How to communicate from kernel mode to user mod app

Hi All,
i want to know is there any way so that i can send a message from
kernel mode to user mode app for notification. i have requirment of notifing
the user mode app with interrupt register value when i am getting any
interrupt that has been generated from my device.as far as handling
interrupt is concern i am doing that successfully in kernel side .

i also want to know how to use callback function feature for communicating
with the user mode application.

any pointer tutorial that can help me to solve this problem.

Best Regards
Nayan


Catch all the cricketing action right here. Live score, match reports,
photos et al. http://content.msn.co.in/Sports/Cricket/Default.aspx

Send the overlapped IOCTL from the app.
In the driver, pend it till there will be a need to send a message. When
such a need occurs, fill the IOCTL IRP’s buffer and complete the IRP.
Do not forget to provide the IRP cancellation in this driver, or the app
will be unable to exit.

This technique is called the “inverted call”.


Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

“nayan kumar” wrote in message news:xxxxx@ntdev…
> Hi All,
> i want to know is there any way so that i can send a message from
> kernel mode to user mode app for notification. i have requirment of notifing
> the user mode app with interrupt register value when i am getting any
> interrupt that has been generated from my device.as far as handling
> interrupt is concern i am doing that successfully in kernel side .
>
> i also want to know how to use callback function feature for communicating
> with the user mode application.
>
> any pointer tutorial that can help me to solve this problem.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Catch all the cricketing action right here. Live score, match reports,
> photos et al. http://content.msn.co.in/Sports/Cricket/Default.aspx
>
>

“nayan kumar” wrote in message news:xxxxx@ntdev…
> Hi All,
> i want to know is there any way so that i can send a message from
> kernel mode to user mode app for notification. i have requirment of
> notifing the user mode app with interrupt register value when i am getting
> any interrupt that has been generated from my device.as far as handling
> interrupt is concern i am doing that successfully in kernel side .
>
> i also want to know how to use callback function feature for communicating
> with the user mode application.
>
> any pointer tutorial that can help me to solve this problem.
>
> Best Regards
> Nayan

Communication from kernel to user mode is usually done via the inverted call
technique. See http://www.osronline.com/article.cfm?id=94 for an example.

Another way (rather than wait on an overlapped call) is to pass in an event
from the user code.

(This is thanks to Walter Oney, see "Programming the MS Windows Driver
Model, 2nd ed)

The kernel needs to get a safe reference to the event the user passes in…

PKEVENT pkNotifyAppEvent;

ntStatus = ObReferenceObjectByHandle(userEvent, EVENT_MODIFY_STATE,
*ExEventObjectType, Irp->RequestorMode, (PVOID*) &pkNotifyAppEvent, NULL);

//if okay
pDeviceExtension->pNotifyApp = pkNotifyAppEvent;
//…don’t forget to deref once finished with…

The kernel can set this event when the user must take same action:

KeSetEvent(pDeviceExtension->pNotifyAppEvent, EVENT_INCREMENT, FALSE);

A user mode thread can wait on the event and when it is triggered, call into
the driver to find out what the result was.

while(true)
{
//can wait forever but you may want to check every 100mS if you should
give up
result = WaitForSingleObject(userEvent, 100); //wait up to 100mS

// if it happened, inquire here
}

This way the user inquires rather than being “called back” by the kernel,
which I doubt is possible.

  • Mike

----- Original Message -----
From: nayan kumar
To: Windows System Software Devs Interest List
Sent: Wednesday, January 10, 2007 12:08 PM
Subject: [ntdev] How to communicate from kernel mode to user mod app

Hi All,
i want to know is there any way so that i can send a message from
kernel mode to user mode app for notification. i have requirment of notifing
the user mode app with interrupt register value when i am getting any
interrupt that has been generated from my device.as far as handling
interrupt is concern i am doing that successfully in kernel side .

i also want to know how to use callback function feature for communicating
with the user mode application.

any pointer tutorial that can help me to solve this problem.

