Menu
I am using windows 7 home premium x64. I was wondering why exactly the IMAGE_MACHINETYPE field in the header of ntoskrnl in my system32 directory specifies x86. IDA will even let me disassemble it as native x86.
Yet on my windows 7 pro machine, image_machinetype is x64. Am I just missing something.. or why is ntoskrnl 32 bit on a 64 bit OS?
832
ntoskrnl.exe is a fundamental part of Windows that needs to exist for the Windows OS to function at all. This important part of Windows provides the kernel and executive layers of the Microsoft Windows NT kernel space.
In computing ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as kernel image, provides the kernel and executive layers of the Microsoft Windows NT kernel space, and is responsible for various system services such as hardware abstraction, process and memory management, thus making it a ...
My guess is on x64 architecture with a BIOS boot ntoskrnl.exe's main() entry point is called before the switch to long mode (64bit). Thus it would be an x86 application in so far as its entry point, but the remainder of the kernel image in the exe would be 64bit.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
