Chapter 3 Key Concepts

https://github.com/kiwids0220/WindowsKernelProgramming.git

Paged Pool vs Non-paged Pool ( still need more example to understand further)

Memory Pools - Win32 apps

Pushing the Limits of Windows: Paged and Nonpaged Pool

IRQL (Interrupt Request Level)

Normally a processor’s IRQL is zero, and more specifically, it’s always zero when user mode is executing. In kernel mode, it’s still zero most of the time - but not all the time.

C++ Usage

Kernel mode does not have access to user runtime libraries.

• Global vars taht have non-default constructors will not be called. So you would explicit intialize them.
• Allocate pointer only as a global variable, and create the actual instance d ynamically. assumingnew and delte operators have been overloaded ( more on this later chapter).
• try catch except will not compile. Because C++ error handling requires C++ runtime.
• The standard libs C are not availabie in the kernel. std::vector<>, std::wstring will not work.

Debug VS Release Build

Checked (DEBUG) and Free (Release) DEBUG build will define the symbol DBG and set its value to 1. KdPrint becomes DbgPrint.

Kernel API

Functions that are implemented within the kernel module itself NtOskrnl.exe