Tracing Function Calls in Windows NT Kernel
| Thesis title in Czech: | Sledování volání funkcí jádra Windows NT |
|---|---|
| Thesis title in English: | Tracing Function Calls in Windows NT Kernel |
| Key words: | Windows, jádro, sledování funkcí, ladění |
| English key words: | Windows, kernel, function tracing, debugging |
| Academic year of topic announcement: | 2013/2014 |
| Thesis type: | Bachelor's thesis |
| Thesis language: | angličtina |
| Department: | Department of Distributed and Dependable Systems (32-KDSS) |
| Supervisor: | Mgr. Pavel Ježek, Ph.D. |
| Author: | hidden - assigned and confirmed by the Study Dept. |
| Date of registration: | 07.04.2015 |
| Date of assignment: | 07.04.2015 |
| Confirmed by Study dept. on: | 14.04.2015 |
| Date and time of defence: | 07.09.2015 00:00 |
| Date of electronic submission: | 31.07.2015 |
| Date of submission of printed version: | 31.07.2015 |
| Date of proceeded defence: | 07.09.2015 |
| Opponents: | RNDr. Jakub Yaghob, Ph.D. |
| Guidelines |
| The primary goal of this thesis is to create an application for real-time tracing of important function calls in the Windows NT kernel and displaying information about objects in kernel namespace and their attributes. Second part of the thesis is implement a visualization of collected information related to I/O Request Packets (IRP) in a concise graphical form. The resulting tool should support at least the x86 architecture and ideally also the x64 architecture. |
| References |
| * Mark E. Russinovich and David A. Solomon, with Alex Ionsecu: Windows Internals (5th edition), 2009
* Intel Corporation: Intel 64 and IA-32 architectures developer's manual, 2015 * Microsoft Corporation: Windows Driver Kit (WDK) on MSDN, https://msdn.microsoft.com/en-us/library/windows/hardware/ff557573%28v=vs.85%29.aspx * Ladislav Vágner: ATHelp, elektronický manuál, 1994 |