Questions tagged [kernel-mode]

1

votes
2

answer
67

Views

Is an x86 CPU in kernel mode when the CPL value of the CS register is equal to 0?

The last two bits of the CS register contain the Current Privilege Level (CPL), which can contain either the value 0 or 1 or 2 or 3. If the value of CPL is 0, does that mean the CPU is in kernel mode (and hence can do everything)? or are there other things that must apply in order for the CPU to be...
Tom
1

votes
1

answer
156

Views

Trap instruction: why must the program counter and processor status register be changed atomically?

I came across the following problem on a previous exam from my operating systems class. Consider an architecture in which the TRAP instruction has two effects: to load a predefined value of the Processor Status Register (PCR), which contains the user/kernel mode bit, saving the value of the Program...
Tyler Small
0

votes
0

answer
4

Views

Not able to allocate NonPaged/Paged memory above 2047 MB on 64-bit Windows IoT OS inside WDM Driver

As per my knowledge in Windows 64-bit architecture we can assign nonpaged memory upto 75% of RAM or 128 GB (Whichever is lower) https://blogs.technet.microsoft.com/markrussinovich/2009/03/10/pushing-the-limits-of-windows-paged-and-nonpaged-pool/ https://docs.microsoft.com/en-us/windows/desktop/memor...
MankPan
1

votes
1

answer
260

Views

How to determine CPU and memory consumption from Windows driver (aka kernel space)

The problem is actually quite simple to formulate: I need to know current CPU and memory consumption of the whole system from kernel-mode driver under Windows. Of course, I have watched related question and tried this code. Results are not good: environment of Visual Studio 2013 for developing drive...
grekhss
1

votes
1

answer
761

Views

Is there a kernel-mode callback for LdrLoadDll?

I'm trying to make an exe profiler and now want to trace/log all Dlls that load/use in an exe by hooking LdrLoadDll in kernel-mode driver (I created the user-mode in the past). My problem is in 64bit version of windows, because in 64bit I can't use SSDT hooking and I can't find any alternative solut...
Kamran
1

votes
1

answer
784

Views

Minifilter redirect file creation in pre operation?

I am trying to redirect file creation on a volume of hard disk (i.e \Device\HarddiskVolume2) I found redirecting file name in minifilter open pre. But I got a system dialog as below Here is my code: // I tested with pFileName = &Data->Iopb->TargetFileObject->FileName; // It has same result pFileName...
GSP
1

votes
1

answer
1.6k

Views

shared printer error in windows 8 “can’t install the kernel-mode print driver. ”

All other windows 8 pcs can use shared printer via another desktop and its a hp printer. Except one windows 8.1 pc. kernel-mode print driver issue All computers are in a workgroup and withing the same network range.. I can access the printer shared desktop using given credentials and I made sure it...
user879
1

votes
2

answer
530

Views

How do I get the disk drive serial number in filter driver?

I write a driver in windows, and I need disk drive serial number, for user mode I found this ansver. My question is it possible to translate the above code to kernel mode, and how? Is WMI query available in filter driver? Sample code can greatly help. EDIT: I found here this code, but how I rewrite...
codeDom
1

votes
2

answer
184

Views

How do i properly implement threads in Windows Kernel Driver?

I am trying to learn how to code windows kernel drivers. In my driver i have 2 threads which are created at some point with PsCreateSystemThread I have a global variable called Kill which signals the threads to terminate like this. VOID AThread(IN PVOID Context) { for (;;) { if(Kill == True) break;...
Michael Strobel
1

votes
1

answer
0

Views

Privileged instructions, adding register values?

I finished homework for a graduate course in operating systems. I got a great score and I only missed one tiny point of a question. It asked which were privileged instructions and which were not. I answered all correctly except one: Adding one register value to another I answered it was privileged b...
1

votes
1

answer
0

Views

how can I make sure my progam is working successfully in kernel mode? [closed]

how can I make sure my program is working successfully in kernel mode or level in driver programming? And how I can use this program if there is any program need to use?
user663161
1

votes
1

answer
0

Views

How does a user process perform system call without going through context switch?

