Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions

vote

2 answers

Kernel-Mode driver debugging of a physical Machine

On one computer I run Windbg.exe I want connect to this computer an another physical computer And on the other computer install and debug a driver I wrote it. Is this possible and how? It should be noted that already I checked my driver on virtual…

driver windbg kernel-mode

asked Jun 24 '16 at 13:30

codeDom

1,623
18
54

vote

1 answer

Privileged instructions, adding register values?

I finished homework for a graduate course in operating systems. I got a great score and I only missed one tiny point of a question. It asked which were privileged instructions and which were not. I answered all correctly except one: Adding one…

privilege usermode kernel-mode

asked Sep 07 '10 at 04:39

user427390

vote

0 answers

how to start a process under kernel debugging on windows?

I have a hard drive was crypted by TryeCrypt,a custom edtion ,self input password,and i have found this 40-bytes password via MBR debugging, but can't mount it using standard version 7.1a. what i want is get some files from this hard drive,good news…

windbg shellcode ida kernel-mode

asked Jan 22 '16 at 17:05

coder

vote

4 answers

Does User space/Kernel Space exist in RTOS?

I heard from various kernel developers that most of the RTOSes do not have any separation between user space and kernel space and therefore do not need any context switching. Is this true? In the same time, I heard from some other people that it…

kernel real-time rtos kernel-mode usermode

asked Jan 19 '16 at 23:13

Sama Azari

vote

1 answer

is printf privileged instruction?

since I/O instructions are privileged instructions that require mode switch from user to kernel, is printf also considered a privileged instruction? is there mode switch when performing printf instructions?

io printf instructions kernel-mode usermode

asked Nov 23 '15 at 19:16

yellowbowlmigration

vote

0 answers

EV code signing needed for own libusb-win32 driver?

I am trying to get our libusb-win32 driver to work with different Windows OS. I already successfully installed it on 7, 8 and 10 with a selfsigned certificate that I imported into the root and trustedpublisher. What remains is to buy an official…

windows certificate driver kernel-mode

asked Nov 10 '15 at 13:51

dryman

vote

1 answer

In Linux kernel mode, how to execute a user space command

I hook execve in kernel mode(change system_call_table entry __NR_execve to my function). I want to check the ELF's assembly code. If it harmful, I'll return directly without executing it. I am writing a linux module. In Linux kernel mode, I want to…

linux-kernel kernel-module kernel-mode userspace

asked Oct 24 '15 at 11:47

siyuan

vote

1 answer

Is there a kernel-mode callback for LdrLoadDll?

I'm trying to make an exe profiler and now want to trace/log all Dlls that load/use in an exe by hooking LdrLoadDll in kernel-mode driver (I created the user-mode in the past). My problem is in 64bit version of windows, because in 64bit I can't use…

windows callback driver hook kernel-mode

asked Sep 02 '14 at 06:16

Kamran

vote

1 answer

How to determine CPU and memory consumption from Windows driver (aka kernel space)

The problem is actually quite simple to formulate: I need to know current CPU and memory consumption of the whole system from kernel-mode driver under Windows. Of course, I have watched related question and tried this code. Results are not good:…

c++ windows driver kernel-mode

asked May 20 '14 at 11:50

grekhss

vote

1 answer

Do Windows NT Native Applications have access to x86 software interrupts (like int 19)?

Let's say I want to write an application or driver that runs in Windows NT Native mode (ie uses nothing but NTDLL.DLL functions and runs when ntoskrnl.exe starts. Would this application have access to x86 interrupts? IE, could I write code like…

x86 interrupt kernel-mode ntdll

asked Oct 25 '13 at 21:55

Govind Parmar

20,656
7
53
85

vote

1 answer

How to specify 32-bit Windows Debugger in Visual Studio 2012 when doing kernel mode debugging

I have a 64-bit host/target, but I need to use the 32-bit version of Windows Debugger so I can load some 32-bit debugging tool libraries. This works fine when invoking windbg.exe directly, but when I use the "Kernel Mode Debugger" tool in Visual…

visual-studio-2012 32bit-64bit windbg winapi kernel-mode

asked May 21 '13 at 18:10

mhulth

vote

1 answer

How to send and receive data from a kernel mode driver to a binary in user mode

I am developing a kernel mode filter driver, I want this driver to send a UNICODE String to an exe running in user mode. Kindly provide an example for this, as i am a beginner in driver development. Below is the code of my driver (From where I want…

c++ windows kernel-mode

asked Apr 04 '13 at 11:47

Muhammad Irfan

vote

1 answer

Kernel mode and User mode Drivers

I am a beginner in driver development. I want to know where exactly a kernel mode driver and a user mode driver resides in the main memory (Portion of main memory). And how to specify a driver as kernel mode driver or user mode driver while creating…

windows visual-studio drivers kernel-mode usermode

asked Feb 20 '13 at 07:08

Muhammad Irfan

votes

0 answers

How to collect WPP traces in realtime by user space app?

I'm working on Windows user space app development. Also in the same time i'm developing Windows kernel mode driver. Driver has enabled WPP traces on particular GUID. Let's call it DRIVER_PROVIDER_GUID. For now i was using tool like TraceView to…

windows kernel-mode windows-driver windows-wpp

asked Jun 20 '23 at 14:26

TheKwiatek666

votes

1 answer

Break on syscalls only from target process in kernel windbg debugging

I'm debugging a user-mode process "myprocess.exe" which has a long running operations, constantly doing system calls to kernel mode, how can i break on syscalls, for example: i want to break and examine all ZwCreateEvent calls, that are called from…

debugging kernel windbg windows-kernel kernel-mode

asked Apr 24 '23 at 08:45

Mefdron

Prev 1 2 3

…

9 10 Next