Kernel

From xboxdevwiki
Revision as of 23:18, 29 May 2017 by Haxar (talk | contribs) (.text and .rdata distinction)
Jump to: navigation, search

The Xbox kernel is called xboxkrnl.exe. It is closely related to the Windows NT ntoskrnl.exe. Its image base address is always 0x80010000.

Header modifications

xboxkrnl.exe is a mostly standard exe file. However, the MS-DOS header was patched to contain Xbox specific data in the reserved 20 byte block starting at offset 40:

Offset Meaning
40 Size of uninitialized portion of the .data section
44 Size of initialized portion of the .data section
48 Memory address of initialized portion of the .data section (usually in Flash).
Used to re-initialize the data section pointed to by the next field.
Note that the pointer might be invalid during normal execution as the Flash might not be mapped at all times.
52 Memory address where the .data section is stored (usually the same as in the section header + image base).

Sections

All sections are identity mapped (meaning file offsets and offsets in RAM match). This is because the kernel is not loaded through a traditional PE / exe loader, but just unpacked into memory.

.text

The .text section contains all x86 subroutines to be executed by the processor.

.rdata

The .rdata section contains the kernel thunk table. The ordinals in the table are to be resolved to the kernel's actual calling routine, when loaded.

.data

The .data section stores initialized and uninitialized data. A copy of the initialized portion of this section is usually stored in the BIOS.

STICKY

Stores variables which must be preserved across a quick-reboot.

IDEXPRDT

A Physical Region Descriptor Table (PRDT) for the IDE bus. This section serves as a memory allocation only, it does not have to be initialized when loading the kernel[citation needed].

INIT

This section is always the last one. It contains the entrypoint of the kernel. Later kernels[FIXME] will discard this section after initialization.

