Howto: Implementation of new system service calls (III)

Basic information about the implementation of new system service calls in the Windows Research Kernel can be found in the first and second part of this small series.

In this post, some minor aspects which were forgotten in the first articles are described:

Read more

KevUtilAddressToFileHeader

To resolve an arbitrary address to get the module (program or driver) this address belongs to, you could traverse the PsLoadedModuleList by hand. Or you use KevUtilAddressToFileHeader (defined in base/ntos/ke/kevutil.c).

Read more