Best Regards
Nayan


Catch all the cricketing action right here. Live score, match reports,
photos et al. http://content.msn.co.in/Sports/Cricket/Default.aspx


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I don’t like the shared event for two reasons

  1. there is no data associated with it so you still have to send the IOCTL
  2. there is no count associated with it, so if 2 interrupts occurred before the wait on the event was satisfied by the application, the app does not know about the data from the 2nd interrupt

Pending the IOCTL satifies the requirements very well. The app can still wait on an IOCTL or synchronous I/O call and then when the wait is satisfied, the data is in hand.

d

> A user mode thread can wait on the event and when it is triggered, call into

the driver to find out what the result was.

…which is by far more coding then inverted call.

Event objects are good if you do not need to transfer any data at all, only to
signal that something occured.


Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Signalling a user event to the app is a useful option if you are already
doing a lot of non overlapped i/o and you don’t want to change to overlapped
to handle this activity. It’s easy to buffer up a number of realtime events
in the kernel and fetch them in one go each time the app has time to attend
to them. It’s pretty responsive, probably because the thread waiting on the
event gets a priority boost when signalled specifically to allow it to
respond quickly (at least so it is claimed). I’ve found it useful for
receiving relatively low priority information that is not part of the
device’s main activity. If it’s a new design probably best to follow the
others’ advice though… Mike

----- Original Message -----
From: Maxim S. Shatskih
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Wednesday, January 10, 2007 6:56 PM
Subject: Re:[ntdev] How to communicate from kernel mode to user mod app

A user mode thread can wait on the event and when it is triggered, call
into
the driver to find out what the result was.

…which is by far more coding then inverted call.

Event objects are good if you do not need to transfer any data at all, only
to
signal that something occured.


Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

To support opinion of Doron and Max: hardware interrupts these days tend to become messages that carry data. Example: PCI express, MSI.

Hi All,
First of all thnaks to all people for their valuable suggesion. I
started implementing your suggesion. In between i googled about this and
found some stuff with the help of that i tried to implement callback
function for sending data from kernel to user mode application.I am facing
some problem with it and want to discuss it with you people just for my
knowledge. For the first time callback function gets called properly no
issue at all.but when i get interrupt for the second time that time i am
getting BSOD .due to lack of resources i am not able to use windbg but i am
writting down the text which appears on my computer screen.it is as follows

STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)

KMODE_EXCEPTION_NOT_HANDLED

Beginning dump of physical memory

when i tried for the second time that time i got the crash again but this
time the text appears on my computer screen was quite diffrent from the
previous one which is as follows

STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)

A wait operation attach process or yield was attempt from DPC routine

Beginning dump of physical memory

i appreciate if you expert people can help me to get rid from this BSOD and
making the driver work properly.

Best Regards
Nayan


Always wanted to be a writer? Here’s your chance!
http://content.msn.co.in/Contribute/Default.aspx

nayan kumar wrote:

Hi All,
First of all thnaks to all people for their valuable
suggesion. I started implementing your suggesion. In between i googled
about this and found some stuff with the help of that i tried to
implement callback function for sending data from kernel to user mode
application.I am facing some problem with it and want to discuss it
with you people just for my knowledge. For the first time callback
function gets called properly no issue at all.but when i get interrupt
for the second time that time i am getting BSOD .due to lack of
resources i am not able to use windbg but i am writting down the text
which appears on my computer screen.it is as follows

STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
KMODE_EXCEPTION_NOT_HANDLED

This is a general protection fault, meaning that you accessed an invalid
address. In this case, the address is 0x023210BE, which is a user-mode
address. When you say you “implement callback function”, you don’t
literally mean that you called from kernel mode into user mode, do you?
When you get an interrupt, the original process is almost certainly no
longer in memory, so none of the user-mode addresses will have any meaning.

