Java OSR

Compilation in java is fine asynchronously. Java code will continue to be executed via interpretation while the compilation is queued to compile. Once compilation is done, the compile code will replace the Java’s code o. The stack so that the next execution of the code path will use the compiled code instead. This is called on stack replacement. For example, if the code to be compiled is a loop that keep on running. You cannot wait to replace the java  code by compiled code until the loop execution ends which may never happened. OSR enable the compiled code to run as soon as the compilation is done. 

Java tier compilation

Java has 2 compilers - C1 abs C2. C1 originated from client jvm and C2 from server jvm. C1 is more aggressive in the sense that it started to compile code earlier than C2. C2 observes the execution longer before compilation and generated more optimised code than C1. This made sense in the past as client code tends to run shorter and thus earlier compilations will be beneficial. Server side code tends to run longer and a more optimized code is beneficial in long run. 

Presently, jvm uses both C1 and C2 compiler. It is called tiered compilation. Code will be first compiled with C1 and hotter code will then recompile with C2

Java code cache

When the code cache is filled up, Iava JIT compilation would stop. This could affect performance as hot code will remained being interpreted. 

DOS Partition

DOS format disk into 4 primary partitions. There is a boot flag field in the partition to indicate to the boot loader ito boot from this partition. Some bootloader may not follow this convention (eg. unix) and has their one way to identity the partition to boot. 

If there is a need to have more than 4 partitions (drives in Windows term), multiple logical partitions can be defined in a primary partition. However, the windows boot loader will not be able to see and boot from logical partitions. 

BIOS booting

 When computer is powered on, the processor will clear all registers and set the CS and IP to a fixed address in the BIOS for x86. BIOS read the first sector (512 bytes) from the boot device and jump control to it. The code in the first sector is part 1 of the boot loader. It will read in the part 2 of loader which exists in the next 31K of the partition (or volume). Part 2 will then jump to part 3 of the loader which exists in the OS partition which in turn load the kernel. 

The OS partition can be in a separate partition on the disk. 

Process hollowing

RunPE attack replaces the actual load module when the process is created and before it starts to execute. The attacker suspend the process during CreateProcess call, locate the load module load address via PEB and rewrite it to point to the malicious code that has already mapped into the address space. It then fixes up the thread context and resume the process so that the malicious code hijacked the process. 

Windows TEB

For a multi-thread applications, each thread must has its own stack. The stack address and size are stored inTEB. In a 33 bits system, the FS segment register pointed to the TEB and in a 64 bit system, GS segment register is used 

The ExceptionList field points to the SEH, structure exception handling, chain set up in the program to try and catch exceptions. This not applicable to 32 bit system.