PWN 20

Nots on Kernel

hlt instruction-> stops cpu

in or out -> interact with peripherals

cr3 -> page table, accessed via mov. only accessed in kernel mode ie mov rax, cr3

MSR_LSTAR -> where syscall instruction transfers control flow to. (wrmsr and rdmsr)

ring 3 userspace and ring 0 kernel(supervisor mode)

ring -1 Hypervisor mode. It intercepts sensitive ring 0 actions

At bootup kernel sets MSR_LSTAR to point to syscall handler routine

Calling syscall privilege level switches to ring 0

Sysret -> does the opposite of syscall.