Kernel exports

Kernel exports
Name Ordinal Notes
Kernel/AvGetSavedDataAddress 1
Kernel/AvSendTVEncoderOption 2
Kernel/AvSetDisplayMode 3
Kernel/AvSetSavedDataAddress 4
Kernel/DbgBreakPoint 5
Kernel/DbgBreakPointWithStatus 6
Kernel/DbgLoadImageSymbols 7 Devkits only!
Kernel/DbgPrint 8
Kernel/HalReadSMCTrayState 9
Kernel/DbgPrompt 10
Kernel/DbgUnLoadImageSymbols 11 Devkits only!
Kernel/ExAcquireReadWriteLockExclusive 12
Kernel/ExAcquireReadWriteLockShared 13
Kernel/ExAllocatePool 14
Kernel/ExAllocatePoolWithTag 15
Kernel/ExEventObjectType 16 Variable?
Kernel/ExFreePool 17
Kernel/ExInitializeReadWriteLock 18
Kernel/ExInterlockedAddLargeInteger 19
Kernel/ExInterlockedAddLargeStatistic 20
Kernel/ExInterlockedCompareExchange64 21
Kernel/ExMutantObjectType 22 Variable?
Kernel/ExQueryPoolBlockSize 23
Kernel/ExQueryNonVolatileSetting 24
Kernel/ExReadWriteRefurbInfo 25
Kernel/ExRaiseException 26
Kernel/ExRaiseStatus 27
Kernel/ExReleaseReadWriteLock 28
Kernel/ExSaveNonVolatileSetting 29
Kernel/ExSemaphoreObjectType 30 Variable?
Kernel/ExTimerObjectType 31 Variable?
Kernel/ExfInterlockedInsertHeadList 32
Kernel/ExfInterlockedInsertTailList 33
Kernel/ExfInterlockedRemoveHeadList 34
Kernel/FscGetCacheSize 35
Kernel/FscInvalidateIdleBlocks 36
Kernel/FscSetCacheSize 37
Kernel/HalClearSoftwareInterrupt 38
Kernel/HalDisableSystemInterrupt 39
Kernel/HalDiskCachePartitionCount 40 Variable?
Kernel/HalDiskModelNumber 41 Variable?
Kernel/HalDiskSerialNumber 42 Variable?
Kernel/HalEnableSystemInterrupt 43
Kernel/HalGetInterruptVector 44
Kernel/HalReadSMBusValue 45
Kernel/HalReadWritePCISpace 46
Kernel/HalRegisterShutdownNotification 47
Kernel/HalRequestSoftwareInterrupt 48
Kernel/HalReturnToFirmware 49
Kernel/HalWriteSMBusValue 50
Kernel/InterlockedCompareExchange 51
Kernel/InterlockedDecrement 52
Kernel/InterlockedIncrement 53
Kernel/InterlockedExchange 54
Kernel/InterlockedExchangeAdd 55
Kernel/InterlockedFlushSList 56
Kernel/InterlockedPopEntrySList 57
Kernel/InterlockedPushEntrySList 58
Kernel/IoAllocateIrp 59
Kernel/IoBuildAsynchronousFsdRequest 60
Kernel/IoBuildDeviceIoControlRequest 61
Kernel/IoBuildSynchronousFsdRequest 62
Kernel/IoCheckShareAccess 63
Kernel/IoCompletionObjectType 64 Variable?
Kernel/IoCreateDevice 65
Kernel/IoCreateFile 66
Kernel/IoCreateSymbolicLink 67
Kernel/IoDeleteDevice 68
Kernel/IoDeleteSymbolicLink 69
Kernel/IoDeviceObjectType 70 Variable?
Kernel/IoFileObjectType 71 Variable?
Kernel/IoFreeIrp 72
Kernel/IoInitializeIrp 73
Kernel/IoInvalidDeviceRequest 74
Kernel/IoQueryFileInformation 75
Kernel/IoQueryVolumeInformation 76
Kernel/IoQueueThreadIrp 77
Kernel/IoRemoveShareAccess 78
Kernel/IoSetIoCompletion 79
Kernel/IoSetShareAccess 80
Kernel/IoStartNextPacket 81
Kernel/IoStartNextPacketByKey 82
Kernel/IoStartPacket 83
Kernel/IoSynchronousDeviceIoControlRequest 84
Kernel/IoSynchronousFsdRequest 85
Kernel/IofCallDriver 86
Kernel/IofCompleteRequest 87
Kernel/KdDebuggerEnabled 88 Variable?
Kernel/KdDebuggerNotPresent 89 Variable?
