New to the Windows kernel and looking for string manipulation functions!

Hi guys, I just got dumped something at work that I’m totally unprepared for, namely developing a file driver that evaluates user mode file operations and communicates with some legacy systems. I’ve made decent progress so far but I had two big questions that I can’t find definitive answers for:

  1. I need to do a bit of work with UNICODE_STRING in the kernel, and while I knew I wouldn’t be able to use the STL I was surprised to find that this is basically the sum total of Windows kernel string libraries. Am I somehow missing something in the Windows kernel docs, or is there a very popular open source library that everyone uses for working with strings in the kernel? I just need to do basic stuff with UNICODE_STRING like searching for substrings, tokenizing, startswith/endswith and maybe a bit of regex.

  2. We can add web service gateways to our legacy systems, is there an easy way to call a web service from inside the kernel? Secure would be preferred but plain old HTTP would be fine for now.

Any pointers would be helpful, and thanks much!

IMHO when presented requirements like this, the very first question you should ask is how can i split this work into a UM service.

while it is possible to do these kinds of things in KM, it will be difficult in the extreme. String manipulation you can roll your own without too much trouble, but calling a web service from KM would be a massive amount of work

1 Like

Oh yes I definitely wouldn’t roll my own, but I know there’s an HTTP server here in the kernel with me so I thought there might be a client as well, or at least a third party solution.

Regardless before I get that far I have some string munging to do so hopefully I can get some recommendations there.

… I know there’s an HTTP server here in the kernel with me …

Not really. http.sys is just a proxy. It listens for HTTP requests and forwards them to a user-mode server, like IIS. It doesn’t handle any requests.

AFAIK http.sys does actually handle certain kinds of requests directly. Created at a time when MS was trying to break web server speed records by avoiding KM/UM transitions that happen when a webserver implemented in UM accesses the disk stack to read a file, then turns around and sends it back to KM down the network stack. Modern web sites have relatively little content that falls into this category, but at the time this pattern dominated. Nowadays IIS is a huge beast that most often acts as a proxy for kestral based web services written in C# and the number of KM/UM transitions that happen for a single request can be very many indeed.