> How much of the core parts of the kernel do you think have been rewritten since?
Does refactoring count as rewriting, though?
I've poked-around the NT kernels for XP, XPx64, Vista, 7 SP1, and Win10 22H2[1] in Ghidra as part of a personal quest to find out why my Intel motherboard's XHCI (USB) controller drops random mouse HID packets, and even though the overall structure noticeably changes between releases after zooming-in I'll eventually find the same familiar blocks of code or patterns-of-blocks-of-code all referencing each other like before... just with even more new layers of indirection added in each Windows release.
A good example of this is to compare the disassembly for ntosknrl before - and after - Microsoft added Virtualization-based-security and "Virtual Trust Levels" to the kernel (I forget the exact version, but I think sometime in 2017?): prior to that, Windows' kernel-mode handling of its USER-component's hardware IO (mouse, keyboard, etc) was still fairly recognizable compared to even Windows XP; but post-VTL I saw how the "useful" program-code for processing local user input is wrapped in massive amounts of redirection back-and-forth through the hypervisor when VTL is enabled - it left me feeling like they moved a mountain just for this one single, Enterprise-y, feature while accepting the runtime overhead of all the extra branches and virtual-calls going on (which are trivial and of no consequence on modern hardware); so while I can't fault anyone at MS on the kernel team for their approach, it's a reminder that progress does not come cheap - or without compromises.
I wonder if Microsoft wrapped all the indirection gubbins in #ifdefs to elide it all from their gaming-edition build of Windows 11 for their Steamdeck compete ("ROG Xbox Ally") - I'd like to poke around that OS at some point to see (or maybe they've gone all-in on hypervisor-based security because that's how the Xbox now works?)
[1] Remember kids, keep your own backups of pdb symbols! Microsoft doesn't offer ISO downloads of PDBs to match your install media; now they're all download-on-demand with no guarantees of future availability of symbols for any binaries shipping today: it means debug symbols are now ephemeral and will be highly treasured by collectors in the distant future.
