"Consider a typical Windows x86 or
AMD64 architecture, the memory is
divided in executable sections that
cannot be written to and data sections
that can be written to but cannot be
executed (think DEP).""JIT compiles methods in-memory, does
(generally) not store anything to
disk, instead moves it around where
the next instruction pointer can reach
it, changes the current instruction
pointer (pointing to the JIT) to point
to the newly generated code and then
executes it."
These two paragraphs, while a bit over-simplified, are what I basically understand of JIT and Windows’ memory model. I also know that when I try to copy some executable code in memory by hand and try to execute it, I will generally be unable to do it (unless with DLL injection).
How did the JIT-designers overcome this hurdle? Do they use a ring-0 driver or is everything done in user mode?
It is simply done with the Windows VirtualProtect() API function. It changes the virtual memory page attributes. From PAGE_READWRITE so the JIT compiler can write the machine code to PAGE_EXECUTE_READ so it can be executed. No special privileges are required to do so since the page is owned by the process that also runs the JIT compiler.