You cannot possibly hope to debug this without WinDBG. “Lack of
resources” is not a good enough reason. I have a laptop I bought in
1999 with a 233MHz Pentium-II running Windows 2000 that works perfectly
well as a WinDBG host. Surely you can borrow a 5-year-old laptop that
is no longer being used.

Why don’t you show us what your interrupt code looks like. Maybe
something will stand out.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Tim,
Thanks for your reply.I certainly accept this that i am a kid
before you expert people in this area .Please dont mind.

here is the code from driver part

//declaration
typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);

typedef struct _JIN_SD_DESIGNER_FDO_DATA
{
ULONG CallbackAddress;
PCALLBACK_ROUTINE KernelCallback;

}JIN_SD_DESIGNER_FDO_DATA, *PJIN_SD_DESIGNER_FDO_DATA;

NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
PIRP pIrp)
{
PIO_STACK_LOCATION pIrpStack;
NTSTATUS ntStatus= STATUS_SUCCESS;
PJIN_SD_DESIGNER_FDO_DATA pFdoData;

pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
pIrpStack = IoGetCurrentIrpStackLocation (pIrp);

switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_SET_EVENT_HANDLE:
DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
pFdoData->CallbackAddress = ((ULONG*)
pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];

pFdoData->KernelCallback = NULL;
pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData->CallbackAddress;

if(pFdoData->KernelCallback == NULL)
{
DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
FILE, LINE);
pIrp->IoStatus.Information = 0;
ntStatus = STATUS_INVALID_USER_BUFFER;
goto EXIT;
}

DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);

pIrp->IoStatus.Information = ntStatus;
break;
default:
ntStatus = STATUS_INVALID_DEVICE_REQUEST;
DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);

}

EXIT:
pIrp->IoStatus.Status = ntStatus;
IoCompleteRequest (pIrp, IO_NO_INCREMENT);
DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);
return ntStatus;
}

BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN PVOID
pVoidServiceContext)
{
PJIN_SD_DESIGNER_FDO_DATA pFdoData;
BOOLEAN bInterruptRecognized = FALSE;
pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;

DbgPrint (“\nJinSdDesigner:\t %s—> \n”,FUNCTION);

if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
IoRequestDpc(pFdoData->Self, NULL, pFdoData);

DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);

return bInterruptRecognized;
}

VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID pVoidSystemArgument2)
{
PJIN_SD_DESIGNER_FDO_DATA pFdoData;
KIRQL CurIrql;
ULONG RetVal=0;

pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;

DbgPrint (“\nJinSdDesigner:\t %s—> \n”,FUNCTION);

RetVal = 777;
DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
DbgPrint (“\nJinSdDesigner:\tCallback Function Return
value:-(%u)\n”,RetVal);

CurIrql = KeGetCurrentIrql();
KeLowerIrql(PASSIVE_LEVEL);

RetVal =
pFdoData->KernelCallback(pFdoData->usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);

KeRaiseIrql(CurIrql,&CurIrql);

DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
DbgPrint (“\nJinSdDesigner:\tCallback Function Return
value:-(%u)\n”,RetVal);

DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);
}

if u need some more clarification please let me know.
i am very much keen to know the reason why i am getting BSOD for the second
time.

Best Regards
Nayan


MSN cricket features ‘Cricketer of the Month’
http://content.msn.co.in/Sports/Cricket/Default.aspx

The short answer is that this is poor practice at best. Your “callback” is to an address that is unknown and unknowable at the time you are making it [that’s what “arbitrary context” means when DPCs are discussed]. You are lucky it even worked once [it means your Dpc happened to run in the context of the process that gave you that address the first time it ran].

Also, we provide a number of fine development aids (PFD, Driver Verifier, SDC, etc), all of which will tell you that lowering Irql to PASSIVE_LEVEL in a Dpc routine is forbidden- period. We do our best to keep code like this out of our operating system, and would really appreciate it if you would extend us the same courtesy.

