Stack Overflow
Stack Overflow

Questions tagged [windows-kernel]

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

The Windows kernel (also called NT kernel) provides services for user-mode applications and has a modular architecture that allows loading kerner drivers (either real hardware device drivers or virtual drivers).

This tag is for questions about the internals of the NT kernel and/or driver development specific to the Windows architecture.

284 questions
47
votes
0 answers

how exactly does http.sys work

I'm trying to get a deeper understanding of how IIS works. http.sys i understand is one its major components. However, i have been having trouble finding easily digestible information about it. I couldn't get a good mental model going until i heard…
comenica
  • 505
  • 1
  • 4
  • 6
21
votes
2 answers

How to begin with Windows Kernel Programming?

I am an application developer mostly work in C#. I have some knowledge of C/C++. I am very much fascinated and interested in windows Kernel Development. I Sketched out a layout to learn this. 1. Understand Windows internals(By books) 2. Try Simple…
Srikanth P Vasist
  • 1,327
  • 2
  • 14
  • 26
17
votes
4 answers

Debugging Windows Kernel from Linux

I used to debug the Windows Kernel using VirtualKD, WinDBG and a single Virtual Machine. Recently I got a Linux machine, and now I wonder- What's the easiest way to debug the Windows Kernel when your host is unable to run VirtualKD/WinDBG*? I assume…
Joker Thief
  • 443
  • 2
  • 4
  • 10
14
votes
1 answer

Why does windows handle scrollbars in kernel?

The new 1-bit exploit of "all" windows versions uses a bug in the kernel code that handles scrollbars. That got me thinking. Why does windows handle scrollbars in kernel, rather than user mode? Historical reasons? Does any other OS do this?
Filip Haglund
  • 13,919
  • 13
  • 64
  • 113
10
votes
2 answers

Trouble passing a C# string from userland to kernelmode C and using it to find specific LDR_DATA_TABLE_ENTRY

I am having difficulty comparing a string passed from usermode type LPWSTR to a LDR table entry type UNICODE_STRING Kernel C: struct { int pid; int user_pid; int size; int protection_mode; int allocation_type; void* address; …
Ben
  • 749
  • 1
  • 7
  • 18
9
votes
2 answers

Achieving realtime 1 millisecond accurate events without suffering from thread scheduling

Problem I am creating a Windows 7 based C# WPF application using .Net 4.5, and one its major features is to call certain functions that interface with custom hardware with a set of user defined cycle times. For example the user might choose two…
Ahmed Agamy
  • 101
  • 1
  • 4
9
votes
1 answer

Call Win32/NT-Native API from Windows Subsystem for Linux processes?

How can I call Windows API functions from a Linux binary inside Windows Subsystem for Linux (WSL)? I am pretty sure there is no documented way to do so, but nevertheless it might be interesting to try. I am interested in calling Win32 functions, or…
jdm
  • 9,470
  • 12
  • 58
  • 110
9
votes
3 answers

Windbg and Symbol Files

I have a problem with symbol files. I experimented with the symbol file path and set the path as follows: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;C:\Users\myuser\Desktop\driver2\objchk_win7_x86\i386 But afterwards I changed it to…
eleanor
  • 1,514
  • 3
  • 19
  • 40
8
votes
3 answers

How to tell which process set the high timer resolution in Windows

My system is suffering from a high timer resolution (NtQueryTimerResolution returns 0.5ms). Maximum timer interval: 15.600 ms Minimum timer interval: 0.500 ms Current timer interval: 0.500 ms Some process must be calling NtSetTimerResolution with a…
rustyx
  • 80,671
  • 25
  • 200
  • 267
8
votes
1 answer

How do I get the address to kernel modules nt and win32k?

I need to know the base addresses where nt and win32k are loaded. I can find out this information by booting the system with kernel debugging enabled, start a kernel debug session, and run the command lm to get a list of the loaded modules. What…
canzar
  • 340
  • 4
  • 17
7
votes
1 answer

Discovering footprints of loaded and unloaded kernel mode drivers

Background: There are vulnerable kernel mode drivers for Windows systems, which can be loaded into the system for various purposes. Loaded kernel mode drivers leave traces in the system. Anti-cheat software for video games, for example, look for…
Joe Toe
  • 63
  • 8
7
votes
1 answer

How can I check if TCP port is available from TDI filter driver?

My TDI filter driver is intercepting IRP_MJ_CREATE requests, and assigning the source port of each opened TCP/UDP connection according to my needs. The driver is internally maintaining a table with the connections (including socket open/close and…
user3428991
  • 71
  • 4
6
votes
0 answers

CreateFile fails unless I disable/enable my device

Updated (at bottom) I have a UMDF video driver based upon the IddCx sample. I have a command-line test (running 'As Administrator') that calls CreateFile on a video adapter device instance to get a handle to it for IOCTL purposes. The test fails on…
Scott Smith
  • 3,900
  • 2
  • 31
  • 63
6
votes
2 answers

How to set memory region's protection in kernel mode under Windows 7

Essentially I am looking for a function that could do for kernel mode what VirtualProtect does for user mode. I am allocating memory using a logic exemplified by the following simplified code. PMDL mdl = MmAllocatePagesForMdl ( …
Roland Pihlakas
  • 4,246
  • 2
  • 43
  • 64
6
votes
1 answer

Windows CPU Scheduler - very high kernel time

We are trying to understand how Windows CPU Scheduler works in order to optimize our applications to achieve maximum possible infrastructure/real work ratio. There's some things in xperf that we don't understand and would like to ask the community…
Igor Malin
  • 652
  • 2
  • 8
  • 26
1
2 3
18 19