NLS tables into the process s address space. It next calls MiCreatePebOrTeb to allocate a page for the PEB and then initializes a number of fields which are described in Table 5-7. table 5-7 Initial Values of the Fields of the PEE Field Initial Value InwgeBtseAMrea Base address of sect ion N umberOfProcesson K l umberProcessoTî kernel variable NtüíobaíFlag NtGlotxilFlag kernel variable CribađĩetiìịârfniẹÍM MmCriticữlSíữioiiĩimeũưị kernel variable HeapSegmenffteserve MmHeapSeÿmentfïeserre kernel variable Heaps eÿme jf Comm it UtrnHeapiegmentCornrnii kernel variable HeapDeCommtfTottifreeThres iold MmHeapDeCommitToinlFreeThreihoid kernel variable HeapDeComrriitFreeBlockTbreshoíd MmHeopOeCwnmifFreefiJocJkrhneiftiVrf kernel variable N ưmberOfrỈ ữps 0 Field Initial Value ưmàerp ecip-S Size of a page- size of a PEB 4 frocessjneapï First byte after PEE kernel variable ỮSẤ KeActivefrocessovs or 1 MmRotatingUniprocessorfJumber kernel variable for iin processor-only Images Result ofMoiffefSeisfonfcf ImageSưbSyĩtem Option alHeader. Subsystem mageSưbSyỉtemM ạịữrVer .ior Option alHeader. MajorSubsystemVersion ImageSubSystemMinorVersion Option alHeader. Mi norSubsystemVersion OỈMạịữrVĩrỉion NtMqjorYersion kernel variable OỈMinorVĩrỉion NiMmtrVersioii kernel variable ŨSBuMN ưrĩìb r NtBuildN imber kernel variable S 0x3FFF combined with CmNtCSDVenion for service packs OSPlatformld 2 However if the image fi le specifi es explicit Windows version or affi nity values this information replaces the initial values shown in Table 5-7. The mapping from image information fi elds to PEB fi elds is described in Table 5-8. TABLES- Windows Replacements for Initial PEB Values Field Name Value Taken from linage Header OỈMạịữrVerỉion CUFF OSMjnwVersrán Optional 8 Ä OxFF O5ßü dN mfter Optional 16 Qx3FFF combined

TỪ KHÓA LIÊN QUAN