Kernel/IoDismountVolume 90
Kernel/IoDismountVolumeByName 91
Kernel/KeAlertResumeThread 92
Kernel/KeAlertThread 93
Kernel/KeBoostPriorityThread 94
Kernel/KeBugCheck 95
Kernel/KeBugCheckEx 96
Kernel/KeCancelTimer 97
Kernel/KeConnectInterrupt 98
Kernel/KeDelayExecutionThread 99
Kernel/KeDisconnectInterrupt 100
Kernel/KeEnterCriticalRegion 101
Kernel/MmGlobalData 102 Variable?
Kernel/KeGetCurrentIrql 103
Kernel/KeGetCurrentThread 104
Kernel/KeInitializeApc 105
Kernel/KeInitializeDeviceQueue 106
Kernel/KeInitializeDpc 107
Kernel/KeInitializeEvent 108
Kernel/KeInitializeInterrupt 109
Kernel/KeInitializeMutant 110
Kernel/KeInitializeQueue 111
Kernel/KeInitializeSemaphore 112
Kernel/KeInitializeTimerEx 113
Kernel/KeInsertByKeyDeviceQueue 114
Kernel/KeInsertDeviceQueue 115
Kernel/KeInsertHeadQueue 116
Kernel/KeInsertQueue 117
Kernel/KeInsertQueueApc 118
Kernel/KeInsertQueueDpc 119
Kernel/KeInterruptTime 120 Variable?
Kernel/KeIsExecutingDpc 121
Kernel/KeLeaveCriticalRegion 122
Kernel/KePulseEvent 123
Kernel/KeQueryBasePriorityThread 124
Kernel/KeQueryInterruptTime 125
Kernel/KeQueryPerformanceCounter 126
Kernel/KeQueryPerformanceFrequency 127
Kernel/KeQuerySystemTime 128
Kernel/KeRaiseIrqlToDpcLevel 129
Kernel/KeRaiseIrqlToSynchLevel 130
Kernel/KeReleaseMutant 131
Kernel/KeReleaseSemaphore 132
Kernel/KeRemoveByKeyDeviceQueue 133
Kernel/KeRemoveDeviceQueue 134
Kernel/KeRemoveEntryDeviceQueue 135
Kernel/KeRemoveQueue 136
Kernel/KeRemoveQueueDpc 137
Kernel/KeResetEvent 138
Kernel/KeRestoreFloatingPointState 139
Kernel/KeResumeThread 140
Kernel/KeRundownQueue 141
Kernel/KeSaveFloatingPointState 142
Kernel/KeSetBasePriorityThread 143
Kernel/KeSetDisableBoostThread 144
Kernel/KeSetEvent 145
Kernel/KeSetEventBoostPriority 146
Kernel/KeSetPriorityProcess 147
Kernel/KeSetPriorityThread 148
Kernel/KeSetTimer 149
Kernel/KeSetTimerEx 150
Kernel/KeStallExecutionProcessor 151
Kernel/KeSuspendThread 152
Kernel/KeSynchronizeExecution 153
Kernel/KeSystemTime 154 Variable?
Kernel/KeTestAlertThread 155
Kernel/KeTickCount 156 Variable?
Kernel/KeTimeIncrement 157 Variable?
Kernel/KeWaitForMultipleObjects 158
Kernel/KeWaitForSingleObject 159
Kernel/KfRaiseIrql 160
Kernel/KfLowerIrql 161
Kernel/KiBugCheckData 162 Variable?
Kernel/KiUnlockDispatcherDatabase 163
Kernel/LaunchDataPage 164 Variable?
Kernel/MmAllocateContiguousMemory 165
Kernel/MmAllocateContiguousMemoryEx 166
Kernel/MmAllocateSystemMemory 167
Kernel/MmClaimGpuInstanceMemory 168
Kernel/MmCreateKernelStack 169
Kernel/MmDeleteKernelStack 170
Kernel/MmFreeContiguousMemory 171
Kernel/MmFreeSystemMemory 172
Kernel/MmGetPhysicalAddress 173
Kernel/MmIsAddressValid 174
Kernel/MmLockUnlockBufferPages 175
Kernel/MmLockUnlockPhysicalPage 176
Kernel/MmMapIoSpace 177
Kernel/MmPersistContiguousMemory 178
Kernel/MmQueryAddressProtect 179
Kernel/MmQueryAllocationSize 180
Kernel/MmQueryStatistics 181
Kernel/MmSetAddressProtect 182
Kernel/MmUnmapIoSpace 183
Kernel/NtAllocateVirtualMemory 184
Kernel/NtCancelTimer 185
