Questions tagged [windows-kernel]

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

This tag is for questions about the internals of the NT kernel and/or driver development specific to the Windows architecture.

284 questions

-1

votes

1 answer

Injecting a DLL from LoadImageNotifyRoutine, hangs on ZwMapViewOfSection

So I'm making a crackme and one of the parts is to hook a certain function and wait for a certain combination a params to happen, then the challenge is done. For that, I'm creating a driver to inject a DLL into processes that have a specific DLL and…

asked Aug 25 '18 at 18:10

Denis Rozimovschii

-1

votes

1 answer

Why kernels make use of the high logical address

For 32bit OS. linux kernel occupies the high logical address 3~4GB (and 2~4GB for windows). I wonder why the designer choose the high address, instead of 0~1GB for linux, and because the kernel is actually in the phiscal low address, the choice of…

linux linux-kernel operating-system kernel windows-kernel

asked Jan 26 '18 at 23:20

Qiang

-1

votes

1 answer

User land access to Kernel land driver system notifications

I have recently came across a mechanism in Windows that allows drivers to respond to low memory conditions and wondered if it is possible for my application to respond to events similar to the Standard Event Objects as defined by (via some other…

c++ memory windows-kernel

asked Mar 15 '17 at 01:04

Laythe

-1

votes

1 answer

Calling NtQuerydirectoryFile from a Kernel Hook Crashes the Kernel

I'm using the latest version of EasyHook to hook some kernel functions. I did setup a debugging important successfully on a Windows 8.1 64-bit based virtual machine, and I tested hooking both of NtQuerydirectoryFile and NtQuerySystemInformation in…

c++ hook drivers windows-kernel easyhook

asked Feb 29 '16 at 03:59

FiFo

-1

votes

1 answer

RegistryCallback and RegCreateKeyEx

I want to monitor a windows machine. I created a windows service, and my idea is to be notified when a process tries to create a new registry key. I use RegistryCallback with the following signature NTSTATUS RegistryCallback( _In_ PVOID…

windows winapi registry driver windows-kernel

asked May 29 '13 at 17:47

Hen Amar

-2

votes

1 answer

Dependency Header file needs to be included in c , even with Forward declaration in main header file

I have a 3 header files, foo.h, bar.h & FooBar.h. And a C-source file named bar.c. in FooBar.h #pragma once #include "bar.h" in foo.h: #pragma once #include "FooBar.h" typedef struct _A { char a; }A; in bar.h #pragma once /* other…

c visual-c++ windows-kernel

asked Feb 15 '22 at 20:46

APK

-2

votes

1 answer

How to implement "inverse" ioctl so the driver notify the callback to the called user application?

In my case I am in a situation that I need the kernel driver to notify the user application about every process creation and termination (That I can archive through PsSetCreateProcessNotifyRoutine() but it only notifies to the driver alone) but,I…

windows winapi windows-kernel

asked Jan 22 '20 at 13:23

Vettri

-2

votes

2 answers

What is process control block's file format?

I read about this in one of my textbooks, where it is mentioned quite briefly, but didn't quite understand what it meant and how it is defined. What is process control block file format? Is it XML? And is it similar to manifest.xml files in ros…

linux-kernel operating-system windows-kernel

asked Nov 17 '18 at 13:17

jash101

-2

votes

1 answer

Will ntdll.Kernel32ThreadInitThunkFunction related issues

Kernel32ThreadInitThunkFunction this global variable is not imported inside ntdll but his value is kernel32.BaseThreadInitThunk function This is why? How do PE know that it needs to load kernel32.BaseThreadInitThunk when it loads ntdll?

c windows-kernel

asked Feb 28 '18 at 00:57

L.Hack

-2

votes

2 answers

How does windows terminate processes?

I am developing an application in windows which should run a code just before the process terminates. i am okay writing a kernel module to achieve this. but what are the functions that i should hook into ? To get the notification about the…

windows winapi process win32-process windows-kernel

asked Jun 18 '15 at 11:17

Eswar Yaganti

2,536
1
20
22

-2

votes

2 answers

Installation of Windows Kernel Mode driver requires network access?

I'm trying to get a certificate for myself, paying $200 to get it. Before I go buy it, does anybody know if installation of a kernel mode driver (that requires the code to be signed) has to have network access, how does it verify the authenticity?…

windows kernel windows-kernel

asked Jun 30 '12 at 04:56

halivingston

3,727
4
29
42

-3

votes

1 answer

How to prevent Windows kernel locking up when manually writing to page table entries (PTE)

I've read on this topic for many many hours and tried a plethora of different strategies but can't get this to work in a stable manner. I am operating in the Windows kernel. I have allocated user-space memory for a process for their use. This…

windows wdk windows-kernel page-tables

asked Jan 17 '21 at 08:27

nx bit

-3

votes

1 answer

GFlags Stop on hung GUI

Today I was wondering why the GFlags option Stop on hung GUI appears in the Kernel Flags tab of the GFlags user interface. Does the kernel have a GUI which could hang? So I tried to get some information from Microsoft, but MSDN just says: The Stop…

windbg windows-kernel gflags

asked May 20 '14 at 09:09

Thomas Weller

55,411
20
125
222

-4

votes

1 answer

Protection program for files and folders

The project is a security program that locks files and folders using Java I have two ideas: First: Hiding the file or folder in Windows Kernel level I cannot find a way to do this at this moment. How can I do this? Are there any helpful tips? …

java security zip hidden-files windows-kernel

asked Oct 31 '12 at 12:55

yaser haroun

Prev 1 2 3

…