How does windows kernel know the process requesting a syscal

Discussions on more advanced topics such as monolithic vs micro-kernels, transactional memory models, and paging vs segmentation should go here. Use this forum to expand and improve the wiki!
Post Reply
cchapman
Posts: 2
Joined: Sun Apr 17, 2016 3:47 pm

How does windows kernel know the process requesting a syscal

Post by cchapman »

Hi,
When doing a sycall on windows from user mode to kernel mode (say calling openfile).
How does the kernel know what EPROCESS he should updated with the handle of the
file that was opened, since whats passed in the syscall doesnt contain any process identifier.

I think what probably happened is that since the CR3 register will stay the same through the call
then some code in the kernel eventually looks into the PEB of the address space pointed to by CR3
and then he knows the process ID and thus can iidentiify the EPROCESS and add to the handle list.

Is this how it works ?
Regadrs
Chrstian
alexfru
Member
Member
Posts: 1112
Joined: Tue Mar 04, 2014 5:27 am

Re: How does windows kernel know the process requesting a sy

Post by alexfru »

I believe, it's simply the current one for that CPU. When the scheduler picks another process/thread to run on a CPU, it updates the pointers to the current process/thread structures.
cchapman
Posts: 2
Joined: Sun Apr 17, 2016 3:47 pm

Re: How does windows kernel know the process requesting a sy

Post by cchapman »

Hi,

>> I believe, it's simply the current one for that CPU.
Oh ok, so the current thread/process executing is still being referenced by the kernel so anything that thread does
i.e open a file etc , he knows what EPROCESS to update based on the current context.
Thanks
Post Reply