Matt Pietrek's x64 Primer article
 Radim Picha (EliCZ) <apihooks com seznamcz> |
Friday, June 9 2006 04:00.40 CDT |
http://msdn.microsoft.com/msdnmag/issues/06/05/x64/default.aspx
Ok, Matt fixed sizeof(HANDLE) but there are another small mistakes (I didn't read the whole article):
"
00401000: CALL DWORD PTR [00020000h]
In 64-bit mode, the same opcodebytes call the 64-bit pointer value stored at address 00421000h (4010000h + 20000h).
"
In 64-bit mode is it (FF 15 00 00 02 00):
00401000: CALL QWORD PTR [RIP +00020000h]
00401006:
Where RIP is RIP for the _following_ instruction, so a pointer value stored at (401000h + LengthOfCurrentInstruction + 20000h) will be called.
"Unlike in Win32, system DLLs don't have a default load address near the top of the user mode address range."
And what's the top of the user mode address range in x64? If it is SYSTEM_INFO.lpMaximumApplicationAddress then they _have_ a default load address near the top of the user mode address range.
"Instead, they're loaded above 4GB, typically at addresses around 0x7FF00000000."
Yep, "around 0x7FF00000000" is near the top of the user mode address range. Well, the "echt" system dlls (ntdll, wow64*, kernel32, user32) are still loaded below 2GB.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |