Call gates Win64

Harry_Kraskow · January 17, 2006, 11:37am

Hello all

I have two questions:

Can anyone point me to a comprehensive document on Win64 memory
management. I am interested to know about the level of indirections during
VA to physical address translations and the segmentation levels.
Can I access/set up call gates through GDT even in 64 bit OS version,
just like the 32 bit version? If there are some documents abt that, pls
point me to one.

Regards
Harry

OSR_Community_User · January 17, 2006, 1:27pm

HARRY:

I can only comment on the AMD64 based version of Win64 (not IA64).
Download the reference manuals from AMD (particularly publication
24593). These address both questions. Russinovich (Windows
Internals…) also addresses VA to PA; I know of nothing else that talks
about call gates (which exist on AMD64).

MM

>> xxxxx@googlemail.com 2006-01-17 11:36 >>>
Hello all

I have two questions:

Can anyone point me to a comprehensive document on Win64 memory
management. I am interested to know about the level of indirections
during
VA to physical address translations and the segmentation levels.
Can I access/set up call gates through GDT even in 64 bit OS
version,
just like the 32 bit version? If there are some documents abt that,
pls
point me to one.

Regards
Harry

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Dmitriy_Budko · January 17, 2006, 10:58pm

You can’t easily modify the GDT on x64 Windows. There is kernel’s watchdog
timer that monitors the critical kernel’s and CPU’s data structures.

http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

Dmitriy Budko
VMware

From: xxxxx@lists.osr.com on behalf of Harry kraskow
Sent: Tue 1/17/2006 8:36 AM
Subject: [ntdev] Call gates Win64

Can I access/set up call gates through GDT even in 64 bit OS version,
just like the 32 bit version? If there are some documents abt that, pls point
me to one.

Regards
Harry

Harry_Kraskow · January 18, 2006, 5:08am

Hi

Looks as if it is not a good alternative anymore to play around with the
GDT:( It was a very good way to patch the kernel in win32 systems, without
resorting to writing a driver. The article alludes that patching support has
been quintessentially removed from 64 bit OS.

Thanks and regards
Harry.

On 1/18/06, Dmitriy Budko wrote:
>
> You can’t easily modify the GDT on x64 Windows. There is kernel’s
> watchdog
> timer that monitors the critical kernel’s and CPU’s data structures.
>
> http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
>
> Dmitriy Budko
> VMware
>
>
> ________________________________
>
> From: xxxxx@lists.osr.com on behalf of Harry kraskow
> Sent: Tue 1/17/2006 8:36 AM
> Subject: [ntdev] Call gates Win64
>
>
> 2. Can I access/set up call gates through GDT even in 64 bit OS version,
> just like the 32 bit version? If there are some documents abt that, pls
> point
> me to one.
>
> Regards
> Harry
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

OSR_Community_User · January 20, 2006, 10:01pm

You can use the google search “Bypassing PatchGuard on Windows x64”
“Harry kraskow” ??? news:xxxxx@ntdev…
Hi

Looks as if it is not a good alternative anymore to play around with the GDT:( It was a very good way to patch the kernel in win32 systems, without resorting to writing a driver. The article alludes that patching support has been quintessentially removed from 64 bit OS.

Thanks and regards
Harry.

On 1/18/06, Dmitriy Budko wrote:
You can’t easily modify the GDT on x64 Windows. There is kernel’s watchdog
timer that monitors the critical kernel’s and CPU’s data structures.

http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

Dmitriy Budko
VMware

________________________________

From: xxxxx@lists.osr.com on behalf of Harry kraskow
Sent: Tue 1/17/2006 8:36 AM
Subject: [ntdev] Call gates Win64

2. Can I access/set up call gates through GDT even in 64 bit OS version,
just like the 32 bit version? If there are some documents abt that, pls point
me to one.

Regards
Harry

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Mark_Roddy · January 20, 2006, 10:17pm

Ah another newbie demonstrating his excellent hacking skills. Sigh…

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of lake_swan
Sent: Saturday, December 31, 2005 9:20 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Call gates Win64

You can use the google search " http: Bypassing PatchGuard on Windows x64"

“Harry kraskow” 写入邮件 news:xxxxx@ntdev…
Hi

Looks as if it is not a good alternative anymore to play around with the GDT:( It was a very good way to patch the kernel in win32 systems, without resorting to writing a driver. The article alludes that patching support has been quintessentially removed from 64 bit OS.