When a user process performs a system call, a kernel process gets invoked. Now how does this NOT result in a context switch ? Since the kernel process is different from a user process . Or Am I wrong in saying that a kernel routine (invoked by system call) and user processes belong to the same proce...
Sharat Chandra
1

votes
1

answer
2.7k

Views

How to send and receive data from a kernel mode driver to a binary in user mode

I am developing a kernel mode filter driver, I want this driver to send a UNICODE String to an exe running in user mode. Kindly provide an example for this, as i am a beginner in driver development. Below is the code of my driver (From where I want to send UNICODE string) #include 'drv_common.h' #in...
Muhammad Irfan
1

votes
1

answer
852

Views

In Linux kernel mode, how to execute a user space command

I hook execve in kernel mode(change system_call_table entry __NR_execve to my function). I want to check the ELF's assembly code. If it harmful, I'll return directly without executing it. I am writing a linux module. In Linux kernel mode, I want to use objdump to disassembly the ELF file. I want to...
siyuan
1

votes
1

answer
419

Views

Why does call_usermodehelper fail most of the times?

From a kernel module, I am trying to use call_usermodehelper function to execute an executable sha1 which takes a file as argument and writes the SHA1 hash sum of the file to another file (named output). The executable works perfectly. int result=-1; name = '/home/file' char *hargv[] = {'/home/sha1...
Subin P
2

votes
0

answer
212

Views

Where can I get HLK and HCK test sets for my driver to do a submission?

I have an application kernel mode driver (software driver, no device) and I want to do hlk and hck testing for it to do a submission of merged packages (signed by EV certificate) to Microsoft. The problem is that when I install my driver to the test system and select it in HLK Studio, I do not have...
Egor K
2

votes
1

answer
205

Views

Is it possible to use WCF to communicate with Windows kernel mode software?

WCF supports some interoperability bindings. Does any of these bindings allow to communicate with kernel mode sw? AFAIK kernel mode sw can open named pipes, in the Local System security context. Are those named pipes interoperable with WCF?
Jader Dias
1

votes
1

answer
189

Views

Do Windows NT Native Applications have access to x86 software interrupts (like int 19)?

Let's say I want to write an application or driver that runs in Windows NT Native mode (ie uses nothing but NTDLL.DLL functions and runs when ntoskrnl.exe starts. Would this application have access to x86 interrupts? IE, could I write code like this: __asm { int 19 } And have it return back to the...
Govind Parmar
5

votes
4

answer
182

Views

C and resource protection in memory

When we compile a C program, it just generates some machine-understandable code. This code can directly run on the hardware, telling from this question. So my questions are: If a C program can directly run on the hardware, how can the kernel handle the resource allocation for this program? If the ex...
shiv garg
20

votes
4

answer
13.6k

Views

Function caller in linux kernel

Is there a way to get function caller in linux kernel? I know __func__ returns the function name which is executing. I am looking for the function which called '__func__'
BHS
2

votes
1

answer
1.1k

Views

Directory relative ZwCreateFile

I have to implement cross view file integrity checker for my University project. For that how do I list the files of a Directory in Kernel Mode??
Ansh David
6

votes
3

answer
6.6k

Views

Getting kernel version from linux kernel module at runtime

how can I obtain runtime information about which version of kernel is running from inside linux kernel module code (kernel mode)?
Bogi
2

votes
0

answer
766

Views

How to send ACPI-based brightness hot keys by using ACPI notifications in a ACPI-filter Driver(WDM)?

At first, I have to admit I'm new to HW Driver development. Supposing that user can touch/press down a hardware key(such as brightness up) on a notebook keyboard with ACPI-based brightness hot keys on Windows 8.1, the system will receive an ACPI-based notification and increase the brightness of disp...
Keith
2

votes
1

answer
822

Views

What WinDbg version is compatible with NT 4.0 (SP 6a) for kernel debug?

I'm working with WinDbg 6.12 with both serial port connection and named pipe connection. Unfortunately I'm unable to connect my WinDbg with the target (NT 4 SP 6a) from the begining of the OS boot, autoreconnect doesn't work and I need to wait until NT 4 timeout for kernel connection is reached. The...
zapador
2

votes
1

answer
1.9k

Views

Returning from kernel mode to user mode

I'm a bit confused about the understanding of a mode switch in Unix kernel. I give my understanding here and open it for discussion/correction. While transitioning from user mode to kernel mode, the processor makes a switch between the per-process-user-stack and the per-process-kernel-stack. Then th...
Sharat Chandra
13

votes
3

answer
2k

Views

WinDbg loses connection debugging over network, and target machine freeze

I'm trying to get WinDbg debugging over the network to work, but it always loses connections after I break into the debugger (Debug->Break), and then try to start it again (Debug->Go). However, if I never break into the debugger, it looks like the connection is stable for an 'N' period of time. I ca...
tchau.dev
2

votes
0

answer
555

Views

Find current PID and terminate him in kernel-mode

My file system minifilter driver for Windows 7x64 must denied access for some files. I`m get it, but associated application still work. I want to terminate process with this application. For example, when user try to open *.txt file, file and associated copy of notepad must be closed. I used example...
James
2

votes
1

answer
212

Views

Is There Ever an Advantage to User Mode Debug over Kernel Mode Debug?

