Stack Overflow
Stack Overflow

Questions tagged [windows-kernel]

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

This tag is for questions about the internals of the NT kernel and/or driver development specific to the Windows architecture.

284 questions
3
votes
0 answers

KeAcquireSpinLock long execution time

I am currently developing a Windows Kernel Driver that implements its own networking stack. While testing some base functionality of the implemented stack, I noticed that replies to pings would sometimes take noticeably longer than usual.…
ApiTiger
  • 31
  • 2
3
votes
1 answer

How can I send arbitrary packets with a NDIS filter driver?

I am currently trying to send my own packets with a NDIS filter driver from the windows driver samples. I think that I have to send the packets with the function FilterSendNetBufferLists. But I don't know how to create those packets and whether I…
Gigliotti
  • 73
  • 6
3
votes
1 answer

x86_64 Assembly: effects of the interrupt flag and TPR register

I've been familiar with both the task priority register cr8 (IRQL on Windows), and of course I know how we can enable and disable interrupts using cli and sti. However, I have a few questions regarding the two. First, does clearing the interrupt…
Arush Agarampur
  • 1,340
  • 7
  • 20
3
votes
0 answers

How to get details of PCI device enumeration when Windows starts up

We made a motherboard. A PCIe switch (1 upstream port, 4 downstream ports) is used. Each downstream port directly leads to a PCIe slot. There is a problem that has been plagued for a long time. The No. 2 slot does not recognize the device and has…
lizzoe
  • 51
  • 3
3
votes
3 answers

Unable to build WDK 10 samples with VC2015 without modifying Windows headers

I am running a fresh installation of Windows. No other programs installed except VC and SDK's Include…
I .
  • 113
  • 1
  • 9
3
votes
2 answers

Trying to understand process privilege attributes

I'm writing a logging service that may collect privileges of a process and I'm trying to understand attributes for each process privilege. Let me explain with this code: HANDLE hToken; if(OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY,…
c00000fd
  • 20,994
  • 29
  • 177
  • 400
3
votes
1 answer

The Windows desktop becomes paralysed during heavy network I/O / Windows kernel allocates only 1 out of many CPUs?

Problem: We implement a video recording system on a Windows Server 2012 system. In spite of low CPU and memory consumption, we face serious performance problems. Short program description: the application (VS2005/C++) creates many network sockets,…
user4354968
  • 31
  • 2
3
votes
1 answer

Is there a socket wrapper around winsock kernel (WSK, not winsock2)?

I need to upgrade a Windows Kernel Mode Driver from IPV4 to IPV4/IPV6 but the existing kernel mode socket library which uses TDI does not support IPV6. So I would like to change the socket library to "Winsock Kernel"…
Okkenator
  • 1,654
  • 1
  • 15
  • 27
3
votes
2 answers

What is the replacement for undocumeneted Windows Kernel API - KeSetAffinityThread() in Windows 7 and later OS

void KeSetAffinityThread(PKTHREAD pKThread, KAFFINITY cpuAffinityMask) routine is available in Windows Kernel and its documentation can be found in OS/2 Kernel docs. And Windows still retains this API in its kernel. This API can be used to set…
shyam2347
  • 63
  • 5
3
votes
2 answers

What is the best way of detecting process crash using C++

Is there any way to detect process crash in windows 7 ? Just to clarify, upon every process crash windows creates the WERfault.exe ( windows error reporting) . I have driver which monitors the system by using the existing kernel callback mechanism…
Hen Amar
  • 53
  • 1
  • 7
3
votes
1 answer

What does a Windows kernel object name starting with \??\ mean?

I am maintaining a legacy Windows application with both a user-space and kernel component. The user space passes some file paths to the device driver via registry keys. Currently, the code finds the full path to the file, then prepends \??\ to it…
Frank Szczerba
  • 5,000
  • 3
  • 31
  • 31
3
votes
2 answers

How to query file size when APCs are disabled?

During my minifilter's PostCreate, I must use a global push lock to synchronize threads by design, and I must call FltQueryInformationFile to query file size. However, 1, After I called FltAcquirePushLockExclusive, the APC delivery is disabled; 2,…
xmllmx
  • 39,765
  • 26
  • 162
  • 323
2
votes
1 answer

How can I start making kernel Windows drivers?

I am trying to figure out how to make drivers for windows 10 in C. But now I have redownloaded everything 10+ times with out any luck. I first visited this site and downloaded visual studio 2022 (…
IDontWantToMakeAnotherAccount
  • 91
  • 1
  • 6
2
votes
1 answer

How to allocate heap in kernel space for an array of fix-sized arrays of characters?

I know that in kernel space one usually uses ExAllocatePoolWithTag function, but I don't know how to allocate memory for a dynamically-sized array of fixed-sized arrays of chars (kind of 2x2 matrix of which the number of lines could dynamically…
linuspauling
  • 31
  • 7
2
votes
2 answers

windbg kernel debugging - How to get the physical address

I have a module loaded at fffff801`16e00000 and want to get its physical address via !pte but windbg is saying "Levels not implemented for this platform", what gives? I know how to do i manually by walknig the PML4, PDPT, PD and PT but why isn't…
user16469617
1 2
3
18 19