Thanks and regards
Harry.

On 1/18/06, Dmitriy Budko wrote:

You can’t easily modify the GDT on x64 Windows. There is kernel’s watchdog
timer that monitors the critical kernel’s and CPU’s data structures.

http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

Dmitriy Budko
VMware

________________________________

From: xxxxx@lists.osr.com on behalf of Harry kraskow
Sent: Tue 1/17/2006 8:36 AM
Subject: [ntdev] Call gates Win64

2. Can I access/set up call gates through GDT even in 64 bit OS version,
just like the 32 bit version? If there are some documents abt that, pls point
me to one.

Regards
Harry

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

OSR_Community_User · January 21, 2006, 1:11am

Sorry i just want to help him. I will never undocument message.
“Mark Roddy” 写入邮件 news:xxxxx@ntdev…
Ah another newbie demonstrating his excellent hacking skills. Sigh…

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

----------------------------------------------------------------------------
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of lake_swan
Sent: Saturday, December 31, 2005 9:20 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Call gates Win64

You can use the google search “Bypassing PatchGuard on Windows x64”
“Harry kraskow” 写入邮件 news:xxxxx@ntdev…
Hi

Looks as if it is not a good alternative anymore to play around with the GDT:( It was a very good way to patch the kernel in win32 systems, without resorting to writing a driver. The article alludes that patching support has been quintessentially removed from 64 bit OS.

Thanks and regards
Harry.

On 1/18/06, Dmitriy Budko wrote:
You can’t easily modify the GDT on x64 Windows. There is kernel’s watchdog
timer that monitors the critical kernel’s and CPU’s data structures.

http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

Dmitriy Budko
VMware

________________________________

From: xxxxx@lists.osr.com on behalf of Harry kraskow
Sent: Tue 1/17/2006 8:36 AM
Subject: [ntdev] Call gates Win64

2. Can I access/set up call gates through GDT even in 64 bit OS version,
just like the 32 bit version? If there are some documents abt that, pls point
me to one.

Regards
Harry

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Michal_Vodicka-2 · January 21, 2006, 3:07am

Hooking, patching, bypassing and similar techiques aren’t taken well in this list. Usually for very good reasons. Anyway, this paper seems interesting and I just printed it to have something to read at weekend. It can be useful to know how such things works, sometimes. Thanks.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of lake_swan[SMTP:lake_swan@163.com]
Reply To: Windows System Software Devs Interest List
Sent: Saturday, December 31, 2005 6:29 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Call gates Win64

Sorry i just want to help him. I will never undocument message.

“Mark Roddy” > д???ʼ? news:xxxxx…
> Ah another newbie demonstrating his excellent hacking skills. Sigh…
>
>
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>
>
>
>
>
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of lake_swan
> Sent: Saturday, December 31, 2005 9:20 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Call gates Win64
>
>
> You can use the google search “Bypassing PatchGuard on Windows x64 http:”
>
> “Harry kraskow” > д???ʼ? news:xxxxx…
> Hi
>
> Looks as if it is not a good alternative anymore to play around with the GDT:( It was a very good way to patch the kernel in win32 systems, without resorting to writing a driver. The article alludes that patching support has been quintessentially removed from 64 bit OS.
>
> Thanks and regards
> Harry.
>
>
> On 1/18/06, Dmitriy Budko > wrote:
>
> You can’t easily modify the GDT on x64 Windows. There is kernel’s watchdog
> timer that monitors the critical kernel’s and CPU’s data structures.
>
> http:
>
> Dmitriy Budko
> VMware
>
>
>___________________________
>
> From: xxxxx@lists.osr.com mailto:xxxxx on behalf of Harry kraskow
> Sent: Tue 1/17/2006 8:36 AM
> Subject: [ntdev] Call gates Win64
>
>
> 2. Can I access/set up call gates through GDT even in 64 bit OS version,
> just like the 32 bit version? If there are some documents abt that, pls point
> me to one.
>
> Regards
> Harry
>
>
> —
> Questions? First check the Kernel Driver FAQ at http:
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com mailto:xxxxx
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
></mailto:xxxxx></http:></mailto:xxxxx></http:></news:xxxxx></http:></news:xxxxx>