How to Export Kernel Symbols
Windows Research Kernel @ HPIThe major advantage of the Windows Research Kernel (WRK) is that it allows modified builts satisfying particular needs of the research community. I was confronted with such a need in a recent project: Using kernel functions in a driver that are normally not exported by the kernel. As we have the WRK sources available, it should be no problem to define the export of my desired functions. But how to do that?
When writing dynamic link libraries (DLL), exporting functions or variables is no big deal. Simply mark the designated export as __declspec( dllexport ) and the rest is done by the compiler. Inside the WRK sources, only macros, like NTSYSAPI, NTKERNELAPI, etc., are used which match to DECLSPEC_IMPORT-the other way round.
The solution to the problem is to modify one of the following files residing in the subdirectory base\ntos\init\ of the WRK package.
- ntoskrnl.src
- i386def.src
- amd64def.src
While the first file contains platform independent exports, the latter ones contain platform specific exports for i386 architecture and the amd64 architecture, respectively. To export an arbitrary function, simply copy and paste the name to the according .src file, re-compile the kernel and that's it. Finally, link your driver against the new wrkx86.lib or wrkamd64.lib, respectively, and you can use the exported functions or variables within it.
Comments
2 Responses to "How to Export Kernel Symbols"
Hi there.
Just wondering if the Windows Research Kernel is built the same way as actual commercially sold (retail) Windows/NT - ie does it use a razzle.cmd script and build.exe type environment ?
Would the WRK and NT Source Tree environments be compatible with one another ?
Does the WRK build under the newer WDK and what variables/include files are needed to get a successful and complete build ?
Hi,
(1) I cannot tell how the commercial Windows Server 2003 is built, but the WRK provides a build environment including several makefiles.
(2) I think the WRK source tree might be a subset of the original source tree as the WRK is missing some components, like Power Management or HAL.
(3) I have never tried to build the WRK with WDK as WRK provides its own build environment including all tools like cl and link.