Advanced Kernel Mode Programming: APCs In Kernel Mode
Author | : Apriorit Inc. |
Publisher | : Apriorit Inc. |
Total Pages | : 50 |
Release | : |
ISBN-10 | : |
ISBN-13 | : |
Rating | : 4/5 ( Downloads) |
Download or read book Advanced Kernel Mode Programming: APCs In Kernel Mode written by Apriorit Inc. and published by Apriorit Inc.. This book was released on with total page 50 pages. Available in PDF, EPUB and Kindle. Book excerpt: This e-book was written for developers by Apriorit experts who share their experience working with Asynchronous Procedure Calls (APCs) in kernel mode on Windows and describe what pitfalls to expect. It goes in-depth on how to implement an APC in the Windows 10 kernel, explains the APC delivery scheme, and shows several undocumented ways of working with APCs from kernel mode. An Asynchronous Procedure Call provides a way to execute code within the context of a specific thread. How to use APCs in user mode is well documented, but how to use APCs from kernel mode isn’t. However, that doesn’t mean it’s impossible. Applying undocumented approaches for working with an APC from a kernel mode driver may lead to unexpected consequences. Therefore, we’ve come up with several methods and used our knowledge and experience to try them all ourselves in order to save your time and efforts. In this e-book, you’ll find: 1. A concise answer to what an APC is and how APCs can be used in Windows systems. 2. Approaches and disadvantages of working with an APC from a kernel mode driver. 3. A safe APC implementation based on reference counting of the kernel object. 4. Examples of using an APC in the Windows kernel. This guide contains detailed descriptions of major approaches to working with an APC from a kernel mode driver, including using only alertable threads, forcing APC delivery, using an unloadable driver, and counting object driver references. It also explores the mechanism of assembler stub implementation for x86 and x64. This e-book will be useful for anyone interested in alternative ways of working with APCs and anyone who wants to learn how to use APCs in the Windows kernel mode. Table of contents: What is an Asynchronous Procedure Call? Using an APC in kernel mode Alertable and non-alertable threads - Using only alertable threads - Forcing APC delivery - Using the unexportable KeRemoveQueueApc function - Using an unloadable driver - Using object driver reference counting -- Assembler stub implementation for x86 -- Assembler stub implementation for x64 Examples of using an APC in the Windows kernel References