On Fri, Oct 25, 2024 at 8:34 AM rudeus greyrat <rudeusquagmir...@gmail.com> wrote: > > In cpp (and other LLVM based languages), the windows API function address is > taken from the DLL after it has been loaded in the Virtual Memory space (or > at least something like that). > > In go, everything is wrapped around that SyscallN function, which sadly I am > not understanding how it works. > > Why is it called syscall ? I know Syscall in windows have a syscall number ...
The name is just due to the fact that Go was originally implemented for Unix systems. On Unix (and other) systems all calls into the operating systems are implemented as system calls, or syscalls. Windows works differently, but the Windows port just uses the same name "syscall". > I feel (just a feeling) it is bypassing hook put in place by security > solution (Bitdefender and other EDR) that hook Syscall after ntdll has been > loaded in process memory It doesn't have anything to do with security solutions. It's because we need to convert from the Go calling convention to the Windows calling convention, and it's convenient to do that in one place. > ``` > getg returns the pointer to the current g. The compiler rewrites calls to > this function into instructions that fetch the g directly (from TLS or from > the dedicated register). > ``` > > Does that mean all the address are written in the TLS allocated at the > beginning of the program ? No, just the g pointer itself. The g points to data stored in ordinary heap memory. > Any more doc about what "g" and "m" stand for ? "g" stands for goroutine. "m" more or less stands for "machine thread". Each m is associated with an operating system thread, which on Windows is created using CreateThread. The goroutines are multiplexed onto threads. Ian -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/CAOyqgcV6RWDJrfi%3D3QH%3DKB8tGf--P1SusbLwq3sKRskZKqtH-g%40mail.gmail.com.
