Kernel

From xboxdevwiki
Jump to: navigation, search

The Xbox kernel is called xboxkrnl.exe. It is closely related to the Windows NT ntoskrnl.exe. Its image base address is always 0x80010000.

Header modifications

xboxkrnl.exe is a mostly standard exe file. However, the MS-DOS header was patched to contain Xbox specific data in the reserved 20 byte block starting at offset 40:

Offset Meaning
40 Size of uninitialized portion of the .data section
44 Size of initialized portion of the .data section
48 Memory address of initialized portion of the .data section (usually in Flash).
Used to re-initialize the data section pointed to by the next field.
Note that the pointer might be invalid during normal execution as the Flash might not be mapped at all times.
52 Memory address where the .data section is stored (usually the same as in the section header + image base).

Sections

All sections are identity mapped (meaning file offsets and offsets in RAM match). This is because the kernel is not loaded through a traditional PE / exe loader, but just unpacked into memory.

.text

The .text section contains the kernel exports.

.data

The .data section stores initialized and uninitialized data. A copy of the initialized portion of this section is usually stored in the BIOS.

STICKY

Stores variables which must be preserved across a quick-reboot.

IDEXPRDT

A Physical Region Descriptor Table (PRDT) for the IDE bus. This section serves as a memory allocation only, it does not have to be initialized when loading the kernel[citation needed].

INIT

This section is always the last one. It contains the entrypoint of the kernel. This does all the cold-boot kernel initialization as described here. Later kernels[FIXME] will discard this section after initialization. INIT also contains the Boot Animation, so once the kernel has finished booting it can't do a full hardware re-initialization or play the boot animation anymore.

