Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is a Windows Kernel Driver?

Tags:

winapi

wdk

What is Windows Kernel Driver written with the WDK?

What is different from normal app or service?

like image 439
userbb Avatar asked May 15 '11 07:05

userbb

People also ask

What does a kernel driver do?

A kernel driver is a low-level implementation of an "application". Because it runs in the kernel context, it has the ability to access the kernel API and memory directly. For example, a kernel driver should be used to: Control access to files (password protection,hiding)

What happens if a kernel mode driver crashes?

A Kernel Mode Crash (KMC) is caused by a kernel error which halts the Operating System. When users experience a KMC, their machine abruptly crashes, and they are presented with a blue screen. This type of crash can cause an interruption in the user's workflow and lead to data loss.

What are Windows kernels?

Educative Answers Team. The Windows kernel is a key program that is crucial for Windows to function. The kernel is the first program to load after the bootloader. After loading, it controls and coordinates every other program and process.

Are kernel drivers safe?

Kernel driver code that is used for development, testing, or manufacturing might include dangerous capabilities that pose a security risk. This dangerous code should never be signed with a certificate that is trusted by Windows.

1 Answers

Kernel drivers are programs written against Windows NT's native API (rather than the Win32 Subsystem's API) and which execute in kernel mode on the underlying hardware. This means that a driver needs to be able to deal with switching virtual memory contexts between processes, and needs to be written to be incredibly stable -- because kernel drivers run in kernel mode, if one crashes, it brings down the entire system. Kernel drivers are unsuitable for anything but hardware devices because they require administrative access to install or start, and because they remove the security the kernel normally provides to programs that crash -- namely, that they crash themselves and not the entire system.

Long story short:

  • Drivers use the native API rather than the Win32 API
    • This means that drivers generally cannot display any UI.
  • Drivers need to manage memory and how memory is paged explicitly -- using things like paged pool and nonpaged pool.
  • Drivers need to deal with process context switching and not depend on which process happens to have the page table while they're running.
  • Drivers cannot be installed into the kernel by limited users.
  • Drivers run with privileged rights at the processor level.
  • A fault in a user-level program results in termination of that program's process. A fault in a driver brings down the system with a Blue Screen of Death.
  • Drivers need to deal with low level hardware bits like Interrupts and Interrupt Request Levels (IRQLs).
like image 171
Billy ONeal Avatar answered Sep 20 '22 16:09

Billy ONeal
Sign in to Comment

Related questions

Get user picture
How can I send keys to another application using delphi 7?
How to Get Submenu in MFC?
'GetConsoleWindow' was not declared in this scope?
Sending Two or more chars using SendInput
WinMain command line arguments
Where is the .emacs file in windows GNU emacs
How do you compare two HWND pointers?
What is the best way to implement a buffer for a text edit control?
can Dllmain use FreeLibrary?
Windows keyboardhook reporting everything twice
Read process memory of a process does not return everything
CRITICAL_SECTION and avoiding including windows.h?
What is the point of the ULARGE_INTEGER union?
Convert GUID structure to LPCSTR
How to find out if a exe file is a .Net exe or regular exe?
How to initialize LPWSTR from a const string?
How can I modify Windows NTFS permissions in Perl?
Lost Focus and GotFocus in c++
Why does GetWindowThreadProcessId return 0 when called from a service?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!