Skip to main content
Reverse Engineering

Questions tagged [kernel-mode]

Ask Question

Unix memory model relies on a strong separation between user-space memory and kernel-space memory. This tag refers to mechanisms that lie in kernel-space.

141 questions
Newest Active Bountied Unanswered
0 votes
1 answer
27 views

I have a Linux kernel that I open with Ghidra. There is a task_struct that I want to map all the fields. The problem is that os big struct (around 3000 bytes) and have lot of ifdef in the source code. ...
Polo1990's user avatar
  • 1
0 votes
0 answers
18 views

I research kernel object (ko file that loaded into kernel) in Android aarch64 . Is there any way to make code coverage to kernel object? That ko don't print any log to kmesg. Maybe is there any way to ...
Polo1990's user avatar
  • 1
3 votes
1 answer
108 views

If I understand correctly, when a bug-check happens, the KeBugCheckEx function saves the contents of physical memory pages in a swap-file and then the actual .dmp file is created only when the system ...
c00000fd's user avatar
  • 1,770
2 votes
1 answer
620 views

I want to play with reverse engineering the Apple Neural Engine driver, which is a kernel extensions (com.apple.driver.AppleH11ANEInterface). These used to be in /System/Library/Extensions/, but on my ...
juzna.cz's user avatar
  • 121
0 votes
0 answers
77 views

When learning about the topic that includes processes, threads and image files it helped immensely to use x86dbg. However, it only shows things from the "view" of a single process. I am ...
AirToTec's user avatar
  • 3
4 votes
0 answers
133 views

I have been having a really strange issue which I have tried all ways to troubleshoot from my end but was not successful. I am going through a malware analysis course and following the debugging ...
Daksh Kapur's user avatar
  • 41
2 votes
0 answers
90 views

Ida has a really weird feature/bug that when you input a non-normal PE file like a memory dump of a kernel buffer, or an EFI file (even though EFI is PE..), you cannot select the windbg as the ...
OneAndOnly's user avatar
  • 528
4 votes
1 answer
876 views

I need help with something very Windows/kernel-specific. I'm working on a fix for the high Kernel Timer Latency in Windows 10 2004 and higher. This problem was introduced between Insider Build 18950 ...
SilverLPs's user avatar
  • 41
3 votes
1 answer
176 views

I am trying to recompile the kernel for the Redmi Note 4 (MTK). I have successfully obtained a copy of the stock, pre-compiled kernel, and a variant of sources that seems to coincide quite well with ...
KiralyCraft's user avatar
  • 31
2 votes
0 answers
758 views

I am currently trying to set up WinDbg with IDA 7.7 to perform kernel debugging. My host machine is Windows 11 22H2 64-bit, the target is a Windows 10 22H2 64-bit VM (VMware). Connection method is ...
millionmilesaway's user avatar
  • 151
4 votes
0 answers
400 views

I wanted to debug winload.efi using IDA Pro 7.7, but for some weird reason there is no windbg in the list of debuggers in case of EFI files, even tho I can easily debug the kernel using IDA Pro's ...
OneAndOnly's user avatar
  • 528
2 votes
1 answer
197 views

Does arbitrary kernel read write from usermode count as a vulnerability if it requires admin or is it fine since it requires admin?
s0x's user avatar
  • 23
3 votes
0 answers
269 views

I am working on a highly obfuscated driver that is virtualized. In an attempt to work on this driver I asked a question about some python scripts which turned out not to be effective at all so I ...
user19819208's user avatar
  • 33
1 vote
0 answers
84 views

I'm working through "Practical Reverse Engineering" and absolutely loving it so far. However, some of the exercises involve "decompiling" some Windows kernel files (like ...
superzero's user avatar
  • 11
0 votes
1 answer
149 views

I am trying to find out which struct storport!RaGetUnitStorageDeviceProperty uses by myself. I know I can use google and find out the correct answer is _RAID_UNIT_EXTENSION. However i want to do it ...
user19819208's user avatar
  • 33

15 30 50 per page
1
2 3 4 5
10