No slam against them intended [I’ve used it plenty over the years myself], but just because you can google it, it doesn’t mean it’s worth the time it took to read it.

You may get stronger feedback than this [I nearly exploded when I read the code, but I suspected it was what you were doing from the bugchecks you were mentioning, and for the benefit of the doubt, I’m assuming you simply didn’t realize how wrong this approach is].

Nayan,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD. These are from simplest to hardest to
fix:

  1. You lower IRQL in the DPC routine, this breaks the locking of the
    kernel. You can never do this, if you are not the one who raised IRQL by a
    KeRaiseIrql call, then do not lower it. On a uniprocessor you have just
    turned off all spin locks, and on a multiprocessor you have mess things up
    well so crashes and deadlocks the likely result.

  2. As Bob mentioned, DPC’s run in arbitrary context, this means you
    cannot rely on the address your IOCTL passed in, since the program with
    that address maybe swapped out, or at least not running and the address you
    get is for another process. So the address can be totally invalid, and
    fail.

  3. Even if you fix the above, you have opened a large security
    hole. The code in the kernel is trusted, now you are allowing any process
    that wants to run at the trusted level. Basically, this code will allow
    any MALWARE writer to completely take over the computer.

As a number of people suggested, you should go to the inverted call.
Instead of having the IOCTL pass a pointer to a routine, pend the IOCTL and
complete it in the DPC routine, to signal the event. Any method trying to
call directly into user code, is going to never be safe and reliable.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“nayan kumar” wrote in message
news:xxxxx@ntdev…
> Hi Tim,
> Thanks for your reply.I certainly accept this that i am a kid
> before you expert people in this area .Please dont mind.
>
> here is the code from driver part
>
>
> //declaration
> typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);
>
> typedef struct _JIN_SD_DESIGNER_FDO_DATA
> {
> ULONG CallbackAddress;
> PCALLBACK_ROUTINE KernelCallback;
>
> }JIN_SD_DESIGNER_FDO_DATA, PJIN_SD_DESIGNER_FDO_DATA;
>
> NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
> PIRP pIrp)
> {
> PIO_STACK_LOCATION pIrpStack;
> NTSTATUS ntStatus= STATUS_SUCCESS;
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
>
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
> pIrpStack = IoGetCurrentIrpStackLocation (pIrp);
>
> switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
> {
> case IOCTL_SET_EVENT_HANDLE:
> DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
> pFdoData->CallbackAddress = ((ULONG
)
> pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];
>
>
> pFdoData->KernelCallback = NULL;
> pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData->CallbackAddress;
>
> if(pFdoData->KernelCallback == NULL)
> {
> DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
> DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
> FILE , LINE );
> pIrp->IoStatus.Information = 0;
> ntStatus = STATUS_INVALID_USER_BUFFER;
> goto EXIT;
> }
>
> DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);
>
> pIrp->IoStatus.Information = ntStatus;
> break;
> default:
> ntStatus = STATUS_INVALID_DEVICE_REQUEST;
> DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);
>
>
> }
>
> EXIT:
> pIrp->IoStatus.Status = ntStatus;
> IoCompleteRequest (pIrp, IO_NO_INCREMENT);
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> return ntStatus;
> }
>
> BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN PVOID
> pVoidServiceContext)
> {
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> BOOLEAN bInterruptRecognized = FALSE;
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;
>
> DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
>
>
> if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
> IoRequestDpc(pFdoData->Self, NULL, pFdoData);
>
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
>
> return bInterruptRecognized;
> }
>
> VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
> pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID pVoidSystemArgument2)
> {
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> KIRQL CurIrql;
> ULONG RetVal=0;
>
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
>
> DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
>
> RetVal = 777;
> DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
> DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> value:-(%u)\n”,RetVal);
>
> CurIrql = KeGetCurrentIrql();
> KeLowerIrql(PASSIVE_LEVEL);
>
> RetVal =
> pFdoData->KernelCallback(pFdoData->usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);
>
> KeRaiseIrql(CurIrql,&CurIrql);
>
> DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
> DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> value:-(%u)\n”,RetVal);
>
>
>
>
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> }
>
> if u need some more clarification please let me know.
> i am very much keen to know the reason why i am getting BSOD for the
> second time.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> MSN cricket features ‘Cricketer of the Month’
> http://content.msn.co.in/Sports/Cricket/Default.aspx
>
>

Typo- SDV (not SDC), of course.

