Stack Overflow
Stack Overflow

Questions tagged [kernel-mode]

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

Kernel mode, also referred to as system mode, is one of the two distinct modes of operation of the CPU, in which core operating system components, including device drivers, execute.

All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx
http://www.linfo.org/kernel_mode.html

144 questions
20
votes
4 answers

Function caller in linux kernel

Is there a way to get function caller in linux kernel? I know __func__ returns the function name which is executing. I am looking for the function which called "__func__"
BHS
  • 991
  • 3
  • 12
  • 26
16
votes
5 answers

WinDbg loses connection debugging over network, and target machine freeze

I'm trying to get WinDbg debugging over the network to work, but it always loses connections after I break into the debugger (Debug->Break), and then try to start it again (Debug->Go). However, if I never break into the debugger, it looks like the…
tchau.dev
  • 903
  • 1
  • 11
  • 30
14
votes
3 answers

Is there any small kernel good enough for learning osdev?

I would like to learn more about osdev. So I thought about learning from other small kernels to get better at osdev. Is there any good kernel for learning osdev? Of course it needs to be GPL so I can have access to source code and have the freedom…
Victor
  • 1,655
  • 9
  • 26
  • 38
10
votes
1 answer

WinDbg and Virtualbox and machine snapshot - force kernel debug reconnect

So one of the nice features of virtualbox is to have snapshots that you can restore later on. However, when doing kernel debugging with virtualbox and windbg, a debugging session is not restored upon restoring the snapshot. Is there any way to force…
Qix - MONICA WAS MISTREATED
  • 14,451
  • 16
  • 82
  • 145
9
votes
2 answers

What is the difference between NtCreateProcess and ZwCreateProcess?

What is the difference between NtCreateProcess and ZwCreateProcess? In ntdll.dll, both NtCreateProcess and ZwCreateProcess point to exactly the same address
小太郎
  • 5,510
  • 6
  • 37
  • 48
8
votes
2 answers

Executing a user-mode executable from kernel-mode

I'm building a HW-simulator for our driver team. Now, the simulator is devided in to 2 modules: First module runs inside the driver, in kernel mode and that's where the main interface between the driver and the HW-Simulator. Second module is an…
eladidan
  • 2,634
  • 2
  • 26
  • 39
8
votes
4 answers

Hook ZwTerminateProcess in x64 Driver (Without SSDT)

I found and read this question but I didn't found my answer SSDT hooking alternative in x64 systems I want to protect my application against termination by other programs. In the 32Bit version of windows I used the SSDT hooking for hooking…
Behrooz
  • 684
  • 1
  • 9
  • 19
7
votes
3 answers

Getting kernel version from linux kernel module at runtime

how can I obtain runtime information about which version of kernel is running from inside linux kernel module code (kernel mode)?
Bogi
  • 2,274
  • 5
  • 26
  • 34
6
votes
2 answers

How to display a pop-up message box from a driver (kernel mode)?

I'm writing a driver which needs to immediately pop up a dialog to notify the user of an event. (Kind of similar to NTFS's "Corrupt file" notification, except that this is not a filesystem-related driver.) I know ExRaiseHardError and…
user541686
  • 205,094
  • 128
  • 528
  • 886
4
votes
1 answer

Difference between Sensitive Instructions and Privileged Instructions

I've been searching for a clear difference b/w a Sensitive and Privileged instruction but its all blurry right now. As far as i know: A sensitive instruction NEEDS TO trap to kernel mode if executed in User space else it gets ignored while a…
Aimal Khan
  • 1,009
  • 1
  • 12
  • 25
4
votes
2 answers

How do i properly implement threads in Windows Kernel Driver?

I am trying to learn how to code windows kernel drivers. In my driver i have 2 threads which are created at some point with PsCreateSystemThread I have a global variable called Kill which signals the threads to terminate like this. VOID AThread(IN…
Michael Strobel
  • 367
  • 5
  • 16
4
votes
2 answers

Can kernel module take initiative to send message to user space with netlink?

I am trying to run following code, which was copied from here. I have made few changes to run it with older kernel versions. When I insert kernel module, nlmsg_multicast() fails and logs as nlmsg_multicast() error: -3 in /var/log/messages. While…
Nitinkumar Ambekar
  • 969
  • 20
  • 39
4
votes
4 answers

C and resource protection in memory

When we compile a C program, it just generates some machine-understandable code. This code can directly run on the hardware, telling from this question. So my questions are: If a C program can directly run on the hardware, how can the kernel handle…
shiv garg
  • 761
  • 1
  • 8
  • 26
3
votes
1 answer

Returning from kernel mode to user mode

I'm a bit confused about the understanding of a mode switch in Unix kernel. I give my understanding here and open it for discussion/correction. While transitioning from user mode to kernel mode, the processor makes a switch between the…
Sharat Chandra
  • 4,434
  • 7
  • 49
  • 66
3
votes
0 answers

How to modify ACL of an object from kernel mode in Windows OS?

Is there a way to add an ACE to the DACL of a file/directory from kernel mode in windows? I'm found a reference about ZwQuerySecurityObject/ZwSetSecurityObject routines, but it is not defined in WINDDK headers. I would appreciate any information of…
Feo
  • 161
  • 6
1
2 3
9 10