zhongwei/gh-743175724-agents-project-plugins-windows-development
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
305b0a63235831b4e6f7c1abe0428c2f300452f5
gh-743175724-agents-project…/plugins/windows-development/skills/windows-kernel-basics.md
zhongwei 305b0a6323 Initial commit
2025-11-29 09:37:43 +08:00

961 B
Raw Blame History

name, description, version
name description version
Windows内核基础 IRQL、内存池、同步机制 1.0.0

Windows Kernel Development Basics

IRQL Levels

  • PASSIVE_LEVEL (0): Normal execution
  • APC_LEVEL (1): Asynchronous Procedure Calls
  • DISPATCH_LEVEL (2): DPC and scheduler
  • DEVICE_IRQL (3+): Hardware interrupts

Memory Pools

// NonPagedPool: Always resident, use at DISPATCH_LEVEL
PVOID buffer = ExAllocatePool2(POOL_FLAG_NON_PAGED, size, 'Tag1');

// PagedPool: Can be paged out, use at PASSIVE_LEVEL
PVOID buffer = ExAllocatePool2(POOL_FLAG_PAGED, size, 'Tag2');

// Don't forget to free
ExFreePoolWithTag(buffer, 'Tag1');

Synchronization

  • Spin Lock: High IRQL, short duration
  • Mutex: PASSIVE_LEVEL only
  • Fast Mutex: Similar to kernel mutex
  • Event: Signal/Wait mechanism

Common Pitfalls

  • Accessing paged memory at DISPATCH_LEVEL
  • Forgetting to dereference objects
  • Not handling IRP cancellation
  • Memory leaks (use Driver Verifier)
Reference in New Issue View Git Blame Copy Permalink