This may help understand the problem (although it’s a bit abstracted and simplified- hope that doesn’t lead to eventual confusion): all user-mode processes on your system have the same virtual address range- how that maps to physical memory addresses is controlled by “page tables” used by the processor. There are tables for each process, so what an address means depends upon which table is in use on the processor executing your Dpc. Your callback address is probably a different piece of code (or data, or even an invalid address) in each process running on the machine.

An interrupt has to be handled quickly, and Dpcs also need to be fast. Because of this, they get handled ASAP, in the address space of whatever process is executing at the time they get called.

So your callback to a user mode address from a Dpc is a roll of the dice- it could execute anything or nothing. It is just the wrong way to solve your problem.

Please use the inverted call method described earlier. Or at least explain why it doesn’t meet your needs.

Thanks for the summary, Don. Wish I could so as well :).

> -----Original Message-----

From: xxxxx@lists.osr.com [mailto:bounce-275438-
xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Friday, January 12, 2007 9:54 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to communicate from kernel mode to user mod app

Nayan,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD. These are from simplest to hardest
to
fix:

  1. You lower IRQL in the DPC routine, this breaks the locking of
    the
    kernel. You can never do this, if you are not the one who raised IRQL by
    a
    KeRaiseIrql call, then do not lower it. On a uniprocessor you have just
    turned off all spin locks, and on a multiprocessor you have mess things up
    well so crashes and deadlocks the likely result.

  2. As Bob mentioned, DPC’s run in arbitrary context, this means you
    cannot rely on the address your IOCTL passed in, since the program with
    that address maybe swapped out, or at least not running and the address
    you
    get is for another process. So the address can be totally invalid, and
    fail.

  3. Even if you fix the above, you have opened a large security
    hole. The code in the kernel is trusted, now you are allowing any process
    that wants to run at the trusted level. Basically, this code will allow
    any MALWARE writer to completely take over the computer.

As a number of people suggested, you should go to the inverted call.
Instead of having the IOCTL pass a pointer to a routine, pend the IOCTL
and
complete it in the DPC routine, to signal the event. Any method trying to
call directly into user code, is going to never be safe and reliable.

[PCAUSA] One additional thought.

If you really like the logic of having a callback to in user-mode when
driver data is available, study the user-mode asynchronous I/O methods. In
particular, look at “asynchronous procedure callbacks” (See ReadFileEx and
friends) as well as I/O completion ports (See CreateIoCompletionPort and
friends).

Both of these user-mode techniques are fairly high performance.

AND, in the driver you still handle the inverted call in the same way that
most folks are recommending.

