Draft:Win32k.sys
Submission declined on 9 January 2023 by Slywriter (talk).
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
|
Submission declined on 9 January 2023 by 97198 (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: Declined by 97198 21 months ago.
|
Submission declined on 7 January 2023 by S0091 (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. Declined by S0091 22 months ago. |
- Comment: No indication of notability. It's just a single file Slywriter (talk) 15:26, 9 January 2023 (UTC)
- Comment: Most of the content is unsourced and works published by Microsoft are not independent so cannot be used to establish notability. S0091 (talk) 20:03, 7 January 2023 (UTC)
Kernel Mode Windows Subsystem (win32k.sys)
[edit]Win32k.sys is part of the Windows Subsystem implemented in Kernel Mode, designed as an important dependency of the Windows Operating System and responsible for implementing the GDI, keyboard and mouse inputs and the Window Manager. The name contains the word Win32 which stands for the Windows Subsystem and k for Kernel mode.[1][2]
The Kernel Mode Windows Subsystem implements a System Service Table with over 800 System Calls, starting with the System Call Index 0x1000 (NtGdiAbortDoc on Windows NT 5.1).[3]
It is being loaded at startup by the Session Manager Subsystem process in the kernel address space. On load, win32k.sys calls win32kbase.sys Driver Entry Point, which attaches win32k's System Service Table to NTOS using the KeAddSystemServiceTable function.[4]
History
[edit]In early versions of NTOS, win32k used to be a core User-Mode Dynamic-link library (just like NTDLL) but due to bad performance, the file has been ported to Kernel-Mode. This change has improved the response time of user-mode applications.
Present
[edit]Today, the Windows Subsystem is separated into two files (besides win32k.sys): win32kfull.sys and win32kbase.sys.[5] Win32kbase contains the actual Entry Point for win32k but also experimental and additional features, whereas Win32kfull contains the most stable and commonly used functions.
Win32k port to Kernel Mode
[edit]The port consisted in replacing Win32 calls into NTAPI calls then write the file to a driver which made it develop a lot of Denial of Service vectors where attackers could create Privilege escalation.[6]
User Mode Windows Subsystem (win32u.dll)
[edit]The user mode component of the Windows Subsystem is win32u.dll that works just like NTDLL.
It contains pieces of generated machine code as a stub for doing a direct syscall instruction, which end up in Win32k.[7]
GDI and User-related functions are being exported from gdi32.dll and user32.dll. These DLLs use win32u.dll exported functions to perform actions.[8][9]
References
[edit]- ^ "The Win32k kernel-mode driver". O’Reilly. O’Reilly. Retrieved 8 January 2023.
- ^ See also, the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll
- ^ "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.
- ^ "A short introduction in System Services Dispatching". Insinuator. Insinuator. Retrieved 8 January 2023.
- ^ Spencer, McIntyre (30 September 2020). "Win32k Overview". Retrieved 9 January 2023.
- ^ "Microsoft Warns of Windows Win32k Privilege Escalation | CISA". www.cisa.gov. CISA Gov. CISA Gov. Retrieved 9 February 2021.
- ^ "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.
- ^ See the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll
- ^ See the documentation for the Wine implementation of USER32.DLL: Wine API: user32.dlll
- in-depth (not just passing mentions about the subject)
- reliable
- secondary
- independent of the subject
Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia.