Stack Overflow
Stack Overflow

Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions
2
votes
1 answer

WinDbg kernel mode debugging using ETHERNET not working

I am trying to get WinDbg to debug a target machine using a manual Ethernet cable as described at https://msdn.microsoft.com/en-us/library/windows/hardware/hh439346(v=vs.85).aspx However, WinDbg on the host seems to be stuck Waiting to reconnect...…
Nazaf
  • 21
  • 3
2
votes
1 answer

Is it possible to use WCF to communicate with Windows kernel mode software?

WCF supports some interoperability bindings. Does any of these bindings allow to communicate with kernel mode sw? AFAIK kernel mode sw can open named pipes, in the Local System security context. Are those named pipes interoperable with WCF?
Jader Dias
  • 88,211
  • 155
  • 421
  • 625
2
votes
1 answer

sysctl doesn't creates file in proc

To communicate in kernel mode and user space, I am using this C program. I am using following Makefile to create .ko file to load. bj-m := sysctl_test.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) default: …
Nitinkumar Ambekar
  • 969
  • 20
  • 39
2
votes
1 answer

Is There Ever an Advantage to User Mode Debug over Kernel Mode Debug?

From what I understand, on a high level, user mode debugging provides you with access to the private virtual address for a process. A debug session is limited to that process and it cannot overwrite or tamper w/ other process' virtual address…
mattkgross
  • 791
  • 2
  • 12
  • 24
2
votes
0 answers

Find current PID and terminate him in kernel-mode

My file system minifilter driver for Windows 7x64 must denied access for some files. I`m get it, but associated application still work. I want to terminate process with this application. For example, when user try to open *.txt file, file and…
James
  • 21
  • 1
  • 3
2
votes
1 answer

Minifilter redirect file creation in pre operation?

I am trying to redirect file creation on a volume of hard disk (i.e \Device\HarddiskVolume2) I found redirecting file name in minifilter open pre. But I got a system dialog as below Here is my code: // I tested with pFileName =…
GSP
  • 574
  • 3
  • 7
  • 34
2
votes
1 answer

MPTCP in user mode

Is there any implementation of MPTCP in user mode, not kernel mode? If no, is there any suggestions to reuse kernel mode source code in user mode? http://www.multipath-tcp.org https://github.com/multipath-tcp/mptcp
k06a
  • 17,755
  • 10
  • 70
  • 110
2
votes
1 answer

Windows Driver Listing Files to WinDbg Console

i'v already posted a question [question] : Directory relative ZwCreateFile but i am unable to build the driver. I have posted the error as well. So i was wondering is there any other way to list files in a directory(kernel space) without using…
Ansh David
  • 654
  • 1
  • 10
  • 26
2
votes
1 answer

Directory relative ZwCreateFile

I have to implement cross view file integrity checker for my University project. For that how do I list the files of a Directory in Kernel Mode??
Ansh David
  • 654
  • 1
  • 10
  • 26
1
vote
1 answer

How does a user process perform system call without going through context switch?

When a user process performs a system call, a kernel process gets invoked. Now how does this NOT result in a context switch ? Since the kernel process is different from a user process . Or Am I wrong in saying that a kernel routine (invoked by…
Sharat Chandra
  • 4,434
  • 7
  • 49
  • 66
1
vote
2 answers

Why is debugging in kernel mode difficult?

I understand the purpose of both kernel and user mode, and how transitions from the former to the latter happen. Yet many sources state that a crash happening in kernel mode is hard to debug and that it should be done remotely, by connecting through…
qdii
  • 12,505
  • 10
  • 59
  • 116
1
vote
0 answers

How does the CPU know it's executing a Kernel/Ring-0 instruction?

Let's say you compile a C program into an executable and run it. (Assume code running on x86 architecture) When the CPU is executing the machine code, it will inevitably need to execute instructions outside of ring-3 (user-mode). When executing some…
katie1245
  • 1,127
  • 8
  • 10
1
vote
2 answers

A variable of type HANDLE can be compared with NULL in C?

A variable declared as HANDLE can be compared with NULL in C? Thank you. Edition: For example: HANDLE hProcess = NULL; status = ZwOpenProcess(&hProcess, PROCESS_DUP_HANDLE, &ob, &Cid); if (hProcess != NULL) { ZwClose(hProcess); hProcess =…
user13342561
1
vote
1 answer

Difference between SystemRoot and C:\Windows

In kernel mode, do \SytemRoot and \??\C:\Windows produce the same result? For instance, if I want to access a file named test.txt in the Windows directory, what is right to use between the two options?
user13342579
1
vote
0 answers

Is Monitor class in C# blocks by spinning (user-mode) or by stopping a thread (kernel-mode)?

Is Monitor class in C# blocks by spinning (user-mode) or by stopping a thread (kernel-mode)? I was not able to find an answer to this question in the documentation. I clearly understand how the Monitor interacts with objects. It uses the sync blocks…
Sasuke Uchiha
  • 857
  • 2
  • 11
  • 23
1 2
3
9 10