Stack Overflow
Stack Overflow

Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions
0
votes
0 answers

How to get the process flags in a kernel-mode driver for Windows?

I'm new to driver development and have been struggling with Microsoft's documentation for a while now. I've been trying to develop a driver that detects the possibility of Process Hollowing by first detecting if a process is suspended or not, and…
Antonio Jesús Cano Andreu
  • 1
0
votes
0 answers

How to add a new device with the fakemodem.sys in the main()?

I try to create a software virtual COM-port without the com0com or other apps. I try to use a fakemodem example. The DriverEntry function is: NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING…
Arseniy
  • 266
  • 2
  • 14
0
votes
0 answers

Access a character device from kernel space

I've edited this question to generalize it a big deal. Questions about opening/interacting with a file from kernel space have been asked a number of times already, e.g. here or here. Especially this one had a very useful answer to me, with pointers…
Simon
  • 31
  • 1
  • 4
0
votes
1 answer

Does loadable kernel module(LVM) also need device tree?

Recently, I beginning research how to write SPI ADC driver(ADS7950) on the raspberry pi 4 with Linux. I read this book which tell me I can get good flexibility with LKM driver. I know every device should be initialized with device tree when Linux…
curlywei
  • 682
  • 10
  • 18
0
votes
0 answers

Linux Kernel Module : Invalid output in the file for kernel_write function

I'm printing a sample string using kernel_write function and getting the output but I'm not sure about the format that it's printing in the file Here is my code: char* res = "xyz"; char* buffer = kmalloc(PAGE_SIZE, GFP_KERNEL); …
Vikas Mishra
  • 3
  • 3
0
votes
1 answer

Kernel-mode only operating system

A common x86 CPU has two different modes (here can we subdivide again into protection rings). One is the user mode and the other is the kernel mode. The kernel mode has full access to the hardware. Basically you should be careful to execute…
Robin Lindner
  • 515
  • 6
  • 13
0
votes
0 answers

When do context switches occur in boost.asio?

I have understood that one major advantage of asynchronous functions is that fewer threads reduces context switches. However, when I compare context switches between synchronous and asynchronous programming, I find that fewer threads only eliminates…
mbang
  • 855
  • 2
  • 9
0
votes
1 answer

Does Instruction Decoder check a mode bit and makes a interrupt?

I learned that a Privileged Instruction is only executed when current privileged level(CPL) is kernel mode and if not a interrupt is occurred. And the way to check the current CPL is looking up some mode bit in registers. I think there should be…
Mona04_
  • 56
  • 5
0
votes
1 answer

Why can a kernel mode driver not allocate and use memory without causing potential instability?

I'm learning about writing kernel-mode code. I keep seeing this notion of system stability being fragile in this mode of operation. I'm looking for a low level explanation of why that is. I understand some ways code running in kernel mode code could…
J.Todd
  • 707
  • 1
  • 12
  • 34
0
votes
1 answer

Why my cpu seems to lose the ability to decode

I meet this problem when finishing the lab of my OS course. We are trying to implement a kernel with the function of system call (platform: QEMU/i386). When testing the kernel, problem occurred that after kernel load user program to memory and…
StupidPanther
  • 3
  • 1
0
votes
0 answers

How to detect which codes of c++ cause mode switch

I'm trying to figure out which codes of c++ can cause the mode switch (user mode to kernel mode) on Linux. And I've known two things: A system call cause the mode switch: Is mode switch occur switching from user thread to kernel thread? The command…
Yves
  • 11,597
  • 17
  • 83
  • 180
0
votes
1 answer

Does CPU always execute instructions in kernel mode?

This is perhaps a very silly question, but it's been bugging me for a while. My doubt is that since the only threads that are scheduled onto the CPU are kernel threads(typically) and since every user thread is mapped to a kernel thread, does that…
Jamāl
  • 121
  • 1
  • 6
0
votes
1 answer

IrpDeleteFileForce to symbolic link file

Based in this reference, i'm testing IrpDeleteFileForce() with symbolic link files but status is always 0xC000000D (STATUS_INVALID_PARAMETER) to pFileObject. I only added FILE_OPEN_REPARSE_POINT to CreateOptions parameter (of IoCreateFile()…
user13342579
0
votes
1 answer

How recognize Symbolic link files?

I always used this solution to enumerate files and folders recursively. The code works very fine showing correct file/folder names to all found. But exists a trouble related to recognition of symbolic link files, making the linked solution fail, for…
user13342579
0
votes
2 answers

Emacs WinDbg kernel mode

I'm using WinDbg for kernel mode debugging and I'd like to use the emacs interface to WinDbg. See http://www.emacswiki.org/emacs/download/cdb-gud.el. But cdb-gud.el only shows how to use Emacs with WinDbg for debugging user programs. Does anybody…
bjwbell
  • 553
  • 1
  • 6
  • 18
1 2 3
9 10