Kernel/NtClearEvent 186
Kernel/NtClose 187
Kernel/NtCreateDirectoryObject 188
Kernel/NtCreateEvent 189
Kernel/NtCreateFile 190
Kernel/NtCreateIoCompletion 191
Kernel/NtCreateMutant 192
Kernel/NtCreateSemaphore 193
Kernel/NtCreateTimer 194
Kernel/NtDeleteFile 195
Kernel/NtDeviceIoControlFile 196
Kernel/NtDuplicateObject 197
Kernel/NtFlushBuffersFile 198
Kernel/NtFreeVirtualMemory 199
Kernel/NtFsControlFile 200
Kernel/NtOpenDirectoryObject 201
Kernel/NtOpenFile 202
Kernel/NtOpenSymbolicLinkObject 203
Kernel/NtProtectVirtualMemory 204
Kernel/NtPulseEvent 205
Kernel/NtQueueApcThread 206
Kernel/NtQueryDirectoryFile 207
Kernel/NtQueryDirectoryObject 208
Kernel/NtQueryEvent 209
Kernel/NtQueryFullAttributesFile 210
Kernel/NtQueryInformationFile 211
Kernel/NtQueryIoCompletion 212
Kernel/NtQueryMutant 213
Kernel/NtQuerySemaphore 214
Kernel/NtQuerySymbolicLinkObject 215
Kernel/NtQueryTimer 216
Kernel/NtQueryVirtualMemory 217
Kernel/NtQueryVolumeInformationFile 218
Kernel/NtReadFile 219
Kernel/NtReadFileScatter 220
Kernel/NtReleaseMutant 221
Kernel/NtReleaseSemaphore 222
Kernel/NtRemoveIoCompletion 223
Kernel/NtResumeThread 224
Kernel/NtSetEvent 225
Kernel/NtSetInformationFile 226
Kernel/NtSetIoCompletion 227
Kernel/NtSetSystemTime 228
Kernel/NtSetTimerEx 229
Kernel/NtSignalAndWaitForSingleObjectEx 230
Kernel/NtSuspendThread 231
Kernel/NtUserIoApcDispatcher 232
Kernel/NtWaitForSingleObject 233
Kernel/NtWaitForSingleObjectEx 234
Kernel/NtWaitForMultipleObjectsEx 235
Kernel/NtWriteFile 236
Kernel/NtWriteFileGather 237
Kernel/NtYieldExecution 238
Kernel/ObCreateObject 239
Kernel/ObDirectoryObjectType 240 Variable?
Kernel/ObInsertObject 241
Kernel/ObMakeTemporaryObject 242
Kernel/ObOpenObjectByName 243
Kernel/ObOpenObjectByPointer 244
Kernel/ObpObjectHandleTable 245 Variable?
Kernel/ObReferenceObjectByHandle 246
Kernel/ObReferenceObjectByName 247
Kernel/ObReferenceObjectByPointer 248
Kernel/ObSymbolicLinkObjectType 249 Variable?
Kernel/ObfDereferenceObject 250
Kernel/ObfReferenceObject 251
Kernel/PhyGetLinkState 252
Kernel/PhyInitialize 253
Kernel/PsCreateSystemThread 254
Kernel/PsCreateSystemThreadEx 255
Kernel/PsQueryStatistics 256
Kernel/PsSetCreateThreadNotifyRoutine 257
Kernel/PsTerminateSystemThread 258
Kernel/PsThreadObjectType 259 Variable?
Kernel/RtlAnsiStringToUnicodeString 260
Kernel/RtlAppendStringToString 261
Kernel/RtlAppendUnicodeStringToString 262
Kernel/RtlAppendUnicodeToString 263
Kernel/RtlAssert 264
Kernel/RtlCaptureContext 265
Kernel/RtlCaptureStackBackTrace 266
Kernel/RtlCharToInteger 267
Kernel/RtlCompareMemory 268
Kernel/RtlCompareMemoryUlong 269
Kernel/RtlCompareString 270
Kernel/RtlCompareUnicodeString 271
Kernel/RtlCopyString 272
Kernel/RtlCopyUnicodeString 273
Kernel/RtlCreateUnicodeString 274
Kernel/RtlDowncaseUnicodeChar 275
Kernel/RtlDowncaseUnicodeString 276
Kernel/RtlEnterCriticalSection 277
Kernel/RtlEnterCriticalSectionAndRegion 278
Kernel/RtlEqualString 279
Kernel/RtlEqualUnicodeString 280
