How to Export Kernel Symbols

The major advantage of the Windows Research Kernel (WRK) is that it allows modified builts satisfying particular needs of the research community. I was confronted with such a need in a recent project: Using kernel functions in a driver that are normally not exported by the kernel. As we have the WRK sources available, it should be no problem to define the export of my desired functions. But how to do that?

Read more

Howto: Implementation of new system service calls (I)

The kernel interface to user mode applications can be described by the set of system service calls. Implementing a new service call is the easiest way to expose new kernel functions to user mode programs.

This post describes the necessary steps to implement a new system service call in the WRK.

First, some background information about system service calls and system service dispatching in Windows is given. Afterwards, the user mode side of directly calling system services is described. Finally, the kernel mode side is examined and a detailed description of how new service calls can be implemented is given.

Read more

Using the ‘patch’ and ‘diff’ utilities

In some upcoming postings, we will describe simple demo modifications of the Windows Research Kernel. The examples will be downloadable from this site as kernel patches and small demo applications.

The required tools can be downloaded from the Win32 GNU tools sourceforge page. You need the DiffUtils and the Patch tool. Download and install the tools on your workstation.

The diff tool can be used to write the differences between two source trees (normally a modified and an unmodified version) into a single (text) file. With patch a created patch file can be applied to an unmodified source tree. In this way, kernel modifications can be distributed without having to provide the whole source code and without a common repository.

Read more

← Previous Page