Joya Systems

Call Us: 1-877-DEV-KERNEL

Code Reviews & Maintenance

Extra eyes save time.

Do you have to maintain or enhance legacy code that no one knows or wants to touch? We have spent years reading through machine code and figuring out how things work without access to source code. Just imagine what we can do when the source code is in front of us! Going over legacy code to document or leverage existing intellectual property might not be what your team fancies, but we do this for a living and are very comfortable delving into the unknown. When we are done, you'll receive a clear set of actionable recommendations for improving the security, reliability and performance of the existing code.

A kernel-mode code review from Joya Systems covers the areas that matter most in system-level software: security vulnerabilities such as privilege escalation paths and improper input validation from user-mode callers; performance bottlenecks from excessive lock contention or misuse of non-paged pool; IRQL violations where code executes at the wrong interrupt level; memory leaks in kernel allocations; and race conditions in multi-processor scenarios that may only surface under load or on specific hardware configurations. We also check adherence to kernel-mode best practices around object reference counting, IRP handling, and driver unload paths.

At the conclusion of the engagement you receive a written report that documents every finding, categorized by severity and accompanied by a concrete, prioritized list of recommendations. Critical issues, those likely to cause crashes, data corruption, or exploitable vulnerabilities, are flagged clearly so your team can address them first. The report is written to be actionable by your own engineers, so you are not dependent on us to implement the fixes, though we are happy to do so if preferred.

Contact us to get started or to discuss the scope of what you need reviewed.

Frequently Asked Questions

Q: What does a kernel-mode code review cover?
Our reviews examine security vulnerabilities (privilege escalation, improper user-mode input validation), IRQL correctness, memory management (leaks, pool corruption, use-after-free), race conditions and locking discipline, IRP handling correctness, and adherence to Windows Driver Kit best practices. We also look at driver signing, PatchGuard compatibility, and compatibility with Driver Verifier.
Q: How is your code review delivered?
You receive a written report documenting each finding with its location in the source code, an explanation of the issue, its severity, and a prioritized recommendation for fixing it. Critical findings that could cause crashes or security vulnerabilities are highlighted separately so your team knows exactly where to focus first.
Q: Can you review drivers written by another team?
Yes, reviewing drivers that were written by others — including third-party or offshore teams — is one of the most common scenarios for our code review service. We have no context about design decisions that might bias the review, which is often an advantage. Get in touch to send us the code and we will provide an estimate of the effort involved.

Our Services

  • What our customers say about us?

    Read our customer testimonials to find out why our clients keep returning for their projects.

    View Testimonials