Address of loading ntoskrnl.exe [rus]

Home Forums Discussions General Address of loading ntoskrnl.exe [rus]

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 15, 2007 at 6:54 pm #5106
    mr.Che
    Participant

      I know that ntdll and kernel32 loading constant addresses on a current computer.
      Do ntoskrnl loading constant address on a current computer?

      November 9, 2008 at 12:44 pm #6271
      dkg0414
      Participant

        I suppose so.

        Because ntldr is the one which loads ntoskrnl.exe.
        that means ntldr has a PE parsing functionality and it does dyanamic linking of ntoskrnl and hal.dll

        After that phase it is the responsibility of code present in ntokrnl.exe to dynamically link the other drivers which are getting loaded.
        For this ntoskrnl.exe itself should know its base address.

        Cheers
        Deepak

      • Author
        Posts
      Viewing 2 posts - 1 through 2 (of 2 total)
      • You must be logged in to reply to this topic.