WoW64仿真层做什么？ [英] What does WoW64 emulation layer do?

问题描述

所有WoW64应用程序经过WoW64仿真层。

我想知道这一层会发生什么。（尤其是它们如何转换地址空间）

All WoW64 apps go through WoW64 emulation layer.
I'd like to know what happen in this layer.(especially, how they can convert address space)

请给我一些重要点。

推荐答案

既然您已经发布了该图，那么很显然您知道为什么存在WOW64。现在回答您的问题：

Since you have already posted the diagram it is clear that you know why WOW64 exists. Now to answer your question:

我想知道这一层会发生什么。

I'd like to know what happen in this layer.

我想您想知道它是如何实现的。

I think you want to know how it is implemented.

进程启动：加载程序照常加载64位用户模式部分 Ntdll.dll，但如果该进程用于32位执行，则还加载32位Ntdll.dll。现在，使用Wow64.dll进行初始化是装载程序的责任，该程序在32位Ntdll中设置进程和线程上下文，并将CPU切换为32位模式以执行。

Process startup: The loader loads 64-bit user-mode part 'Ntdll.dll' as usual, but also loads 32-bit Ntdll.dll in case the process is for 32-bit execution. It is now the loaders responsibility to initialize using Wow64.dll, which sets up process and thread contexts in 32-bit Ntdll and 'switches the CPU to 32-bit mode' for execution.

系统调用：现在所有内容都以32位模式运行，直到系统调用为止。我们知道系统调用通过Ntdll.dll，User32.dll和Gdi32.dll等进行；在这种情况下为32位版本。这些文件库的单独的32位版本位于\Windows librariesSyswow64位文件夹中。这些只是存根，而不是发出本机系统调用，而是在Wow64.dll中实际调用。现在，Wow64.dll可以轻松转换为64位模式，将参数转换为64位模式，使用64位版本发出系统调用，获取结果，然后将输出重新转换为32位。然后它将CPU转换回32位模式并返回输出。

System Call: Everything is now running in 32-bit mode, until a system call. We know that system calls go through Ntdll.dll, User32.dll, and Gdi32.dll etc; in this case the 32-bit versions. There is a separate 32-bit version of these libraries located in \Windows\Syswow64 bit folder. These are just stubs that instead of issuing 'native system calls,' actually call in Wow64.dll. Now, it's simple for Wow64.dll to transition to 64-bit mode, convert parameters to their 64-bit counterparts, issue the system call using 64-bit versions, get the result, and reconvert the output to 32-bit. It then transitions CPU back to 32-bit mode and returns the output.

异常分派，用户回调，文件系统和注册表操作，以及I / O在以同样的方式，在线下的某个地方使用钩子。阅读下面指定的书。

Exception dispatching, user callbacks, file system and registry operations, and I/O is handled in the same way, using hooks somewhere down the line. Read the book prescribed below.

（尤其是它们如何转换地址空间）。

(especially, how they can convert address space).

64位地址空间是32位地址空间的超集。另外，不使用32位/ 64位的相同指针（实际上是PTE）来引用整个地址空间，但是有用于用户空间和系统空间的单独页表。

64-bit address space is a superset of 32-bit address space. Plus, the same pointer (actually PTE) in 32-bit/64-bit isn't used to refer to the whole address space, but there are separate page tables for user-space and for system space.

请给我一些要点。

Please give me some important points.

要了解Windows，我能给您的最重要一点是阅读 Windows Internals-Russinovich

To know windows, the most important point I can give you is to read 'Windows Internals' -- Russinovich

这篇关于WoW64仿真层做什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！