How to Export Kernel SymbolsWindows Research Kernel @ HPI
The major advantage of the Windows Research Kernel (WRK) is that it allows modified builts satisfying particular needs of the research community. I was confronted with such a need in a recent project: Using kernel functions in a driver that are normally not exported by the kernel. As we have the WRK sources available, it should be no problem to define the export of my desired functions. But how to do that?
When writing dynamic link libraries (DLL), exporting functions or variables is no big deal. Simply mark the designated export as __declspec( dllexport ) and the rest is done by the compiler. Inside the WRK sources, only macros, like NTSYSAPI, NTKERNELAPI, etc., are used which match to DECLSPEC_IMPORT-the other way round.
The solution to the problem is to modify one of the following files residing in the subdirectory base\ntos\init\ of the WRK package.
While the first file contains platform independent exports, the latter ones contain platform specific exports for i386 architecture and the amd64 architecture, respectively. To export an arbitrary function, simply copy and paste the name to the according .src file, re-compile the kernel and that's it. Finally, link your driver against the new wrkx86.lib or wrkamd64.lib, respectively, and you can use the exported functions or variables within it.