Good luck,

Thomas F. Divine


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“nayan kumar” wrote in message
> news:xxxxx@ntdev…
> > Hi Tim,
> > Thanks for your reply.I certainly accept this that i am a kid
> > before you expert people in this area .Please dont mind.
> >
> > here is the code from driver part
> >
> >
> > //declaration
> > typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);
> >
> > typedef struct _JIN_SD_DESIGNER_FDO_DATA
> > {
> > ULONG CallbackAddress;
> > PCALLBACK_ROUTINE KernelCallback;
> >
> > }JIN_SD_DESIGNER_FDO_DATA, PJIN_SD_DESIGNER_FDO_DATA;
> >
> > NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
> > PIRP pIrp)
> > {
> > PIO_STACK_LOCATION pIrpStack;
> > NTSTATUS ntStatus= STATUS_SUCCESS;
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> >
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject-
> >DeviceExtension;
> > pIrpStack = IoGetCurrentIrpStackLocation (pIrp);
> >
> > switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
> > {
> > case IOCTL_SET_EVENT_HANDLE:
> > DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
> > pFdoData->CallbackAddress = ((ULONG
)
> > pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];
> >
> >
> > pFdoData->KernelCallback = NULL;
> > pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData-
> >CallbackAddress;
> >
> > if(pFdoData->KernelCallback == NULL)
> > {
> > DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
> > DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
> > FILE , LINE );
> > pIrp->IoStatus.Information = 0;
> > ntStatus = STATUS_INVALID_USER_BUFFER;
> > goto EXIT;
> > }
> >
> > DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);
> >
> > pIrp->IoStatus.Information = ntStatus;
> > break;
> > default:
> > ntStatus = STATUS_INVALID_DEVICE_REQUEST;
> > DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);
> >
> >
> > }
> >
> > EXIT:
> > pIrp->IoStatus.Status = ntStatus;
> > IoCompleteRequest (pIrp, IO_NO_INCREMENT);
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> > return ntStatus;
> > }
> >
> > BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN
> PVOID
> > pVoidServiceContext)
> > {
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> > BOOLEAN bInterruptRecognized = FALSE;
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;
> >
> > DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
> >
> >
> > if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
> > IoRequestDpc(pFdoData->Self, NULL, pFdoData);
> >
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> >
> > return bInterruptRecognized;
> > }
> >
> > VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
> > pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID
> pVoidSystemArgument2)
> > {
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> > KIRQL CurIrql;
> > ULONG RetVal=0;
> >
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
> >
> > DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
> >
> > RetVal = 777;
> > DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
> > DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> > value:-(%u)\n”,RetVal);
> >
> > CurIrql = KeGetCurrentIrql();
> > KeLowerIrql(PASSIVE_LEVEL);
> >
> > RetVal =
> > pFdoData->KernelCallback(pFdoData-
> >usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);
> >
> > KeRaiseIrql(CurIrql,&CurIrql);
> >
> > DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
> > DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> > value:-(%u)\n”,RetVal);
> >
> >
> >
> >
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> > }
> >
> > if u need some more clarification please let me know.
> > i am very much keen to know the reason why i am getting BSOD for the
> > second time.
> >
> > Best Regards
> > Nayan
> >
> > _________________________________________________________________
> > MSN cricket features ‘Cricketer of the Month’
> > http://content.msn.co.in/Sports/Cricket/Default.aspx
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

How anyone can expect to do kernel development without an effective debug
capability is a mystery.

All we can tell you is, oh yeah, you have a kernel mode exception that is
not handled. Probably you have an access denied (C0000005) and quite
possibly a bogus pointer (23210BE). Now … if you had WinDbg up and running
there is a whole herd of analytical tools available that can be called forth
to find out what went bump in the night. But … you don’t have the
resources for WinDbg, so really, about all that can be done is to scratch
various parts of our anatomy and wonder why a kernel developer doesn’t have
the resources to do their work.


The personal opinion of
Gary G. Little

“nayan kumar” wrote in message news:xxxxx@ntdev…
> Hi All,
> First of all thnaks to all people for their valuable suggesion. I
> started implementing your suggesion. In between i googled about this and
> found some stuff with the help of that i tried to implement callback
> function for sending data from kernel to user mode application.I am facing
> some problem with it and want to discuss it with you people just for my
> knowledge. For the first time callback function gets called properly no
> issue at all.but when i get interrupt for the second time that time i am
> getting BSOD .due to lack of resources i am not able to use windbg but i
> am writting down the text which appears on my computer screen.it is as
> follows
>
> STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
>
> KMODE_EXCEPTION_NOT_HANDLED
>
> Beginning dump of physical memory
>
> when i tried for the second time that time i got the crash again but this
> time the text appears on my computer screen was quite diffrent from the
> previous one which is as follows
>
> STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
>
> A wait operation attach process or yield was attempt from DPC routine
>
> Beginning dump of physical memory
>
> i appreciate if you expert people can help me to get rid from this BSOD
> and making the driver work properly.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Always wanted to be a writer? Here’s your chance!
> http://content.msn.co.in/Contribute/Default.aspx
>
>

