Chapter III Windows Operation Mechanism 3.1 Kernel Analysis
3.1.1 Operation Mechanism
1 Overview
"X" in VXD represents any device. You can think of VXD as a 32-bit DOS. The way Windows implementing a multitasking operating system is to deliver the operation time to each virtual device.
VMM is a 32-bit protection mode program. Its main task is to establish and maintain a framework that supports virtual machines and serves each VM. The VMM is the first VXD program loaded into the memory, placed in the VMM32.vxd in the system directory.
In the DOS program, the virtual device driver can control all resources of the system. When they run in a virtual machine, Windows needs to create a virtual device for each device to simulate the operation of the DOS to hardware. A VXD program typically controls the real hardware device and manages the device between the device between various virtual machines. Despite this, it is not that each VXD program must be associated with a hardware device. We can see the VXD program to do it at the level level 0 DLL.
There are two VXDs, static VXDs and dynamic VXDs under Windows95. Static VXD is the VXD program that is loaded from the system started and exists in memory before the system is turned off. Dynamic VXD programs can be loaded or unloaded by the program itself when needed.
2. Virtual Machine Manager
The Virtual Machine Manager (VMM) is the true kernel of Windows 9X. Virtual storage in VMM can overcome physical memory limits. Although it is physically not physically, theoretical 4GB space can be accessed.
When a Win32 program accesses the 4MB space, it is actually visited a physical space of the mapping. WINDOWS is a size of 4KB to paginate memory space.
3. Virtual equipment
The loading process of static VXD:
(1) Add the next line of code directly in System.ini:
Device = vxd_name
(2) You can add the following VXD path and name under the HLM / System / CurrentControlSet / Services / VXD / Key / StaticVxD subkey in the Windows9x registry: vxd_name = pathname
3.1.2 format of Le file
The code and data in the Le file are stored in several types of running properties: Lcode Pcode PData 17icode Mcode.
In general, PCODE and PDATA should be used as much as possible, because in this way, VMM can transfer the segment into the memory out of memory when needed. In addition, the hardware interrupt procedures and their services must be placed in the LCODE segment.
In a compiletable VXD project, the definition of the segment is unnecessary, and the definition of the segment is mainly used for the VXD project of C.
3.1.3 Design implementation of VXD
System message SYS_CRITICAL_INIT: Most VXD programs do not use this message unless the VXD program is to take over some other VXD programs or the interrupts you want to use.
When the VMM is loaded with the VXD program, it is loaded in the order of VXD, which is small in the initial sequence value.
Dynamic VXD In addition to the loading mechanism and the received initialization / end message, it can do everything that static VXD can do.
To define a function in a paragraph, you should first define a segment, then put the function in.
The VXD program can use all registers, but be careful when the change segment register must be careful, must not change the contents of CS and SS unless you have an absolute grasp of things that will happen. You can use DS and ES, but must remember to restore their initial values while returning. When the register method is called, the parameters of the service function are passed through various registers. When the stack service function is called, you put the parameters you want to pass, and you get the return value in Eax.
3.2 The operation mode of the message is in the 16-bit era, and the entire kernel of Windows is 32-bit, time-time, preemptive.
