by It’s commonly known that the Windows Kernel uses two standard function prefixes to differentiate externally callable functions (Ke) from private, or internal, functions (Ki). There is, however, a third prefix used in the Kernel that isn’t quite as common: Kx. This prefix is used for internal functions that are processor architecture specific. For example, KxFlushEntireTb is the function responsible for flushing the TLBs of the processor. Clearly this is architecture specific and therefore the Kernel provides a different implementation for each processor architecture supported on Windows.
These types of routines clearly hold some interesting information about how Windows handles different processor architectures. Plus, for a kernel geek such as myself, this code represents the lowest level processing in the O/S and therefore piques my interest.
Imagine my delight then when I happened to be searching through the WDK 8.1 headers and stumbled across kxamd64.inc and kxarm.h located in the \8.1\Include\Shared subdirectory. These header files not only include some architecture specific Kernel definitions, but also the assembly language for some common Kernel activities. These include, but are not limited to:
- Trap Frame Generation
- Spinlock Acquisition
- Interrupt Dispatching
The x64 module is more extensive than the ARM module, but there’s some interesting things to be seen in both. Not only is it interesting to read some modern, well-disciplined assembly language programming, this discovery led me to learn a couple of things that I thought I’d share with everyone else (if you find anything else noteworthy let us know @OSRDrivers!).
New for Windows 8.1: The Interrupt Stack
Windows now uses a dedicated stack located in the PRCB for interrupt processing. Historically Windows has always simply used the kernel stack of the currently executing thread for this work, which always left open the chance of a stack overflow. See the SWITCH_TO_ISR_STACK macro for details.
I Feel Bad for the Person Writing the ARM Assembly
You can sense a bit of despair at the beginning of kxarm.h:
; ; The ARM assembler uses a baroque syntax that is documented as part ; of the online Windows CE documentation. The syntax derives from ; ARM's own assembler and was chosen to allow the migration of ; specific assembly code bases, namely ARM's floating point runtime. ; While this compatibility is no longer strictly necessary, the ; syntax lives on.... ;
The header then continues on to mention the fact that the ARM assembler is whitespace sensitive. Yikes! Suddenly being part of the lowest level processing in the O/S doesn’t seem so sexy…
OSR Open Systems Resources, Inc.