NAYAN:

I can’t recall if you are developing a driver for actual hardware. If
you are, then disregard what follows, as it will not help you.

You can download Microsoft VirtualPC (I believe that it is still free).
This will allow you to emulate and debug a target operating system all
on your development machine. It is not a ideal solution, but, given
your constraints, it is your only option, as not having no kernel
debugger at all is fatal, SoftICE is not made any more and costs more
than another machine anyway, and local kernel debugging with WinDbg is
basically useless.

In any case:

WinDbg:

http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

VirtualPC:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6D58729D-DFA8-40BF-AFAF-20BCB7F01CD1&displaylang=en

This link tells how to setup WinDbg for use with a VM.

http://support.microsoft.com/kb/871171

The constraints that lack of resources are imposing are indeed totally
untenable. That being said, I seriously doubt it is a choice, so I hope
this helps.

Best of luck,

mm

http://support.microsoft.com/kb/871171

>> xxxxx@seagate.com 2007-01-12 16:52 >>>
How anyone can expect to do kernel development without an effective
debug
capability is a mystery.

All we can tell you is, oh yeah, you have a kernel mode exception that
is
not handled. Probably you have an access denied (C0000005) and quite
possibly a bogus pointer (23210BE). Now … if you had WinDbg up and
running
there is a whole herd of analytical tools available that can be called
forth
to find out what went bump in the night. But … you don’t have the
resources for WinDbg, so really, about all that can be done is to
scratch
various parts of our anatomy and wonder why a kernel developer doesn’t
have
the resources to do their work.


The personal opinion of
Gary G. Little

“nayan kumar” wrote in message
news:xxxxx@ntdev…
> Hi All,
> First of all thnaks to all people for their valuable
suggesion. I
> started implementing your suggesion. In between i googled about this
and
> found some stuff with the help of that i tried to implement callback

> function for sending data from kernel to user mode application.I am
facing
> some problem with it and want to discuss it with you people just for
my
> knowledge. For the first time callback function gets called properly
no
> issue at all.but when i get interrupt for the second time that time i
am
> getting BSOD .due to lack of resources i am not able to use windbg
but i
> am writting down the text which appears on my computer screen.it is
as
> follows
>
> STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
>
> KMODE_EXCEPTION_NOT_HANDLED
>
> Beginning dump of physical memory
>
> when i tried for the second time that time i got the crash again but
this
> time the text appears on my computer screen was quite diffrent from
the
> previous one which is as follows
>
> STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
>
> A wait operation attach process or yield was attempt from DPC
routine
>
> Beginning dump of physical memory
>
> i appreciate if you expert people can help me to get rid from this
BSOD
> and making the driver work properly.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Always wanted to be a writer? Here’s your chance!
> http://content.msn.co.in/Contribute/Default.aspx
>
>


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Don,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD.

Both you and Bob seem to have overlooked one important detail - on x86 architecture, privileged code cannot call unprivileged one. Period. There are only 3 ways how this transition can get done, i.e. IRETD, SYSEXIT and far RET (irrelevant under Windows). In the OP’s case, the callback that resides in the user address space will be treated as privileged code if it gets invoked from the kernel mode, because CALL does not affect CS register. Under XP and above, user-to kernel mode transition is done as SYSENTER, and this instruction can be executed only by non-privileged code.
Now imagine what is going to happen if this callback tries to make any system call - privileged code
executes SYSENTER and … BANG!!!

