ArticlesSoftware

What is kernel and what is it for?

The kernel is possibly one of the most important parts of an operating system, and without it, none of them could work. Very few people know what the kernel is and how important it is. It is not that we are going to make it so that with this article you can create your own kernel or version of Linux. But it will help you understand its importance, such as why it is a huge security flaw for a game's anticheat system to be at the kernel level.

What a kernel?

A kernel, as we know it today; is a computer program It is found in the kernel of a computer's operating system.. It has full control over everything on the system.

It is the part of the operating system code that always resides in memory and facilitates the interactions between hardware and software components. one complete controls all hardware resources through the different device drivers, it is the one that arbitrates conflicts between processes related to said resources and the one that optimizes the use of common resources. It is also one of the first programs to load at boot time, after the bootloader.

USER and KERNEL MODE system on Windows

Its critical kernel code is typically loaded into a separate area of ​​memory, protected from access by application software or other less critical parts of the operating system, unless we give it administrator permission on its installation. The kernel performs different in its kernel sandbox; while all other programs use a separate memory area. This prevents user data and kernel data from interfering with each other, and prevents applications from malfunctioning by affecting other applications.

kernel security

On systems where the kernel is included in the application address spaces, memory protection is used to prevent unauthorized applications from modifying the kernel. A kernel interface is a low-level layer. When a process requests a kernel service, it must invoke a system call, usually through a wrapper function.

What does the kernel do with the different parts of the PC?

RAM

RAM is used to store both program instructions and data. Both must be present in memory for a program to be able to execute. Sometimes multiple programs will want to access memory. The kernel is responsible for deciding what memory each process can use, it determines what to do when there is not enough memory available.

Ports of entry and exit

In this case, the kernel defines the execution domain and the protection mechanism used to mediate access to resources within a domain. Kernel kernels also provide methods for synchronization and communication between processes. These implementations may be located within the kernel itself, or the kernel may depend on other processes that it is running.

Kernels must also provide running programs with a method for making requests to access these facilities. It is also responsible for context switching between processes or threads.

What is the kernel and how is it formed?

Put simply, the kernel is a fundamental piece of the operating system. It is stored in memory in a protected way. A kernel is made up of codes and modules that indicate the priorities and how to handle each part of the hardware with the software, and the drivers.

In a very simple way, the kernel is the engine of the operating system. Imagine a car without an engine, the central and most important part of a car, and the one that most affects its performance.

Where is the kernel located?

The kernel is found in the operating system. After the PC starts, the kernel is loaded into a dedicated and isolated space in memory for security purposes.

What are the kernel types?

  • Monolithic: they run entirely in a single address space with the CPU running in supervisor mode, primarily for speed.
  • Microkernels: they run most, but not all, of their services in user space, as user processes do, mainly for resiliency and modularity.
  • Modular Kernel: it can insert and remove loadable kernel modules at runtime.
  • Nanokernels: it delegates all services to device drivers so that the kernel's memory requirement is even less than a traditional microkernel.
  • exokernels: Still experimental approach to operating system design. They limit their functionality to protection and multiplexing of the raw hardware, without providing hardware abstractions on which to develop applications. This separation allows developers to determine how to make the most efficient use of the available hardware for each specific program.
  • Multikernel: A multicore operating system treats a multikernel as a network of independent cores. It does not assume shared memory. It implements interprocess communications as message passing.

What would be the Windows kernel?

During the 9s, Microsoft used the Windows 2000x kernel, which was very similar to MS-DOS and needed to use it to operate. For the release of Windows XNUMX, Microsoft developed the kernel. Windows NT for servers. Its version 5.1 was the first to reach users massively together with Windows XP.

All subsequent versions of Windows have been using Windows NT advances. Windows NT is known for being very modular and having two main layers, also known as a hybrid kernel.

What is the kernel in an open source operating system?

Regardless of it being an open source operating system, the kernel is still the same engine that the operating system runs on. When we talk about the linux history, we talked about Richard Stallman creating his own operating system, and merging his operating system with the kernel that Linus Torvalds was developing. This kernel is what is known as the Linux kernel, an operating system open source that allows you to modify the operating system and then do whatever you want with it, even have a commercial version.

How does the Linux kernel work?

The Linux kernel communicates with each other and manages resources in the most efficient way possible, or for which it has been programmed, as it is one of the results of Linux's free code. It sits within the operating system, and it controls all the major hardware functions, regardless of what type of hardware it is.

linux operating system amd valve steam steamdeck deck kernel failure error security

In Linux, your kernel will take care of memory management, processes, device drivers, and security. This is what it does in each section:

  • In memory management it monitors how much memory is used to store what kind of items and where you save them.
  • During Process Management, the kernel is the one that chooses which processes can use the CPU and how they use it.
  • For device drivers, the kernel acts as a mediator or interpreter between the hardware and the processes.
  • In the Security section, it receives service requests from processes to access parts of the operating system that they need for their operation.

How to know the kernel of my Android?

You can find out the kernel of your android by looking in the mobile Settings application. Once you enter, you click on the Device Information section. In each flavor of Android from each manufacturer, the data is included in a slightly different place.

android kernel menu settings

To find it easily, search for “kernel” in the Settings app search box, and you can quickly find which kernel you are using on your Android.

Why are the Valorant and Genshin Impact anticheats at the kernel level a security issue?

We give an example of what has happened with Valorant, and its anticheat system that it controls at Ring 0 level. For Riot Games anti-cheat software to work correctly, it requires a service file called VGK.SYS that needs to be run with kernel permissions. Any software or operating system based on the x86 architecture relies on rings of security, Ring 0 being the most internal and most privileged. Some applications run inside Ring 0, so they take complete control of the Kernel.

valorant shooter riot games kernel

The problem with Riot Games' VGK.SYS for Valorant is that runs when the operating system boots, entering kernel mode. This creates a dangerous security hole, as well as affecting performance, even if we don't play Valorant. It is always active in the background consuming resources unnecessarily. If a bug or exploit appears in VHK.SYS, the computer will be completely exposed and any malicious attacker will be able to take control of the system if an exploit is found.

What happened to Genshin Impact and its anticheat?

In the case of Genshin Impact, its anticheat protection is mhyprot2.sys. At the end of July 2022, it was discovered that the game would have much bigger problems related to that same file. It works as a device driver and has kernel-level authorization within the computer. Taking advantage of the game's popularity, an infected version of the anti-cheat was distributed along with a kill.svc file, which installed the bael service and ran a fake AVG antivirus by downloading various files as ransomware. This ransomware would also shut down various other antiviruses that would normally protect users. The ransomware payload encrypted files and rendered them useless, to be deployed on other computers through a PsExec process. This gave the possibility that a ransomware would make its way through the network if it was connected, and infect more computers.

So, if you're running a computer that's networked to other systems with sensitive stuff, don't install any game that has kernel-level anti-cheat.

Show more

Benjamin Rosa

Madrileño whose publishing career began in 2009. I love investigating curiosities that I later bring to you, readers, in articles. I studied photography, a skill that I use to create humorous photomontages.

Related publications

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top
Close

Ad blocker detected

This site is financed through the use of advertising, we always ensure that it is not too intrusive for the reader and we prioritize the reader's experience on the web. But if you block ads, some of our funding will be reduced.