Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Best Of
Re: Enumerating devices from KM
You may use ZwOpenDirectoryObject and ZwQueryDirectoryObject functions I suppose. But they are, partly at least, undocumented. And as other said, the contents of this directory may change at any time.
Re: block file creation inside a directory
Can anyone please help me block file creation in a directory
Data->IoStatus.Status = STATUS_ACCESS_DENIED; return FLT_PREOP_COMPLETE
That is the answer to the question you asked. For the rest you have to understand the environment more. Like I just said, study it
Re: Is there any problem in interlock operation processing between kernel-applications?
The answer to your specific question is no, there is no difference in the way that interlocked operations behave based on privilege level (ring 3 vs ring 0). The CPU will execute them using the same coherency protocol implied by the LOCK prefix and it is sufficient to guard access to a value from multiple threads running in both.
BUT, it must be said that this is an inherently insecure design. There is no guarantee whatsoever that the UM (less trusted) code will actually access this variable using interlocked access. If that causes the UM code to malfunction and crash, well that’s okay. But if that causes the KM (more trusted) code to malfunction, then that is a serious problem. Without looking at your code at all, or knowing anything about what you are doing, in this context use of InterlockedCompareExchange probably implies that the latter is possible.
If this is a test program, a learning exercise or for use on a closed system, you can ignore this issue. If this is intended for a general purpose mass produced device, you will need to address this problem as no one likes software that introduces new security vulnerabilities
MBond2
Re: Is there any problem in interlock operation processing between kernel-applications?
You still didn't say how you are doing the interlocking. If you are using InterlockedIncrement and InterlockedDecrement, then the answer should be clear. Those APIs use special CPU instructions that guarantee the operation is done atomically, meaning that it can't be interrupted, and the instructions it generates are the same in either mode. So yes, it works as you expect.
Re: Why is my PCI driver's enumerator is “ROOT”?
"devcon install" will create a root enumerated device. you should only use "devcon update" to install your driver on the PCI enumerated device. You can safely delete the root enumerated device via device manager.
Re: Is IRP_MJ_CREATE_NAMED_PIPE pre-op always at PASSIVE_LEVEL?
I'm guessing that it is but until it is written down its a risk to trust it.
What I'd do would be to put in a bug report on the docs (or even a PR) and if it can be non passive then you'll find out and if it cannot be it then becomes "documented behavior".
Re: Created a storage adapter for windows biometric framework but unable to install and load.
If your computer has "secure boot" set in the BIOS, then you cannot sign your own kernel drivers. You must submit them to Microsoft for their signature, either through the WHQL/HCK/HLK process or through the simpler "attestation signing" process.
If this is your own computer for testing, then you can turn off "secure boot". Once you do that, drivers signed and cross-signed the traditional way will work.
Re: WDF keyboard filter driver prevents kbdhid's AddDevice function from being called
STANDARD_Inst is for ps2 keyboards. replace instances with HID_Keyboard_Inst
Re: Restrict driver to non-Windows 10
How to do this is documented twowards the end of https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-manufacturer-section
If you want an INF to explicitly exclude a specific operating system version, product type, or suite, create an empty INF Models section. For example, an empty section named [FooMfg.NTx86.6.0] prohibits installation on x86-based operating system versions 6.0 and higher.