Kernel exports

Kernel exports
Name Ordinal x86 Calling Convention Notes
Kernel/AvGetSavedDataAddress 1 stdcall
Kernel/AvSendTVEncoderOption 2 stdcall
Kernel/AvSetDisplayMode 3 stdcall
Kernel/AvSetSavedDataAddress 4 stdcall
Kernel/DbgBreakPoint 5 stdcall
Kernel/DbgBreakPointWithStatus 6 stdcall
Kernel/DbgLoadImageSymbols 7 stdcall Devkits only!
Kernel/DbgPrint 8 stdcall
Kernel/HalReadSMCTrayState 9 stdcall
Kernel/DbgPrompt 10 stdcall
Kernel/DbgUnLoadImageSymbols 11 stdcall Devkits only!
Kernel/ExAcquireReadWriteLockExclusive 12 stdcall
Kernel/ExAcquireReadWriteLockShared 13 stdcall
Kernel/ExAllocatePool 14 stdcall
Kernel/ExAllocatePoolWithTag 15 stdcall
Kernel/ExEventObjectType 16 Variable: OBJECT_TYPE
Kernel/ExFreePool 17 stdcall
Kernel/ExInitializeReadWriteLock 18 stdcall
Kernel/ExInterlockedAddLargeInteger 19 stdcall
Kernel/ExInterlockedAddLargeStatistic 20 fastcall
Kernel/ExInterlockedCompareExchange64 21 fastcall
Kernel/ExMutantObjectType 22 Variable: OBJECT_TYPE
Kernel/ExQueryPoolBlockSize 23 stdcall
Kernel/ExQueryNonVolatileSetting 24 stdcall
Kernel/ExReadWriteRefurbInfo 25 stdcall
Kernel/ExRaiseException 26 stdcall
Kernel/ExRaiseStatus 27 stdcall
Kernel/ExReleaseReadWriteLock 28 stdcall
Kernel/ExSaveNonVolatileSetting 29 stdcall
Kernel/ExSemaphoreObjectType 30 Variable: OBJECT_TYPE
Kernel/ExTimerObjectType 31 Variable: OBJECT_TYPE
Kernel/ExfInterlockedInsertHeadList 32 stdcall
Kernel/ExfInterlockedInsertTailList 33 fastcall
Kernel/ExfInterlockedRemoveHeadList 34 fastcall
Kernel/FscGetCacheSize 35 stdcall
Kernel/FscInvalidateIdleBlocks 36 stdcall
Kernel/FscSetCacheSize 37 stdcall
Kernel/HalClearSoftwareInterrupt 38 fastcall
Kernel/HalDisableSystemInterrupt 39 stdcall
Kernel/HalDiskCachePartitionCount 40 Variable: ULONG
Kernel/HalDiskModelNumber 41 Variable: STRING
Kernel/HalDiskSerialNumber 42 Variable: STRING
Kernel/HalEnableSystemInterrupt 43 stdcall
Kernel/HalGetInterruptVector 44 stdcall
Kernel/HalReadSMBusValue 45 stdcall
Kernel/HalReadWritePCISpace 46 stdcall
Kernel/HalRegisterShutdownNotification 47 stdcall
Kernel/HalRequestSoftwareInterrupt 48 fastcall
Kernel/HalReturnToFirmware 49 stdcall
Kernel/HalWriteSMBusValue 50 stdcall
Kernel/InterlockedCompareExchange 51 fastcall
Kernel/InterlockedDecrement 52 fastcall
Kernel/InterlockedIncrement 53 fastcall
Kernel/InterlockedExchange 54 fastcall
Kernel/InterlockedExchangeAdd 55 fastcall
Kernel/InterlockedFlushSList 56 fastcall
Kernel/InterlockedPopEntrySList 57 fastcall
Kernel/InterlockedPushEntrySList 58 fastcall
Kernel/IoAllocateIrp 59 stdcall
Kernel/IoBuildAsynchronousFsdRequest 60 stdcall
Kernel/IoBuildDeviceIoControlRequest 61 stdcall
Kernel/IoBuildSynchronousFsdRequest 62 stdcall
Kernel/IoCheckShareAccess 63 stdcall
Kernel/IoCompletionObjectType 64 Variable: OBJECT_TYPE
Kernel/IoCreateDevice 65 stdcall
Kernel/IoCreateFile 66 stdcall
Kernel/IoCreateSymbolicLink 67 stdcall
Kernel/IoDeleteDevice 68 stdcall
Kernel/IoDeleteSymbolicLink 69 stdcall
Kernel/IoDeviceObjectType 70 Variable: OBJECT_TYPE
