Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions

vote

0 answers

Kernel Mode Driver BSOD PAGE_FAULT_IN_NONPAGED_AREA using a global UNICODE_STRING in Callback

I get a BSOD issue (PAGE_FAULT_IN_NONPAGED_AREA) it only started happening when I added my UNICODE_STRING The system crash happens after the UNICODE_STRING is set and working after like 10 minutes or so system crashes out of nowhere. Maybe because I…

asked Mar 27 '20 at 11:45

SSpoke

5,656
10
72
124

vote

0 answers

Can we bypass the user mode/kernel mode limitation by overriding segment register?

I'm learning interrupt in operating system now and got this question. I know that we cannot directly call system functions in user mode because the CPL in CS is 3 and the DPL of system_call is 0. I'm wondering that if we can just set CPL in CS to 0…

operating-system interrupt segment kernel-mode user-mode-linux

asked Jul 14 '19 at 00:25

Changda Li

vote

0 answers

Having too many bindings breaks Windows Authentication

Our website starts prompting credentials after adding the 65th binding for the same site in IIS. Even if we enter credentials correctly, we are not able to authenticate. It’s the same for all bindings (Tested with 20th and 45th bindings). Using…

iis windows-authentication http-status-code-401 kernel-mode

asked May 07 '19 at 14:07

Ned

1,055
9
34
58

vote

2 answers

Processor behavior when jumping between Rings

I can't find any specific info about what really hapens to a standard CPU (ie.: x86) when some Kernel code (Ring 0) makes a 'call' to a User code (Ring 3) routine. 1) When executing that routine the CPU Mode status gets changed to User mode? 2)…

x86 cpu-architecture osdev kernel-mode

asked Dec 26 '18 at 16:15

fante

2,475
1
16
17

vote

1 answer

What is kernel mode software?

I'm looking into signing a driver I made. A lot of the Microsoft documentation references "kernel mode software." What is that? It's mentioned in a lot of places, but it doesn't seem to be defined anywhere. How do I know if my driver is kernel…

windows driver digital-signature kernel-mode

asked Feb 25 '11 at 16:29

Jim Fell

13,750
36
127
202

vote

1 answer

Trap instruction: why must the program counter and processor status register be changed atomically?

I came across the following problem on a previous exam from my operating systems class. Consider an architecture in which the TRAP instruction has two effects: to load a predefined value of the Processor Status Register (PCR), which contains the…

kernel-mode program-counter status-register

asked May 07 '18 at 00:11

Tyler Small

vote

1 answer

Is there a way to get DisableUserModeCallbackFilter to work in Windows 10?

Is there any way to get DisableUserModeCallbackFilter (or similar) to work on Windows 10? It's supposed to allow exceptions thrown from user-mode code to propagate across user/kernel boundaries, and it had a hotfix on earlier Windows versions up to…

c++ winapi exception kernel-mode stack-unwinding

asked Mar 19 '18 at 21:55

user541686

205,094
128
528
886

vote

2 answers

Simple Kernel Mode Driver

I'm creating simple Kernel Mode Driver (Empty Project) to try some read/write memory operations on user mode apps. I'm getting errors while compiling the project On these lines : NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID…

c++ memory kernel kernel-mode

asked Feb 18 '18 at 17:54

Néoxyne

vote

0 answers

HLK Studio - Shortening MiniFilter Test Duration Using Parallelism

I've also posted the same question in Microsoft Forums, but is seems dead... Maybe someone here can help. After multiple trial-and-error iterations, we finally succeeded setting up a fully automated testing environment for our MiniFilter driver, as…

driver wdk minifilter kernel-mode windows-dev-center

asked Oct 03 '17 at 06:12

Oren Chapo

vote

1 answer

How convert char * (char pointer) to PCSZ?

I have a method that has a mandatory parameter as char* and I want convert to PCSZ before RtlInitiAnsiString() and the result of uName after RtlAnsiStringToUnicodeString() to be the correct value. How can I do this? NTSTATUS myMethod(char *myName) {…

c++ c visual-studio driver kernel-mode

asked Aug 15 '17 at 10:55

user7649139

vote

0 answers

Get UTC time in windows kernel mode

How can i get utc time in windows kernel mode? I'm aware of KeQuerySystemTime (but this is 1601 based). i found this solution. LONGLONG FileTime_to_POSIX(FILETIME ft) { // takes the last modified date LARGE_INTEGER date, adjust; …

c++ windows kernel-mode

asked Apr 20 '17 at 14:48

user1235183

3,002
1
27
66

vote

0 answers

Cannot write to SATA disks on AHCI controller in kernel mode program

I'm writing an experimental kernel-mode program to test some things. I want to do IO to and from a SATA disk attached to an AHCI controller. I have a C driver that previously worked on another similar project that ran on another PC I no longer have.…

c hardware-interface kernel-mode sata ata

asked Dec 11 '16 at 22:18

Daniel Seagraves

vote

2 answers

How OS protects against malicious memory access from assembly level code?

I know about the system calls that OS provides to protect programs from accessing other programs memory. But that can only help if I have used the system call library provided by OS. What if I write a assembly code myself that sets CPU bit for…

memory-management operating-system system-calls kernel-mode memory-safety

asked Dec 10 '16 at 23:09

Rishi Sharma

vote

1 answer

Entering Ring 0 with C++ using Visual Studio 15

Yes I know, that there are some similar questions around, but none of them are satisfying I know that it is a stupid idea, but I need to enter into kernel-mode (aka Ring 0) with my Visual Studio 2015 C++-Project. I also want to do it with the…

c++ visual-studio kernel-mode

asked Sep 19 '16 at 10:39

unknown6656

2,765
2
36
52

vote

3 answers

Kernel mode code signing

I made a driver, and now I need to sign it. It runs in kernel mode. From what I've read in Microsoft's Kernel Mode Code Signing Walkthrough, I have to buy a software publisher certificate from a commercial CA. In that document, they say to look at…

code-signing kernel-mode

asked Oct 07 '10 at 07:40

Andrei S

6,486
5
37
54

Prev 1 2 3

…

9 10 Next