Start service in kernel mode (Vista) - service

I'd like to start service before user mode is loaded (in kernel mode).
The reason is I wanna run several system applications(asm code to write data to BIOS) that are not allowed in user mode (privileges problem).
That's why I got an idea: 1. Write windows service 2. Start and run it in kernel mode
Is it possible?
Are there any other ways to solve the problem?
I don't usually use Vista (use linux instead), that's why I'm asking.

Windows services are user-mode applications. To run in kernel-mode you should write a driver. (So-called "legacy" driver will be enough, see Driver Development Part 1: Introduction to Drivers).

Related

HOW TO ENABLE BOOT IN BIOS LEGACY MODE ON SIMICS PUBLIC PREVIEW 6.0.43

I'm trying to enable boot in bios legacy mode with no success.
Just as test case I'm using an old Ubuntu server image (bionic-server-cloudimg-i386.img).
This what I did:
Under %simics%/simics-qsp-cpu-6.0.1/targets/qsp-x86 I modified qsp-client-core.simics file as below:
# In order to run this, the QSP-x86 (2096), QSP-CPU (8112) and
# QSP-Clear-Linux (4094) packages should be installed.
decl {
! Script that runs the Quick Start Platform (QSP) with a client processor core.
params from "%simics%/targets/qsp-x86/qsp-clear-linux.simics"
default cpu_comp_class = "x86-coffee-lake"
default num_cores = 4
default enable_efi = FALSE
}
$disk0_image="/home/peppe/Scrivania/bionic.craff"
#$disk0_image="/opt/simics/simics-qsp-clear-linux-6.0.9/targets/qsp-x86/images/cl-b28910-v2.craff"
run-command-file "%simics%/targets/qsp-x86/qsp-clear-linux.simics"
When I run this file, the boot gets stuck with "Start PXE over IPv4" message (i.e. Simics doesn't find the UEFI partition and try to boot from network).
If I run the same file with cl-b28910-v2.craff image all works fine.
Note when it comes to bionic image I tried both with the raw format and with the craff format.
Also note the same bionic image boots as expected in QEMU.
My question: is the param enable_efi = FALSE enough to force Simics to boot in legacy mode?
If no what else do I have to do ?
The QSP really only supports booting from UEFI, and only a UEFI binary is shipping with the platform. All modern operating systems boot from UEFI anyway, so this should not be a big deal.
Indeed QSP model is not shipped with legacy BIOS image, but this does not prevent you from creating such and enable it on QSP model yourself. In particular, microvm or regular bios.bin (SeaBIOS?) from QEMU might work with some changes (removing QEMU specifics).

How to find out who loads specific Linux kernel module?

I built a certain driver as module (m) for Linux, the spi-imx by NXP. Nontheless, Linux probes this driver when booting. I'm struggling to find out what process/other module/driver requests this spi-imx driver. A depmod does not show any dependencies between the spi-imx an other modules (except for the spidev as submodule).
After some research, I found out that Linux automatically (?) calls modprobe when it detects a new device. So does Linux actually call modprobe because the ecSPI'S status in the device tree as "okay"? If so, how can I prevent this? I would like to dynamically load the spi-imx from a user space application via modprobe. The story behind it: a coprocessor uses this SPI line in parallel to the Linux boot process. This interferes of course and interrupts the coprocessor's use of the SPI line. When the coprocessor has finished its transfer via SPI (a boot mechanism as well), it should hand over the SPI line to Linux.
I'm very thankful for any kind of tips, links, hints and comments on this.
Thanks a lot for the answers. As you guys mentioned, I also found out that Linux itself probes the device if present ("okay").
One possible solution is to complete cut off the modprobe call via an entry like "install spi-imx /bin/false" in the *.conf file. But that makes it impossible to load the driver via modprobe, for Linux and for user space.
"blacklist spi-imx" inside a *.conf located at /etc/modprobe.d/ is the way to prevent Linux from probing the driver when booting. After that, a modprobe from user space can successfully load the driver afterwards.
Thanks again & best regards

Running additional service in Safe Mode win8.1

The problem is I need to install the program, that runs additional service in the middle of installation. While trying to run it manually, it returns error 1084: Can not start the service in the Safe Mode.
What should I add to registry in order to run this service?
To start services in Safe mode you have to run regedit.exe and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.
Windows has 2 types of safe mode. The minimal one and the one with network.
Under your type create now a key with the short name of your driver and type service in the default string. Here you can also whitelist other windows services / drivers that you want o get loaded in safe mode.

how to start a process under kernel debugging on windows?

I have a hard drive was crypted by TryeCrypt,a custom edtion ,self input password,and i have found this 40-bytes password via MBR debugging, but can't mount it using standard version 7.1a.
what i want is get some files from this hard drive,good news is,this hard drive is bootable and it is a windows xp sp2,but a fullscreen app was auto startup and any input(keyboard,mouse etc.) was blocked,therefore,the only way to touch it is debugging it with vmware gdb stub.
The ida's remote dbg debugger is working very well, now I touch the guest's memory, edit it's codes, set breakpoints and the symbols was loaded.
so the question is,how can I start a process via patching the kernel?
What I thinking is,build a winddk project , implement a driver to do this with user APC, and then disassemble it to get it's assembler code ,and then patch it into guest via ida.
Any idea? thanks.

how to shutdown the computer from my OS?

Question 1) How do i shutdown my computer? is there any interrupt for this?
Question 2) I heard that acpi power options can be used to shutdown or restart or put the computer to sleep. mode. Well how to do it? are they in form of some routines that can be called? if so how to call them? or are they include in any of the interrupts?
Question 3) suppose when the os is running i press power button which is on the cabinet. then is any irq fired so that my os can prepare and shutdown the computer?
Edit:
Here i am talking about my Own OS not windows.
Here's a very informative blog post by Matthew Garrett describing how Windows and Linux implement rebooting; I assume shutdown is somewhat similar. In principle, there are many ways which should work. In practice, the problem is that BIOS'es and ACPI implementations are usually crappy and tested only with Windows, so the best way is probably to do as Windows does. Which, per the article I linked, is what Linux also does nowadays.
Answer 1. There are many ways to shutdown your computer.
Use shutdown option shown in Windows dialogue
Use shutdown command in command prompt
Use Task Manager to shutdown your computer
Press power button on cabinet to shutdown your computer.