Kernel/IoFileObjectType 71 Variable: OBJECT_TYPE
Kernel/IoFreeIrp 72 stdcall
Kernel/IoInitializeIrp 73 stdcall
Kernel/IoInvalidDeviceRequest 74 stdcall
Kernel/IoQueryFileInformation 75 stdcall
Kernel/IoQueryVolumeInformation 76 stdcall
Kernel/IoQueueThreadIrp 77 stdcall
Kernel/IoRemoveShareAccess 78 stdcall
Kernel/IoSetIoCompletion 79 stdcall
Kernel/IoSetShareAccess 80 stdcall
Kernel/IoStartNextPacket 81 stdcall
Kernel/IoStartNextPacketByKey 82 stdcall
Kernel/IoStartPacket 83 stdcall
Kernel/IoSynchronousDeviceIoControlRequest 84 stdcall
Kernel/IoSynchronousFsdRequest 85 stdcall
Kernel/IofCallDriver 86 fastcall
Kernel/IofCompleteRequest 87 fastcall
Kernel/KdDebuggerEnabled 88 Variable: BOOLEAN
Kernel/KdDebuggerNotPresent 89 Variable: BOOLEAN
Kernel/IoDismountVolume 90 stdcall
Kernel/IoDismountVolumeByName 91 stdcall
Kernel/KeAlertResumeThread 92 stdcall
Kernel/KeAlertThread 93 stdcall
Kernel/KeBoostPriorityThread 94 stdcall
Kernel/KeBugCheck 95 stdcall
Kernel/KeBugCheckEx 96 stdcall
Kernel/KeCancelTimer 97 stdcall
Kernel/KeConnectInterrupt 98 stdcall
Kernel/KeDelayExecutionThread 99 stdcall
Kernel/KeDisconnectInterrupt 100 stdcall
Kernel/KeEnterCriticalRegion 101 stdcall
Kernel/MmGlobalData 102 Variable: MMGLOBALDATA
Kernel/KeGetCurrentIrql 103 stdcall
Kernel/KeGetCurrentThread 104 stdcall
Kernel/KeInitializeApc 105 stdcall
Kernel/KeInitializeDeviceQueue 106 stdcall
Kernel/KeInitializeDpc 107 stdcall
Kernel/KeInitializeEvent 108 stdcall
Kernel/KeInitializeInterrupt 109 stdcall
Kernel/KeInitializeMutant 110 stdcall
Kernel/KeInitializeQueue 111 stdcall
Kernel/KeInitializeSemaphore 112 stdcall
Kernel/KeInitializeTimerEx 113 stdcall
Kernel/KeInsertByKeyDeviceQueue 114 stdcall
Kernel/KeInsertDeviceQueue 115 stdcall
Kernel/KeInsertHeadQueue 116 stdcall
Kernel/KeInsertQueue 117 stdcall
Kernel/KeInsertQueueApc 118 stdcall
Kernel/KeInsertQueueDpc 119 stdcall
Kernel/KeInterruptTime 120 Variable: KSYSTEM_TIME
Kernel/KeIsExecutingDpc 121 stdcall
Kernel/KeLeaveCriticalRegion 122 stdcall
Kernel/KePulseEvent 123 stdcall
Kernel/KeQueryBasePriorityThread 124 stdcall
Kernel/KeQueryInterruptTime 125 stdcall
Kernel/KeQueryPerformanceCounter 126 stdcall
Kernel/KeQueryPerformanceFrequency 127 stdcall
Kernel/KeQuerySystemTime 128 stdcall
Kernel/KeRaiseIrqlToDpcLevel 129 stdcall
Kernel/KeRaiseIrqlToSynchLevel 130 stdcall
Kernel/KeReleaseMutant 131 stdcall
Kernel/KeReleaseSemaphore 132 stdcall
Kernel/KeRemoveByKeyDeviceQueue 133 stdcall
Kernel/KeRemoveDeviceQueue 134 stdcall
Kernel/KeRemoveEntryDeviceQueue 135 stdcall
Kernel/KeRemoveQueue 136 stdcall
Kernel/KeRemoveQueueDpc 137 stdcall
Kernel/KeResetEvent 138 stdcall
Kernel/KeRestoreFloatingPointState 139 stdcall
Kernel/KeResumeThread 140 stdcall
Kernel/KeRundownQueue 141 stdcall
Kernel/KeSaveFloatingPointState 142 stdcall
Kernel/KeSetBasePriorityThread 143 stdcall
Kernel/KeSetDisableBoostThread 144 stdcall
Kernel/KeSetEvent 145 stdcall
Kernel/KeSetEventBoostPriority 146 stdcall
Kernel/KeSetPriorityProcess 147 stdcall
Kernel/KeSetPriorityThread 148 stdcall
