Stack Overflow
Stack Overflow

Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions
3
votes
1 answer

Reading data from mm_struct or vm_area_struct of user process

I was wondering how I would go about copying data from a page of a user process while in kernel mode. I have access to the mm_struct and all the vm_area_structs of the process. In vm_ops I saw the access method but I am unsure of how that works. Any…
Jesus Ramos
  • 22,940
  • 10
  • 58
  • 88
3
votes
0 answers

Fail to stop kernel driver with STOP_PENDING

I have a kernel driver that enum and close all handles (of type "File") of files present in a specific folder, and this is the code of reference about how start to this goal. The kernel code is works very fine, but i have a small problem more…
user13342561
3
votes
1 answer

Mapping Kernel-Space Virtual Address to User-Space Virtual Address in Windows 10 Driver

I'm writing a kernel mode driver in Windows 10 (64-bit), whose main purpose is to read from a DMA, and I was wondering if instead of copying blocks of memory from the kernel space to buffers allocated in the user space, I could somehow expose an…
Jones
  • 41
  • 1
  • 4
3
votes
1 answer

Why does call_usermodehelper fail most of the times?

From a kernel module, I am trying to use call_usermodehelper function to execute an executable sha1 which takes a file as argument and writes the SHA1 hash sum of the file to another file (named output). The executable works perfectly. int…
Subin Pulari
  • 193
  • 2
  • 11
3
votes
0 answers

How to send ACPI-based brightness hot keys by using ACPI notifications in a ACPI-filter Driver(WDM)?

At first, I have to admit I'm new to HW Driver development. Supposing that user can touch/press down a hardware key(such as brightness up) on a notebook keyboard with ACPI-based brightness hot keys on Windows 8.1, the system will receive an…
Keith
  • 31
  • 3
3
votes
1 answer

Why driver in kernel mode must be very careful about directly reading from or writing to addresses in user space?

From msdn: Drivers that run in kernel mode must be very careful about directly reading from or writing to addresses in user space. This scenario illustrates why. A user-mode program initiates a request to read some data from a device. The program…
Nusrat Nuriyev
  • 1,134
  • 2
  • 13
  • 29
2
votes
1 answer

What WinDbg version is compatible with NT 4.0 (SP 6a) for kernel debug?

I'm working with WinDbg 6.12 with both serial port connection and named pipe connection. Unfortunately I'm unable to connect my WinDbg with the target (NT 4 SP 6a) from the begining of the OS boot, autoreconnect doesn't work and I need to wait until…
zapador
  • 897
  • 2
  • 11
  • 20
2
votes
1 answer

Linux kernel filp_open fails with NOENT

UPDATE: in a continuation to @kisch's great answer, I read about softirq context, and it seems that (for a very reasonable reason) it is impossible to access user-mode from within this context. I assume that this is indeed the reason why it…
SpiderPig1297
  • 305
  • 1
  • 8
2
votes
2 answers

Kernel mode for user program

I am aware that Kernel mode is a privileged such that in kernel mode all hardware capabilities and all instructions in instruction set are available. I am also aware that when we make a procedure call (say read()) it in turn makes a system call. But…
Rahul Patel
  • 55
  • 7
2
votes
0 answers

How to debug my ndis filter with windbg?

I've configured the host and target machine correctly, I can only connect to the target OS from the host machine. And I've installed my ndis filter on the target machine. How can I trace the process how my ndis filter works from here on?
wireshark
  • 1,295
  • 2
  • 14
  • 20
2
votes
2 answers

Is an x86 CPU in kernel mode when the CPL value of the CS register is equal to 0?

The last two bits of the CS register contain the Current Privilege Level (CPL), which can contain either the value 0 or 1 or 2 or 3. If the value of CPL is 0, does that mean the CPU is in kernel mode (and hence can do everything)? or are there other…
Tom
  • 1,344
  • 9
  • 27
2
votes
0 answers

Windows 7, Digitally signed driver shows warning : Windows cant verify the publisher of this driver software

I am trying install a windows USB driver with a simple structure (containing only the following content - app.inf, app.cat WdfCoInstaller01005.dll WinUSBCoInstaller.dll ). The driver is sha 256 signed using a valid standard kernel mode code…
amesh
  • 1,311
  • 3
  • 21
  • 51
2
votes
3 answers

Windows XP: Have my program run in kernel mode?

I'm currently learning about the different modes the Windows operating system runs in (kernel mode vs. user mode), device drivers, their respective advantages and disadvantages and computer security in general. I would like to create a practical…
Kalamari
  • 21
  • 1
  • 2
2
votes
2 answers

Kernel-Mode to User-Mode communication

I'm aware about communicating to kernel-mode from user-mode and I also know of events/inverted calls however I need to send a string value down to a user-mode process from a kernel-mode device driver and then wait in KM for a response (e.g. TRUE or…
Dinoflame33
  • 41
  • 1
  • 2
2
votes
0 answers

Where can I get HLK and HCK test sets for my driver to do a submission?

I have an application kernel mode driver (software driver, no device) and I want to do hlk and hck testing for it to do a submission of merged packages (signed by EV certificate) to Microsoft. The problem is that when I install my driver to the test…
Egor K
  • 31
  • 4
1
2
3
9 10