kernel stuff base adresses

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
Delfi
Posts: 76
Joined: Sat Nov 27, 2004 8:45 pm

kernel stuff base adresses

Post by Delfi »

I done comparing of os system files from ROS and WNT and here are some vierd things:

the kernel hal dll functions start at different adress bases:
WXP: READ_PORT_BUFFER_UCHAR $80015E20 81
ROS: READ_PORT_BUFFER_UCHAR $00016630 78

well i thought that system files are all above the $80000000 - kernel adress space
where your hal.dll ends up at $00011000 and xp hal ends up at 80010400 :/
your ntoskrnl ends up at $C0001000 and xp one ends up at 00400580.. ??

this is important as some programs try to detect os system files this way..
this is also present on most windows dll's like advapi.dll..

ntoskrnl.exe has also some serious "have a nice day - unimplemented" wishes
to be exact 20 of them.

GvG
Posts: 499
Joined: Mon Nov 22, 2004 10:50 pm
Location: The Netherlands

Re: kernel stuff base adresses

Post by GvG »

Delfi wrote:well i thought that system files are all above the $80000000 - kernel adress space
where your hal.dll ends up at $00011000 and xp hal ends up at 80010400 :/
your ntoskrnl ends up at $C0001000 and xp one ends up at 00400580.. ??
You're basically right. When running in "normal" mode, 0x00000000 - 0x7fffffff is user memory (a range at the top is reserved though) and 0x80000000 - 0xffffffff is kernel memory. When you boot Windows with the /3GB switch the border is 0xc0000000 instead of 0x80000000.
Up until now ReactOS has basically been running in /3GB mode, with the border at 0xc0000000. The first page of an executable (NTOSKRNL.EXE in this case) contains some header info, that's why the executable code starts at 0xc0001000.
Recently, Alex Ionescu added support to freeldr to relocate the kernel. So although it is by default compiled now with a base address of 0x80000000, you can use the /3GB option on ReactOS too and the kernel will be loaded starting at 0xc0000000.
The base address of HAL.DLL doesn't really matter. It will always be relocated. So, although the base address in the header says 0x00011000, it will actually be loaded much higher in kernel space.

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 2 guests