Introduction to Windows kernel (wrk)
Introduction
WrkMicrosoft was open to education and academia in 2006.WindowsSome source code of the kernel,
Wrk (Windows research kernel)That isWindowsResearch kernel,
InWrkNot onlyWindowsSome code of the kernel module, which also provides compilation tools,
Through this compilation tool, you canWrkCompile toEXEFile,
That is, the kernel executable module, and then you can use thisEXEFile to replace the kernel of the operating system,
In this way, the kernel loaded by the operating system at the next boot will be the one you compiledEXE.
Tool Software
Intel x86 CPU;
VMware 6.5;
Windows Server 2003 SP1 (used to test wrk compilation results );
Windows 7 (used to compile wrk );
Wrk 1.2;
Overview wrk
First, find the currentWindowsKernel module files in the operating system,
The so-called kernel module file can be viewedWindowsKernel,
It consists of the execution body and microkernel. The file name isNtoskrnl.exe, That is, a binary module,
The file is located:C: \ windows \ system32;
And ourWrkThe compiled result is also a kernel module File,
That is to say, this should be the result of our compilation.Ntoskrnl.exe,
Of course, the compiled names can be different,
The default compilation result isWrkx86.exe (the default compilation result name in x86 environment),
The following describes the directory structure in wrk:
First, let's look at the ws03sp1hals directory:
Ws03sp1halsMeaningWindows Server 2003 SP1 Hals,
That is, inWindows Server 2003 SP1UnderHal (Hardware Abstraction Layer).
InWindowsIn the operating system,HalIt is actually an independentDLL (here you can simply regard Hal as a DLL)
,
PassHalHardware differences can be isolated, that is, the upper-layer modules do not need to consider the differences between the lower-layer real hardware,
Because the upper-layer module cannot directly access the hardwareHalTo access the hardware,
Therefore, for hardware differencesHalIt can be solved without the upper-layer module,
The advantage of doing so is that our upper-layer modules are the same, that is, we do not need to change the hardware when the hardware is changed,
You only need to provideHalThat is, we can run our upper-layer modules on different hardware.
Because of ourPCThe hardware on is inconsistent, so there must be multipleHal.
For example, myPCThe processor isIntelAnd yourPC
The processor isAMD,
My processor is single-core, and your processor is quad-core,
This will cause hardware inconsistency. To solve this inconsistency,
WindowsMultiple packages will be packed during packaging.HalFor exampleHal
For single-core, oneHalFor multi-core,
WindowsDuring installation, your processor is automatically identifiedAMDOr
IntelIs it a multi-core or single-core processor,
ThenWindowsThen an appropriateHalInstall
HalChange the nameHal. dll,
InWs03sp1halsDirectory, that isHal,
For example, myPCThe processor isIntel x86Dual-core processors,
InstallWindowsWill automatically select the appropriateHalFor example
Halmps. dllAsHal,
Then installWindowsInHalCopy to myC
After the disk is in the specified directory,
Just put thisHalmps. dllRenamedHal. dll (renamed for unification),
In this way, we can seeC: \ windows \ system32 \ Hal. dll.
Let's look at the public directory:
The directory contains some header files, that is. HFiles, and these files are shared and used by all components, that is, public files,
IncludingDDK, internalAnd so on.InternalIt is used internally, that is, the header file that the kernel itself needs to use.
Let's take a look at the tools directory:
As mentioned above,WrkNot only does it contain information aboutWindowsSome source code of the kernel,
It also includes tools used to compile this part of the source code.ToolsDirectory.
Compile thisWrkThis is used in source code.ToolsThe tool in the directory.
Finally, let's look at the base Directory, where
The ntos directory under the base directory is the main directory of the Windows kernel module:
The following describes the meanings of the files in these directories one by one:
Build |
WrkOnly part of the source code is disclosed, and those that are not disclosed exist in this directory in the form of binary target code. |
Cache |
Source files implemented by the cache manager. |
Config |
Source file of the Registry implementation. |
Dbgk |
The source file of the kernel mode part of the debug subsystem. |
Ex |
The source file that executes the layer function (Kernel Heap, synchronization, timer, and so on. |
Fsrtl |
The source file of the file system Runtime Library. |
Fstub |
File System Boot interface. |
Io |
I/OManager, excluding the plug-and-play manager and Power Manager. |
Ke |
(Micro) kernel, including thread scheduler,CPUManagement and underlying synchronization Semantics |
LPC |
Local process call(LPC)Mechanism implementation. |
Mm |
Memory Manager. |
Ob |
Kernel Object Manager. |
Perf |
The performance Logging Function of the kernel. |
PS |
Process and thread. |
Se |
Security Reference monitor. |
WMI |
WindowsManagement specifications. |
INC |
Applicable onlyNtosContains some files. |
Raw |
RawSource file for implementing the file system driver. |
RTL |
Kernel Runtime Library support. |
Init |
Kernel startup code. |
Vdm |
VirtualDoSMachine. |
Verifier |
Driver checker. |
Compile wrk
First, SetWrkUnder the root directoryToolsSubdirectoryX86
SubdirectoryPathIn environment variables,
First, goWrkUnder the root directoryBaseDirectoryNtos
Directory,
Then enter the command:Nmake-nologo x86 =;
(If it is amd cpu, the command will be different, and the environment variable settings are also different)
Then compile the entireWrk.
Compilation completed:
In this case, you canWRK-v1.2 \ base \ ntos \ buildFind the compiledEXE
File.
So far, compilation is complete.
Load the kernel module compiled by wrk
We haveWrkThe kernel executable module is compiled,
Next, let's load the compiled kernel executable module when the operating system starts.
The environment we use isVMware 1, 6.5Moderate InstallationWindows Server 2003 SP1.
First, we willWrkCompiledWrkx86.exeCopy to virtual machine,
And place the file in the directory (that isNtoskrnl.exeDirectory ):
Then, in the installation directory of the systemC:Disk)Boot. iniFile (hidden by default ).
First, remove the read-only attribute of the file to change the file to a readable/writable file,
Use NotePad to open thisBoot. iniFile
The boot. ini file before modification:
Add the following lines in Boot. ini:
Multi (0) disk (0) RDISK (0) Partition (1) \ Windows = "Windows Server 2003, wrk"/kernel1_wrkx86.exe/hal = Hal. dll
The modified boot. ini file:
Set the above items and restart them.Windows Server 2003 SP1.
Then, the following screen is displayed on the startup screen:
We chooseWindows Server 2003, wrkStartWindows
Operating System,
In this way, the kernel executable module is loadedWrkThe compiledWrkx86.exe.
Summary
I have introduced in detail through many of the aboveWrkByWrkThe process of compiling the kernel module,
ForWrkWhat is the function? Of course, it is used for learning, that is, throughWrkLearning,
You can get a deeper understandingWindowsBy that day,
You can modifyWrkSource code, and then compiled into the kernel module,
Then let the operating system load your own kernel module. Of course, this is not easy to achieve !!!
Actually,WrkThere is also a debugging environment. Through this debugging environment,
You can useWindbgTo debug this kernel,
However, since I will explain the driver later, it will not be messy here.
Copyright,HuanWelcome to reprint, but please note: Reprinted from
Zachary. Xiaozhen-the sky of dreams