kernel-mode | 易学教程

UNICODE_STRING to std String Conversion

阅读更多关于 UNICODE_STRING to std String Conversion

问题 I am using pFileObject->FileName to get the name of file opened in a kernel mode filter driver.This file name returned by this is in the form of UNICODE_STRING . I want to convert it into std String . What is the method ??? Please do provide example if possible... Below is the code NTSTATUS FsFilterDispatchCreate( __in PDEVICE_OBJECT DeviceObject, __in PIRP Irp ) { PFILE_OBJECT pFileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject; DbgPrint("%wZ\n", &pFileObject->FileName); return

Kernel mode code signing

阅读更多关于 Kernel mode code signing

问题 I made a driver, and now I need to sign it. It runs in kernel mode. From what I've read in Microsoft's Kernel Mode Code Signing Walkthrough, I have to buy a software publisher certificate from a commercial CA. In that document, they say to look at the end, and follow this link for a list of CAs from which I can buy that certificate. I find the link very confusing somehow because I can't figure out exactly what certificate I need to buy. I need to sign the driver so that it will install on 64

Is an x86 CPU in kernel mode when the CPL value of the CS register is equal to 0?

阅读更多关于 Is an x86 CPU in kernel mode when the CPL value of the CS register is equal to 0?

问题 The last two bits of the CS register contain the Current Privilege Level (CPL), which can contain either the value 0 or 1 or 2 or 3 . If the value of CPL is 0 , does that mean the CPU is in kernel mode (and hence can do everything)? or are there other things that must apply in order for the CPU to be in kernel mode? 回答1: Yes, CPL=0 means kernel/supervisor mode. However, in real mode CPL is also 0 but not reflected in CS. Likewise, in virtual 8086 mode, CPL is 3 and not reflected in CS.

C and resource protection in memory

阅读更多关于 C and resource protection in memory

When we compile a C program, it just generates some machine-understandable code. This code can directly run on the hardware, telling from this question . So my questions are: If a C program can directly run on the hardware, how can the kernel handle the resource allocation for this program? If the executable generated from the compiler is in pure machine-understandable form, then how do the privileged and non-privileged modes work? How does the kernel manage the permission of hardware resources if a program can directly run on the hardware not through the kernel? If a C program can directly

How to display a pop-up message box from a driver (kernel mode)?

阅读更多关于 How to display a pop-up message box from a driver (kernel mode)?

问题 I'm writing a driver which needs to immediately pop up a dialog to notify the user of an event. (Kind of similar to NTFS's "Corrupt file" notification, except that this is not a filesystem-related driver.) I know ExRaiseHardError and IoRaiseInformationalHardError should be able to do the trick, but they don't seem to work -- they return "successfully" without actually doing anything. How do I go about doing this ( without creating a user-mode program)? A user-mode version of the code (which

Can kernel module take initiative to send message to user space with netlink?

阅读更多关于 Can kernel module take initiative to send message to user space with netlink?

问题 I am trying to run following code, which was copied from here. I have made few changes to run it with older kernel versions. When I insert kernel module, nlmsg_multicast() fails and logs as nlmsg_multicast() error: -3 in /var/log/messages . While running user space program, socket() fails. What exactly I want to do is, kernel module creates a socket, regardless of any process in user space kernel module send some events to user space If any process in user space reply to an event, kernel

Can kernel module take initiative to send message to user space with netlink?

阅读更多关于 Can kernel module take initiative to send message to user space with netlink?

I am trying to run following code, which was copied from here . I have made few changes to run it with older kernel versions. When I insert kernel module, nlmsg_multicast() fails and logs as nlmsg_multicast() error: -3 in /var/log/messages . While running user space program, socket() fails. What exactly I want to do is, kernel module creates a socket, regardless of any process in user space kernel module send some events to user space If any process in user space reply to an event, kernel module process on that reply Since, It may happen that no process in user space available to reply on

Why does call_usermodehelper fail most of the times?

阅读更多关于 Why does call_usermodehelper fail most of the times?

问题 From a kernel module, I am trying to use call_usermodehelper function to execute an executable sha1 which takes a file as argument and writes the SHA1 hash sum of the file to another file (named output). The executable works perfectly. int result=-1; name = "/home/file" char *hargv[] = {"/home/sha1", name,NULL }; char *henvp[] = {"HOME=/", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL }; result = call_usermodehelper("/home/sha1", hargv, henvp, 1); But most of the times call_usermodehelper

Getting kernel version from linux kernel module at runtime

阅读更多关于 Getting kernel version from linux kernel module at runtime

how can I obtain runtime information about which version of kernel is running from inside linux kernel module code (kernel mode)? By convention, Linux kernel module loading mechanism doesn't allow loading modules that were not compiled against the running kernel, so the "running kernel" you are referring to is most likely is already known at kernel module compilation time. For retrieving the version string constant, older versions require you to include <linux/version.h> , others <linux/utsrelease.h> , and newer ones <generated/utsrelease.h> . If you really want to get more information at run