OSDev.org

The Place to Start for Operating System Developers
http://forum.osdev.org./

How does windows kernel know the process requesting a syscal

http://forum.osdev.org./viewtopic.php?t=30298

Page 1 of 1

How does windows kernel know the process requesting a syscal

Posted: Sun Apr 17, 2016 3:56 pm
by cchapman
Hi,
When doing a sycall on windows from user mode to kernel mode (say calling openfile).
How does the kernel know what EPROCESS he should updated with the handle of the
file that was opened, since whats passed in the syscall doesnt contain any process identifier.

I think what probably happened is that since the CR3 register will stay the same through the call
then some code in the kernel eventually looks into the PEB of the address space pointed to by CR3
and then he knows the process ID and thus can iidentiify the EPROCESS and add to the handle list.

Is this how it works ?
Regadrs
Chrstian

Re: How does windows kernel know the process requesting a sy

Posted: Sun Apr 17, 2016 4:07 pm
by alexfru
I believe, it's simply the current one for that CPU. When the scheduler picks another process/thread to run on a CPU, it updates the pointers to the current process/thread structures.

Re: How does windows kernel know the process requesting a sy

Posted: Mon Apr 18, 2016 12:35 am
by cchapman
Hi,

>> I believe, it's simply the current one for that CPU.
Oh ok, so the current thread/process executing is still being referenced by the kernel so anything that thread does
i.e open a file etc , he knows what EPROCESS to update based on the current context.
Thanks
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited