a different assembly language. Focusing exclusively on 32-bit versions of Win-
dows makes sense because this book only deals with the IA-32 assembly lan-
guage. It looks like it is still going to take 64-bit systems a few years to become
a commodity. I promise I will update this book when that happens!Virtual Memory and Paging
Virtual memory is a fundamental concept in contemporary operating systems.
The idea is that instead of letting software directly access physical memory, the
processor, in combination with the operating system, creates an invisible layer
between the software and the physical memory. For every memory access, the
processor consults a special table called the page table that tells the process
which physical memory address to actually use. Of course, it wouldn’t be
practical to have a table entry for each byte of memory (such a table would be
larger than the total available physical memory), so instead processors divide
memory into pages.
Pages are just fixed-size chunks of memory; each entry in the page table
deals with one page of memory. The actual size of a page of memory differs
between processor architectures, and some architectures support more than
one page size. IA-32 processors generally use 4K pages, though they also sup-
port 2 MB and 4 MB pages. For the most part Windows uses 4K pages, so you
can generally consider that to be the default page size.
When first thinking about this concept, you might not immediately see the
benefits of using a page table. There are several advantages, but the most
important one is that it enables the creation of multiple address spaces. An
address space is an isolated page table that only allows access to memory that
is pertinent to the current program or process. Because the process prevents
the application from accessing the page table, it is impossible for the process to
break this boundary. The concept of multiple address spaces is a fundamental
feature in modern operating systems, because it ensures that programs are
completely isolated from one another and that each process has its own little
“sandbox” to run in.
Beyond address spaces, the existence of a page table also means that it is
very easy to instruct the processor to enforce certain rules on how memory is
accessed. For example, page-table entries often have a set of flags that deter-
mine certain properties regarding the specific entry such as whether it is acces-
sible from nonprivileged mode. This means that the operating system code can
actually reside inside the process’s address space and simply set a flag in the
page-table entries that restricts the application from ever accessing the operat-
ing system’s sensitive data.
This brings us to the fundamental concepts of kernel mode versus user mode.
Kernel mode is basically the Windows term for the privileged processor mode
and is frequently used for describing code that runs in privileged mode or72 Chapter 3