Kernel/KeSetTimer 149 stdcall
Kernel/KeSetTimerEx 150 stdcall
Kernel/KeStallExecutionProcessor 151 stdcall
Kernel/KeSuspendThread 152 stdcall
Kernel/KeSynchronizeExecution 153 stdcall
Kernel/KeSystemTime 154 Variable: KSYSTEM_TIME
Kernel/KeTestAlertThread 155 stdcall
Kernel/KeTickCount 156 Variable: ULONG
Kernel/KeTimeIncrement 157 Variable: ULONG
Kernel/KeWaitForMultipleObjects 158 stdcall
Kernel/KeWaitForSingleObject 159 stdcall
Kernel/KfRaiseIrql 160 fastcall
Kernel/KfLowerIrql 161 fastcall
Kernel/KiBugCheckData 162 Variable: ULONG_PTR[5]
Kernel/KiUnlockDispatcherDatabase 163 fastcall
Kernel/LaunchDataPage 164 Variable: PLAUNCH_DATA_PAGE
Kernel/MmAllocateContiguousMemory 165 stdcall
Kernel/MmAllocateContiguousMemoryEx 166 stdcall
Kernel/MmAllocateSystemMemory 167 stdcall
Kernel/MmClaimGpuInstanceMemory 168 stdcall
Kernel/MmCreateKernelStack 169 stdcall
Kernel/MmDeleteKernelStack 170 stdcall
Kernel/MmFreeContiguousMemory 171 stdcall
Kernel/MmFreeSystemMemory 172 stdcall
Kernel/MmGetPhysicalAddress 173 stdcall
Kernel/MmIsAddressValid 174 stdcall
Kernel/MmLockUnlockBufferPages 175 stdcall
Kernel/MmLockUnlockPhysicalPage 176 stdcall
Kernel/MmMapIoSpace 177 stdcall
Kernel/MmPersistContiguousMemory 178 stdcall
Kernel/MmQueryAddressProtect 179 stdcall
Kernel/MmQueryAllocationSize 180 stdcall
Kernel/MmQueryStatistics 181 stdcall
Kernel/MmSetAddressProtect 182 stdcall
Kernel/MmUnmapIoSpace 183 stdcall
Kernel/NtAllocateVirtualMemory 184 stdcall
Kernel/NtCancelTimer 185 stdcall
Kernel/NtClearEvent 186 stdcall
Kernel/NtClose 187 stdcall
Kernel/NtCreateDirectoryObject 188 stdcall
Kernel/NtCreateEvent 189 stdcall
Kernel/NtCreateFile 190 stdcall
Kernel/NtCreateIoCompletion 191 stdcall
Kernel/NtCreateMutant 192 stdcall
Kernel/NtCreateSemaphore 193 stdcall
Kernel/NtCreateTimer 194 stdcall
Kernel/NtDeleteFile 195 stdcall
Kernel/NtDeviceIoControlFile 196 stdcall
Kernel/NtDuplicateObject 197 stdcall
Kernel/NtFlushBuffersFile 198 stdcall
Kernel/NtFreeVirtualMemory 199 stdcall
Kernel/NtFsControlFile 200 stdcall
Kernel/NtOpenDirectoryObject 201 stdcall
Kernel/NtOpenFile 202 stdcall
Kernel/NtOpenSymbolicLinkObject 203 stdcall
Kernel/NtProtectVirtualMemory 204 stdcall
Kernel/NtPulseEvent 205 stdcall
Kernel/NtQueueApcThread 206 stdcall
Kernel/NtQueryDirectoryFile 207 stdcall
Kernel/NtQueryDirectoryObject 208 stdcall
Kernel/NtQueryEvent 209 stdcall
Kernel/NtQueryFullAttributesFile 210 stdcall
Kernel/NtQueryInformationFile 211 stdcall
Kernel/NtQueryIoCompletion 212 stdcall
Kernel/NtQueryMutant 213 stdcall
Kernel/NtQuerySemaphore 214 stdcall
Kernel/NtQuerySymbolicLinkObject 215 stdcall
Kernel/NtQueryTimer 216 stdcall
Kernel/NtQueryVirtualMemory 217 stdcall
Kernel/NtQueryVolumeInformationFile 218 stdcall
Kernel/NtReadFile 219 stdcall
Kernel/NtReadFileScatter 220 stdcall
Kernel/NtReleaseMutant 221 stdcall
Kernel/NtReleaseSemaphore 222 stdcall
Kernel/NtRemoveIoCompletion 223 stdcall
Kernel/NtResumeThread 224 stdcall
Kernel/NtSetEvent 225 stdcall
Kernel/NtSetInformationFile 226 stdcall
Kernel/NtSetIoCompletion 227 stdcall
