Stack Overflow
Stack Overflow

Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions
0
votes
0 answers

How do you get the name of a service in kernel mode? (Windows)

I am hooking the SSDT of Windows 7 x64 (I already hooked it correctly and such - that's not the problem.) to bypass a certain Anti-Cheat for a game. The problem: Trying to get the exe name is of no use since it always outputs svchost.exe for Windows…
MeepDarknessMeep
  • 1
  • 1
0
votes
2 answers

Difference between User vs Kernel System call

A system call is how a program requests a service from an operating system's kernel. They can occur in user-mode and kernel-mode. What are differences? For example: Overhead System time
Leo
  • 10,407
  • 3
  • 45
  • 62
0
votes
1 answer

user mode and kernel mode provide protection from the user?

Personally I would presume that User Mode allows the restricted access so nothing could be changed that shouldn't be, hence the Kernel mode. Although presuming isn't good enough. Does anyone know why or how they provide protection from a user.
bananabreadbob
  • 369
  • 2
  • 10
  • 26
0
votes
2 answers

Sending value from kernel mode to user mode

I'm developing a kernel-mode driver for an Anti Virus program, but I've a problem in Drivers section I want to send a string value (For example "String") from Kernel-mode driver to user-mode application . can anyone help me to do this ?
Behrooz
  • 684
  • 1
  • 9
  • 19
0
votes
1 answer

Storing data in Kernel mode driver

I have an array in my kernel mode driver. Is it possible for the driver to save the array data and on load restore the same?
Aster Veigas
  • 866
  • 3
  • 13
  • 34
0
votes
1 answer

Is there an equivalent of RegQueryInfoKey for Windows Kernel Mode Drivers?

I am currently investigating writing a windows kernel-mode driver, and in terms of registry access, I found RtlQueryRegistryValues on MSDN. However, while RtlQueryRegistryValues is good for querying actual registry values, I was wondering if there's…
lancery
  • 658
  • 1
  • 6
  • 18
0
votes
2 answers

Kernel debugging in VS 2012

I have a Kernel mode filter driver project. Host: Win8 Pro x64 running VS2012, Target:Win8 Pro x64 VM on the same machine. I was able to provision the VM through VS 2012 over the network. I deployed the package project. When I try to deploy and…
Aster Veigas
  • 866
  • 3
  • 13
  • 34
0
votes
1 answer

How to write a kernel space function that invoked by a user space function?

I want to write a kernel space function that invoked by a user space function in Linux, like below: // kernel space function. void hello_kernel() { printk(KERN_INFO "Hello kernel space."); printk(KERN_INFO "I can do any thing!"); } // user…
Amir Saniyan
  • 13,014
  • 20
  • 92
  • 137
0
votes
1 answer

Implement RSA_public_decrypt, or encryption verification, kernel mode

I want to check whether a string is encrypted by RSA algorithm or not. This encryption checker must implemented in Kernel mode and worse than that it has to write in Win XP. I investigate OpenSSL and especially its RSA_public_decrypt but this…
Karimai
  • 373
  • 3
  • 14
0
votes
1 answer

UNICODE_STRING to std String Conversion

I am using pFileObject->FileName to get the name of file opened in a kernel mode filter driver.This file name returned by this is in the form of UNICODE_STRING. I want to convert it into std String. What is the method ??? Please do provide example…
Muhammad Irfan
  • 735
  • 1
  • 11
  • 17
0
votes
1 answer

pcapnet and packet redirection

is it possible to mirror (not redirect/forward) packets on one ethernet interface to another? The host machine will process the packets anyway, and since winpcap won't interpose as a filter, we wont be able to drop packets, I know. But I was…
Jimson James
  • 2,937
  • 6
  • 43
  • 78
0
votes
2 answers

What technology/API/technique to use for network monitoring?

Okay so, i am building a utility to monitor filesystem, registry and network activity (process wise; only activity by selected processes). I have accomplished the filesystem and registry activity part by developing a minifilter driver. However, i am…
user1831704
  • 245
  • 1
  • 10
0
votes
1 answer

Why does the kernel mode given problems to STL?

Microsoft's STL in his lecture briefly hinted that STL has problems interacting in the kernel mode. Can somebody please explain what he meant by that?
unj2
  • 52,135
  • 87
  • 247
  • 375
0
votes
1 answer

how to : do 2 way communication between user mode and kernel mode

I have written a driver, that extracts a value from IRP buffer. Now based on this keyword I have to pass or discard the IRP. So I need to communicate with the database which is not easy from kernel mode driver. So I am using an application or exe…
harshit
  • 183
  • 2
  • 16
0
votes
1 answer

SDT Kernel mode hooking

I am doing an experiment to successfully hook an API call globally, and I read somewhere about the SDT (Service Descriptor Table) and kernel mode drivers. Does this sort of hook work for calls that reside within user32.dll and the like?
Qix - MONICA WAS MISTREATED
  • 14,451
  • 16
  • 82
  • 145
1 2 3
9
10