Draft:Win32k.sys

Submission declined on 9 January 2023 by Slywriter (talk).

This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:

in-depth (not just passing mentions about the subject)
reliable
secondary
independent of the subject

Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL
Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by Slywriter 20 months ago. Last edited by UtherSRG 34 days ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 9 January 2023 by 97198 (talk).

This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:

in-depth (not just passing mentions about the subject)
reliable
secondary
independent of the subject

Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia.

Declined by 97198 20 months ago.

Submission declined on 7 January 2023 by S0091 (talk).

This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.

Declined by S0091 20 months ago.

Comment: No indication of notability. It's just a single file Slywriter (talk) 15:26, 9 January 2023 (UTC)

Comment: Most of the content is unsourced and works published by Microsoft are not independent so cannot be used to establish notability. S0091 (talk) 20:03, 7 January 2023 (UTC)

Kernel Mode Windows Subsystem (win32k.sys)

Win32k.sys is part of the Windows Subsystem implemented in Kernel Mode, designed as an important dependency of the Windows Operating System and responsible for implementing the GDI, keyboard and mouse inputs and the Window Manager. The name contains the word Win32 which stands for the Windows Subsystem and k for Kernel mode.^[1]^[2]

The Kernel Mode Windows Subsystem implements a System Service Table with over 800 System Calls, starting with the System Call Index 0x1000 (NtGdiAbortDoc on Windows NT 5.1).^[3]

It is being loaded at startup by the Session Manager Subsystem process in the kernel address space. On load, win32k.sys calls win32kbase.sys Driver Entry Point, which attaches win32k's System Service Table to NTOS using the KeAddSystemServiceTable function.^[4]

History

In early versions of NTOS, win32k used to be a core User-Mode Dynamic-link library (just like NTDLL) but due to bad performance, the file has been ported to Kernel-Mode. This change has improved the response time of user-mode applications.

Present

Today, the Windows Subsystem is separated into two files (besides win32k.sys): win32kfull.sys and win32kbase.sys.^[5] Win32kbase contains the actual Entry Point for win32k but also experimental and additional features, whereas Win32kfull contains the most stable and commonly used functions.

Win32k port to Kernel Mode

The port consisted in replacing Win32 calls into NTAPI calls then write the file to a driver which made it develop a lot of Denial of Service vectors where attackers could create Privilege escalation.^[6]

User Mode Windows Subsystem (win32u.dll)

The user mode component of the Windows Subsystem is win32u.dll that works just like NTDLL.

It contains pieces of generated machine code as a stub for doing a direct syscall instruction, which end up in Win32k.^[7]

GDI and User-related functions are being exported from gdi32.dll and user32.dll. These DLLs use win32u.dll exported functions to perform actions.^[8]^[9]

References

^ "The Win32k kernel-mode driver". O’Reilly. O’Reilly. Retrieved 8 January 2023.
^ See also, the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll
^ "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.
^ "A short introduction in System Services Dispatching". Insinuator. Insinuator. Retrieved 8 January 2023.
^ Spencer, McIntyre (30 September 2020). "Win32k Overview". Retrieved 9 January 2023.
^ "Microsoft Warns of Windows Win32k Privilege Escalation | CISA". www.cisa.gov. CISA Gov. CISA Gov. Retrieved 9 February 2021.
^ "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.
^ See the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll
^ See the documentation for the Wine implementation of USER32.DLL: Wine API: user32.dlll

External Links

[1] "The Win32k kernel-mode driver". O’Reilly. O’Reilly. Retrieved 8 January 2023.

[2] See also, the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll

[3] "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.

[4] "A short introduction in System Services Dispatching". Insinuator. Insinuator. Retrieved 8 January 2023.

[5] Spencer, McIntyre (30 September 2020). "Win32k Overview". Retrieved 9 January 2023.

[6] "Microsoft Warns of Windows Win32k Privilege Escalation | CISA". www.cisa.gov. CISA Gov. CISA Gov. Retrieved 9 February 2021.

[7] "Inside Native Applications". Archived from the original on 2010-10-23. Retrieved 2017-08-26.

[8] See the documentation for the Wine implementation of GDI32.DLL: Wine API: gdi32.dll

[9] See the documentation for the Wine implementation of USER32.DLL: Wine API: user32.dlll

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]