Kernel/RtlExtendedIntegerMultiply 281
Kernel/RtlExtendedLargeIntegerDivide 282
Kernel/RtlExtendedMagicDivide 283
Kernel/RtlFillMemory 284
Kernel/RtlFillMemoryUlong 285
Kernel/RtlFreeAnsiString 286
Kernel/RtlFreeUnicodeString 287
Kernel/RtlGetCallersAddress 288
Kernel/RtlInitAnsiString 289
Kernel/RtlInitUnicodeString 290
Kernel/RtlInitializeCriticalSection 291
Kernel/RtlIntegerToChar 292
Kernel/RtlIntegerToUnicodeString 293
Kernel/RtlLeaveCriticalSection 294
Kernel/RtlLeaveCriticalSectionAndRegion 295
Kernel/RtlLowerChar 296
Kernel/RtlMapGenericMask 297
Kernel/RtlMoveMemory 298
Kernel/RtlMultiByteToUnicodeN 299
Kernel/RtlMultiByteToUnicodeSize 300
Kernel/RtlNtStatusToDosError 301
Kernel/RtlRaiseException 302
Kernel/RtlRaiseStatus 303
Kernel/RtlTimeFieldsToTime 304
Kernel/RtlTimeToTimeFields 305
Kernel/RtlTryEnterCriticalSection 306
Kernel/RtlUlongByteSwap 307
Kernel/RtlUnicodeStringToAnsiString 308
Kernel/RtlUnicodeStringToInteger 309
Kernel/RtlUnicodeToMultiByteN 310
Kernel/RtlUnicodeToMultiByteSize 311
Kernel/RtlUnwind 312
Kernel/RtlUpcaseUnicodeChar 313
Kernel/RtlUpcaseUnicodeString 314
Kernel/RtlUpcaseUnicodeToMultiByteN 315
Kernel/RtlUpperChar 316
Kernel/RtlUpperString 317
Kernel/RtlUshortByteSwap 318
Kernel/RtlWalkFrameChain 319
Kernel/RtlZeroMemory 320
Kernel/XboxEEPROMKey 321 Variable?
Kernel/XboxHardwareInfo 322 Variable?
Kernel/XboxHDKey 323 Variable?
Kernel/XboxKrnlVersion 324 Variable?
Kernel/XboxSignatureKey 325 Variable?
Kernel/XeImageFileName 326 Variable?
Kernel/XeLoadSection 327
Kernel/XeUnloadSection 328
Kernel/READ_PORT_BUFFER_UCHAR 329
Kernel/READ_PORT_BUFFER_USHORT 330
Kernel/READ_PORT_BUFFER_ULONG 331
Kernel/WRITE_PORT_BUFFER_UCHAR 332
Kernel/WRITE_PORT_BUFFER_USHORT 333
Kernel/WRITE_PORT_BUFFER_ULONG 334
Kernel/XcSHAInit 335
Kernel/XcSHAUpdate 336
Kernel/XcSHAFinal 337
Kernel/XcRC4Key 338
Kernel/XcRC4Crypt 339
Kernel/XcHMAC 340
Kernel/XcPKEncPublic 341
Kernel/XcPKDecPrivate 342
Kernel/XcPKGetKeyLen 343
Kernel/XcVerifyPKCS1Signature 344
Kernel/XcModExp 345
Kernel/XcDESKeyParity 346
Kernel/XcKeyTable 347
Kernel/XcBlockCrypt 348
Kernel/XcBlockCryptCBC 349
Kernel/XcCryptService 350
Kernel/XcUpdateCrypto 351
Kernel/RtlRip 352
Kernel/XboxLANKey 353
Kernel/XboxAlternateSignatureKeys 354 Variable?
Kernel/XePublicKeyData 355 Variable?
Kernel/HalBootSMCVideoMode 356 Variable?
Kernel/IdexChannelObject 357 Variable?
Kernel/HalIsResetOrShutdownPending 358
Kernel/IoMarkIrpMustComplete 359
Kernel/HalInitiateShutdown 360
Kernel/RtlSnprintf 361 Unused?
Kernel/RtlSprintf 362 Unused?
Kernel/RtlVsnprintf 363 Unused?
Kernel/RtlVsprintf 364 Unused?
Kernel/HalEnableSecureTrayEject 365
Kernel/HalWriteSMCScratchRegister 366
367 Unused?
368 Unused?
369 Unused?
370 Unused?
371 Unused?
372 Unused?
373 Unused?
Kernel/MmDbgAllocateMemory 374 Devkits only!
Kernel/MmDbgFreeMemory 375 Devkits only!
Kernel/MmDbgQueryAvailablePages 376 Devkits only!
Kernel/MmDbgReleaseAddress 377 Devkits only!
Kernel/MmDbgWriteCheck 378 Devkits only!

See Also

Hard Drive Files