Kernel/NtSetSystemTime 228 stdcall
Kernel/NtSetTimerEx 229 stdcall
Kernel/NtSignalAndWaitForSingleObjectEx 230 stdcall
Kernel/NtSuspendThread 231 stdcall
Kernel/NtUserIoApcDispatcher 232 stdcall
Kernel/NtWaitForSingleObject 233 stdcall
Kernel/NtWaitForSingleObjectEx 234 stdcall
Kernel/NtWaitForMultipleObjectsEx 235 stdcall
Kernel/NtWriteFile 236 stdcall
Kernel/NtWriteFileGather 237 stdcall
Kernel/NtYieldExecution 238 stdcall
Kernel/ObCreateObject 239 stdcall
Kernel/ObDirectoryObjectType 240 Variable: OBJECT_TYPE
Kernel/ObInsertObject 241 stdcall
Kernel/ObMakeTemporaryObject 242 stdcall
Kernel/ObOpenObjectByName 243 stdcall
Kernel/ObOpenObjectByPointer 244 stdcall
Kernel/ObpObjectHandleTable 245 Variable: OBJECT_HANDLE_TABLE
Kernel/ObReferenceObjectByHandle 246 stdcall
Kernel/ObReferenceObjectByName 247 stdcall
Kernel/ObReferenceObjectByPointer 248 stdcall
Kernel/ObSymbolicLinkObjectType 249 Variable: OBJECT_TYPE
Kernel/ObfDereferenceObject 250 fastcall
Kernel/ObfReferenceObject 251 fastcall
Kernel/PhyGetLinkState 252 stdcall
Kernel/PhyInitialize 253 stdcall
Kernel/PsCreateSystemThread 254 stdcall
Kernel/PsCreateSystemThreadEx 255 stdcall
Kernel/PsQueryStatistics 256 stdcall
Kernel/PsSetCreateThreadNotifyRoutine 257 stdcall
Kernel/PsTerminateSystemThread 258 stdcall
Kernel/PsThreadObjectType 259 Variable: OBJECT_TYPE
Kernel/RtlAnsiStringToUnicodeString 260 stdcall
Kernel/RtlAppendStringToString 261 stdcall
Kernel/RtlAppendUnicodeStringToString 262 stdcall
Kernel/RtlAppendUnicodeToString 263 stdcall
Kernel/RtlAssert 264 stdcall
Kernel/RtlCaptureContext 265 stdcall
Kernel/RtlCaptureStackBackTrace 266 stdcall
Kernel/RtlCharToInteger 267 stdcall
Kernel/RtlCompareMemory 268 stdcall
Kernel/RtlCompareMemoryUlong 269 stdcall
Kernel/RtlCompareString 270 stdcall
Kernel/RtlCompareUnicodeString 271 stdcall
Kernel/RtlCopyString 272 stdcall
Kernel/RtlCopyUnicodeString 273 stdcall
Kernel/RtlCreateUnicodeString 274 stdcall
Kernel/RtlDowncaseUnicodeChar 275 stdcall
Kernel/RtlDowncaseUnicodeString 276 stdcall
Kernel/RtlEnterCriticalSection 277 stdcall
Kernel/RtlEnterCriticalSectionAndRegion 278 stdcall
Kernel/RtlEqualString 279 stdcall
Kernel/RtlEqualUnicodeString 280 stdcall
Kernel/RtlExtendedIntegerMultiply 281 stdcall
Kernel/RtlExtendedLargeIntegerDivide 282 stdcall
Kernel/RtlExtendedMagicDivide 283 stdcall
Kernel/RtlFillMemory 284 stdcall
Kernel/RtlFillMemoryUlong 285 stdcall
Kernel/RtlFreeAnsiString 286 stdcall
Kernel/RtlFreeUnicodeString 287 stdcall
Kernel/RtlGetCallersAddress 288 stdcall
Kernel/RtlInitAnsiString 289 stdcall
Kernel/RtlInitUnicodeString 290 stdcall
Kernel/RtlInitializeCriticalSection 291 stdcall
Kernel/RtlIntegerToChar 292 stdcall
Kernel/RtlIntegerToUnicodeString 293 stdcall
Kernel/RtlLeaveCriticalSection 294 stdcall
Kernel/RtlLeaveCriticalSectionAndRegion 295 stdcall
Kernel/RtlLowerChar 296 stdcall
Kernel/RtlMapGenericMask 297 stdcall
Kernel/RtlMoveMemory 298 stdcall
Kernel/RtlMultiByteToUnicodeN 299 stdcall
Kernel/RtlMultiByteToUnicodeSize 300 stdcall
