Safedisc installs a kernel service called secdrv.sys. As wine is a user-space only implementation of the win32 API, we need to implement part of the windows kernel API (ntoskrnl.exe) in user-space, and emulate what can't be implemented.
Our biggest problem is the I/O Manager. The kernel services is started by StartService, which currently only supports user-space services. We need to understand how kernel services work in windows to fix that.
When a kernel service is started, it's DriverEntry routine is called with a DRIVER_OBJECT. In which thread does that happen ? Is a new kernel thread started for that ? Can DriverEntry block or must it return immediately ? If it can block, can the driver dispatch routines be called before it returns ? When it returns, if it has been started in a new kernel thread, what happens to the thread ? In which thread do the dispatch routines run when they are called from user-space ?
The MSDN documentation is not very clear about all that. I suppose it hasn't been written with windows cloners in mind :-)