I am looking at doing some kernel patching under certain versions of
Windows to improve performance under Xen (modifying TPR writes), and
only under 32 bit of course (not needed under 64 bit and patchguard
would make it impossible anyway).
Someone has already written the code to do it, I am just integrating it
into my drivers, but there are separate patch tables for ‘normal’ and
‘/3GB’ mode, where the /3GB table appears to be the same as the normal
table + some offset (0x50000000 for w2k3).
So I have a few questions…
Does the /USERVA= option fiddle with that base address even further?
Is there a way for me to get the base address of kernel space? I’m not
sure how much it matters if the method is documented, as this is only
for ‘legacy’ kernels (W2K3 < sp2 and XP). All the newer kernels
(W2K3sp2, vista, 2008) appear to be hypervisor aware at least to the
extent that they don’t perform unnecessary writes to the TPR register.
Thanks
James
>sure how much it matters if the method is documented, as this is only
for ‘legacy’ kernels (W2K3 < sp2 and XP). All the newer kernels
(W2K3sp2, vista, 2008) appear to be hypervisor aware at least to the
extent that they don’t perform unnecessary writes to the TPR register.
I think that all TPR writes are in the HAL and not kernel. The kernel - at least the legacy one - should not even know that the TPR is present, because it is compatible with non-APIC machines.
So, hook the HAL routines of KeRaise/LowerIrql and KeAcquire/ReleaseSpinLock, and their KfXxx FASTCALL counterparts.
Probably developing a special HAL for Xen is a good idea.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
If I recall correctly Microsoft eliminated ‘build your own hal’ as an option
several years ago.
Mark Roddy
On Sun, Jan 4, 2009 at 10:04 AM, Maxim S. Shatskih
wrote:
> >sure how much it matters if the method is documented, as this is only
> >for ‘legacy’ kernels (W2K3 < sp2 and XP). All the newer kernels
> >(W2K3sp2, vista, 2008) appear to be hypervisor aware at least to the
> >extent that they don’t perform unnecessary writes to the TPR register.
>
> I think that all TPR writes are in the HAL and not kernel. The kernel - at
> least the legacy one - should not even know that the TPR is present, because
> it is compatible with non-APIC machines.
>
> So, hook the HAL routines of KeRaise/LowerIrql and
> KeAcquire/ReleaseSpinLock, and their KfXxx FASTCALL counterparts.
>
> Probably developing a special HAL for Xen is a good idea.
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> Is there a way for me to get the base address of kernel space?
You could try looking at some of the undocumented informan that
ZwQuerySystemInformation() returns. Also it has been a while but I believe
there might be a couple of global exported data fields (from the kernel
image) that hold those values. I cannot remember what it is right now.
Thanks
Ross
On Sun, Jan 4, 2009 at 3:48 AM, James Harper
wrote:
> I am looking at doing some kernel patching under certain versions of
> Windows to improve performance under Xen (modifying TPR writes), and
> only under 32 bit of course (not needed under 64 bit and patchguard
> would make it impossible anyway).
>
> Someone has already written the code to do it, I am just integrating it
> into my drivers, but there are separate patch tables for ‘normal’ and
> ‘/3GB’ mode, where the /3GB table appears to be the same as the normal
> table + some offset (0x50000000 for w2k3).
>
> So I have a few questions…
>
> Does the /USERVA= option fiddle with that base address even further?
>
> Is there a way for me to get the base address of kernel space? I’m not
> sure how much it matters if the method is documented, as this is only
> for ‘legacy’ kernels (W2K3 < sp2 and XP). All the newer kernels
> (W2K3sp2, vista, 2008) appear to be hypervisor aware at least to the
> extent that they don’t perform unnecessary writes to the TPR register.
>
> Thanks
>
> James
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>