Kernel/RtlNtStatusToDosError 301 stdcall
Kernel/RtlRaiseException 302 stdcall
Kernel/RtlRaiseStatus 303 stdcall
Kernel/RtlTimeFieldsToTime 304 stdcall
Kernel/RtlTimeToTimeFields 305 stdcall
Kernel/RtlTryEnterCriticalSection 306 stdcall
Kernel/RtlUlongByteSwap 307 fastcall
Kernel/RtlUnicodeStringToAnsiString 308 stdcall
Kernel/RtlUnicodeStringToInteger 309 stdcall
Kernel/RtlUnicodeToMultiByteN 310 stdcall
Kernel/RtlUnicodeToMultiByteSize 311 stdcall
Kernel/RtlUnwind 312 stdcall
Kernel/RtlUpcaseUnicodeChar 313 stdcall
Kernel/RtlUpcaseUnicodeString 314 stdcall
Kernel/RtlUpcaseUnicodeToMultiByteN 315 stdcall
Kernel/RtlUpperChar 316 stdcall
Kernel/RtlUpperString 317 stdcall
Kernel/RtlUshortByteSwap 318 fastcall
Kernel/RtlWalkFrameChain 319 stdcall
Kernel/RtlZeroMemory 320 stdcall
Kernel/XboxEEPROMKey 321 Variable: XBOX_KEY_DATA
Kernel/XboxHardwareInfo 322 Variable: XBOX_HARDWARE_INFO
Kernel/XboxHDKey 323 Variable: XBOX_KEY_DATA
Kernel/XboxKrnlVersion 324 Variable: XBOX_KRNL_VERSION
Kernel/XboxSignatureKey 325 Variable: XBOX_KEY_DATA
Kernel/XeImageFileName 326 Variable: OBJECT_STRING
Kernel/XeLoadSection 327 stdcall
Kernel/XeUnloadSection 328 stdcall
Kernel/READ_PORT_BUFFER_UCHAR 329 stdcall
Kernel/READ_PORT_BUFFER_USHORT 330 stdcall
Kernel/READ_PORT_BUFFER_ULONG 331 stdcall
Kernel/WRITE_PORT_BUFFER_UCHAR 332 stdcall
Kernel/WRITE_PORT_BUFFER_USHORT 333 stdcall
Kernel/WRITE_PORT_BUFFER_ULONG 334 stdcall
Kernel/XcSHAInit 335 stdcall
Kernel/XcSHAUpdate 336 stdcall
Kernel/XcSHAFinal 337 stdcall
Kernel/XcRC4Key 338 stdcall
Kernel/XcRC4Crypt 339 stdcall
Kernel/XcHMAC 340 stdcall
Kernel/XcPKEncPublic 341 stdcall
Kernel/XcPKDecPrivate 342 stdcall
Kernel/XcPKGetKeyLen 343 stdcall
Kernel/XcVerifyPKCS1Signature 344 stdcall
Kernel/XcModExp 345 stdcall
Kernel/XcDESKeyParity 346 stdcall
Kernel/XcKeyTable 347 stdcall
Kernel/XcBlockCrypt 348 stdcall
Kernel/XcBlockCryptCBC 349 stdcall
Kernel/XcCryptService 350 stdcall
Kernel/XcUpdateCrypto 351 stdcall
Kernel/RtlRip 352 stdcall
Kernel/XboxLANKey 353 Variable: XBOX_KEY_DATA
Kernel/XboxAlternateSignatureKeys 354 Variable: XBOX_KEY_DATA[XBEIMAGE_ALTERNATE_TITLE_ID_COUNT]
Kernel/XePublicKeyData 355 Variable: UCHAR[XC_PUBLIC_KEYDATA_SIZE]
Kernel/HalBootSMCVideoMode 356 Variable: ULONG
Kernel/IdexChannelObject 357 Variable: IDE_CHANNEL_OBJECT
Kernel/HalIsResetOrShutdownPending 358 stdcall
Kernel/IoMarkIrpMustComplete 359 stdcall
Kernel/HalInitiateShutdown 360 stdcall
Kernel/RtlSnprintf 361 stdcall Unused?
Kernel/RtlSprintf 362 stdcall Unused?
Kernel/RtlVsnprintf 363 stdcall Unused?
Kernel/RtlVsprintf 364 stdcall Unused?
Kernel/HalEnableSecureTrayEject 365 stdcall
Kernel/HalWriteSMCScratchRegister 366 stdcall
367 Unused?
368 Unused?
369 Unused?
370 Unused?
371 Unused?
372 Unused?
373 Unused?
Kernel/MmDbgAllocateMemory 374 stdcall Devkits only!
Kernel/MmDbgFreeMemory 375 stdcall Devkits only!
Kernel/MmDbgQueryAvailablePages 376 stdcall Devkits only!
Kernel/MmDbgReleaseAddress 377 stdcall Devkits only!
Kernel/MmDbgWriteCheck 378 stdcall Devkits only!