From what I understand, on a high level, user mode debugging provides you with access to the private virtual address for a process. A debug session is limited to that process and it cannot overwrite or tamper w/ other process' virtual address space/data. Kernel mode debug, I understand, provides acc...
mattkgross
2

votes
1

answer
253

Views

Windows Driver Listing Files to WinDbg Console

i'v already posted a question [question] : Directory relative ZwCreateFile but i am unable to build the driver. I have posted the error as well. So i was wondering is there any other way to list files in a directory(kernel space) without using 'ZwQueryDirectoryFile' routine.
Ansh David
3

votes
1

answer
190

Views

Why driver in kernel mode must be very careful about directly reading from or writing to addresses in user space?

From msdn: Drivers that run in kernel mode must be very careful about directly reading from or writing to addresses in user space. This scenario illustrates why. A user-mode program initiates a request to read some data from a device. The program supplies the starting address of a buffer to receive...
CEO at Apartico
7

votes
2

answer
3.1k

Views

Executing a user-mode executable from kernel-mode

I'm building a HW-simulator for our driver team. Now, the simulator is devided in to 2 modules: First module runs inside the driver, in kernel mode and that's where the main interface between the driver and the HW-Simulator. Second module is an executable user-mode code which generates data for the...
eladidan
2

votes
0

answer
363

Views

How to debug my ndis filter with windbg?

I've configured the host and target machine correctly, I can only connect to the target OS from the host machine. And I've installed my ndis filter on the target machine. How can I trace the process how my ndis filter works from here on?
wireshark
1

votes
3

answer
826

Views

Does User space/Kernel Space exist in RTOS?

I heard from various kernel developers that most of the RTOSes do not have any separation between user space and kernel space and therefore do not need any context switching. Is this true? In the same time, I heard from some other people that it is not true, and RTOSes such as VxWorks or Integrity...
Sama Azari
2

votes
0

answer
458

Views

How to modify ACL of an object from kernel mode in Windows OS?

Is there a way to add an ACE to the DACL of a file/directory from kernel mode in windows? I'm found a reference about ZwQuerySecurityObject/ZwSetSecurityObject routines, but it is not defined in WINDDK headers. I would appreciate any information of this question.
Feo
1

votes
1

answer
178

Views

How convert char * (char pointer) to PCSZ?

I have a method that has a mandatory parameter as char* and I want convert to PCSZ before RtlInitiAnsiString() and the result of uName after RtlAnsiStringToUnicodeString() to be the correct value. How can I do this? NTSTATUS myMethod(char *myName) { ANSI_STRING aName; UNICODE_STRING uName; O...
2

votes
0

answer
527

Views

Windows 7, Digitally signed driver shows warning : Windows cant verify the publisher of this driver software

I am trying install a windows USB driver with a simple structure (containing only the following content - app.inf, app.cat WdfCoInstaller01005.dll WinUSBCoInstaller.dll ). The driver is sha 256 signed using a valid standard kernel mode code signing certificate issued by Digicert. I could see the...
amesh
1

votes
3

answer
3.4k

Views

Kernel mode code signing

I made a driver, and now I need to sign it. It runs in kernel mode. From what I've read in Microsoft's Kernel Mode Code Signing Walkthrough, I have to buy a software publisher certificate from a commercial CA. In that document, they say to look at the end, and follow this link for a list of CAs from...
Andrei S
2

votes
3

answer
3.6k

Views

Windows XP: Have my program run in kernel mode?

I'm currently learning about the different modes the Windows operating system runs in (kernel mode vs. user mode), device drivers, their respective advantages and disadvantages and computer security in general. I would like to create a practical example of what a faulty device driver that runs in ke...
Kalamari
1

votes
2

answer
1.4k

Views

Why is debugging in kernel mode difficult?

I understand the purpose of both kernel and user mode, and how transitions from the former to the latter happen. Yet many sources state that a crash happening in kernel mode is hard to debug and that it should be done remotely, by connecting through telnet for instance (here is an example). Why is i...
qdii
2

votes
1

answer
58

Views

sysctl doesn't creates file in proc

To communicate in kernel mode and user space, I am using this C program. I am using following Makefile to create .ko file to load. bj-m := sysctl_test.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) default: $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules clean: $(MAKE) -C $(KD...
Nitinkumar Ambekar

View additional questions