I think freeldr shoudl be modified to PE load the boot
drivers and
ntoskrnl, instead of just memory dumping. This should remove most of the
bss hacks which use kernel_base, and the rest should use whatever
freeldr pushes on the loader_block. For now, we were simply testing some
things, and Royce's patch still helps a lot.
How does windows do this?
I gather it does this through NTLDR but what does NTLDR do here?
Whatever it is, perhaps we should be doing the same...