Stack Overflow
Stack Overflow

Questions tagged [windows-kernel]

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

This tag is for questions about the internals of the NT kernel and/or driver development specific to the Windows architecture.

284 questions
0
votes
1 answer

What is include header for htonl like functions in winsock kernel WSK?

I'm fairly experienced with WinSock however this is my first venture into Winsock Kernel. The conversion functions ntohl, htonl ntohs and htons are coming up undefined when I include only < wsk.h >. What #include should I be using for these…
JonN
  • 2,498
  • 5
  • 33
  • 49
0
votes
2 answers

How to retrieve CPU time of a thread inside kernel?

From my legacy driver, I'm calling PsCreateSystemThread API to create few threads. Since this call is happening from inside the kernel, these new created threads will run in the context of System process. My question is given the handle to these…
nikhil
  • 29
  • 5
0
votes
1 answer

Backtracing the usermode stack of a thread during a minifilter callback function

I'm trying to backtrace the usermode stack of a thread during a minifilter callback function. Assuming that I'm in the same context as the calling thread, getting the thread stack address from it's TEB/TIB and processing the addresses on that stack…
user3483098
  • 1
0
votes
2 answers

Feasibility check for Filesystem Minifilter deletion Driver

I am using the delete minifilter example from msdn as a base: http://code.msdn.microsoft.com/windowshardware/Delete-File-System-b904651d What I need to accomplish is: Getting a handle to a delete candidate in the DfPreCleanupCallback. In…
ollo
  • 926
  • 1
  • 14
  • 33
0
votes
3 answers

Concatenate large files using Win NT kernel API

I've been looking around for a way to concatenate large files (a few gigabytes) together without having to rewrite one of the files. I am sure the OS does this internally when manipulating the master file table. This is purely for an internal…
Raheel Khan
  • 14,205
  • 13
  • 80
  • 168
0
votes
1 answer

how to find the number of COM ports and their resources?

I am writing a serial driver for UART in windows just for learning purpose. More specifically in WDM. I will write both the bus driver and function driver. Currently i am writing the bus driver. So my question is from where i can come to know in my…
Amit Bhaira
  • 1,687
  • 6
  • 18
  • 31
0
votes
2 answers

Convert WCHAR * to UNICODE STRING

First try at windows driver development. How can I convert a WCHAR array (coming from user-space) to a UNICODE_STRING (in kernel mode) assuming that the WCHAR array is not null-terminated? Should I verify if it ends with null and if it doesn't…
user1782427
  • 770
  • 1
  • 8
  • 19
0
votes
1 answer

Need help in understanding nonarbitrary thread context?

I was reading a MSDN doc about driver synchronization and I come across a statement that goes like this a driver can wait if • The driver is executing in a nonarbitrary thread context. That is, you can identify the thread that will enter a wait…
Amit Bhaira
  • 1,687
  • 6
  • 18
  • 31
0
votes
2 answers

CreateThread vs PsCreateSystemThread - What is the difference?

I would like to ask what are the differences between PsCreateSystemThread and CreateThread. From MSDN description it seems to that PsCreateSystemThread is for Kernel Thread. CreateThread seem like a kernel thread but share the same virtual space…
user2306421
  • 83
  • 1
  • 2
  • 10
0
votes
1 answer

WDM: Given device FDO/PDO determine if it's USB Root Hub

USBPcap attaches as Upper Filter for all Root Hubs. It does so by adding UpperFilters entry for {36FC9E60-C465-11CF-8056-444553540000} class. Then in AddDevice function I retrieve the PDO and get list of hardware IDs. Then the list is checked for…
desowin
  • 168
  • 13
0
votes
1 answer

FltReadFile funcation for reading more than 1 kb file

I am using FltReadFile function from WDK for reading files. I am able to read only 1kb file. How to read file having more than 1kb?? THank you. offset.QuadPart = bytesRead = 0; status = FltReadFile( Instance, …
Rohit
  • 23
  • 2
  • 10
0
votes
1 answer

The need for setting up a stack in user mode?

I have been playing with assembly and OS development for a while (in both real and protected modes) and since I was working in kernel mode ("Ring 0" a.k.a "Full Privileges") I always had to worry about setting up a stack before using stack…
João Silva
  • 383
  • 1
  • 6
  • 16
0
votes
1 answer

Windows Kernel Debugging - get the address of thread's message queue?

I'd like to monitor the content of an application's main thread's message queue, but I have no idea how to get the address of it (WinDbg, kernel debugging). Would anyone have a hint for me? The thing is, when our main thread stays in…
Matchay
  • 3
  • 2
0
votes
1 answer

In Windows kernel syscall traces, what are these mystery addresses?

I am using Event Tracing for Windows (ETW) to do kernel tracing of syscalls in Windows Server 2008 R2. I am running: logman start "NT Kernel Logger" -p "Windows Kernel Trace" (process,thread,cswitch,syscall) -o events.etl -ets In the resulting…
canzar
  • 340
  • 4
  • 17
-1
votes
1 answer

RtlCaptureStackBackTrace is capturing no frame

I am using RtlCaptureStackBackTrace in my kernel mode driver and trying to get the call trace, but it is capturing zero frames. Code is : PVOID *stackTrace = NULL; PULONG traceHash = NULL; USHORT capturedFrames = 0; capturedFrames =…
abdullahtoqeer
  • 1
  • 4
1 2 3
18
19