Therefore, unless his callback does not make any system calls, the whole thing could not have worked even on *SINGLE* occasion - even if callback gets invoked in context of the right thread and no page faults occur, it is still bound to crash…

Anton Bassov

Hi All,
Thanks to all for your valuable suggesion.

I already mention in my post that while finding some tutorial or stuff about
communicating with user mode app from kernel mode i got that sample and i
just tried for my knowledge purpose weather its working or not .only this is
the reason that i tried that for checking although i started implementing
inverted call for getting my work done i dont have any issue at all with
inverted call.

If this is not the best way to increase our knowledge level then i am really
very sorry that i am heading in wrong direction.if you expert people can
give me right direction for learning anything new about which we are unknown
i would be very thankful to you.

Best Regards
Nayan

From: “Martin O’Brien”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: Re:[ntdev] RE:How to communicate from kernel mode to user mod app
>Date: Fri, 12 Jan 2007 17:33:13 -0500
>
>NAYAN:
>
>I can’t recall if you are developing a driver for actual hardware. If
>you are, then disregard what follows, as it will not help you.
>
>You can download Microsoft VirtualPC (I believe that it is still free).
> This will allow you to emulate and debug a target operating system all
>on your development machine. It is not a ideal solution, but, given
>your constraints, it is your only option, as not having no kernel
>debugger at all is fatal, SoftICE is not made any more and costs more
>than another machine anyway, and local kernel debugging with WinDbg is
>basically useless.
>
>In any case:
>
>WinDbg:
>
>http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
>
>VirtualPC:
>
>http://www.microsoft.com/downloads/details.aspx?FamilyId=6D58729D-DFA8-40BF-AFAF-20BCB7F01CD1&amp;displaylang=en
>
>This link tells how to setup WinDbg for use with a VM.
>
>http://support.microsoft.com/kb/871171
>
>The constraints that lack of resources are imposing are indeed totally
>untenable. That being said, I seriously doubt it is a choice, so I hope
>this helps.
>
>Best of luck,
>
>mm
>
>
>http://support.microsoft.com/kb/871171
> >>> xxxxx@seagate.com 2007-01-12 16:52 >>>
>How anyone can expect to do kernel development without an effective
>debug
>capability is a mystery.
>
>All we can tell you is, oh yeah, you have a kernel mode exception that
>is
>not handled. Probably you have an access denied (C0000005) and quite
>possibly a bogus pointer (23210BE). Now … if you had WinDbg up and
>running
>there is a whole herd of analytical tools available that can be called
>forth
>to find out what went bump in the night. But … you don’t have the
>resources for WinDbg, so really, about all that can be done is to
>scratch
>various parts of our anatomy and wonder why a kernel developer doesn’t
>have
>the resources to do their work.
>
>–
>The personal opinion of
>Gary G. Little
>
>“nayan kumar” wrote in message
>news:xxxxx@ntdev…
> > Hi All,
> > First of all thnaks to all people for their valuable
>suggesion. I
> > started implementing your suggesion. In between i googled about this
>and
> > found some stuff with the help of that i tried to implement callback
>
> > function for sending data from kernel to user mode application.I am
>facing
> > some problem with it and want to discuss it with you people just for
>my
> > knowledge. For the first time callback function gets called properly
>no
> > issue at all.but when i get interrupt for the second time that time i
>am
> > getting BSOD .due to lack of resources i am not able to use windbg
>but i
> > am writting down the text which appears on my computer screen.it is
>as
> > follows
> >
> > STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
> >
> > KMODE_EXCEPTION_NOT_HANDLED
> >
> > Beginning dump of physical memory
> >
> > when i tried for the second time that time i got the crash again but
>this
> > time the text appears on my computer screen was quite diffrent from
>the
> > previous one which is as follows
> >
> > STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
> >
> > A wait operation attach process or yield was attempt from DPC
>routine
> >
> > Beginning dump of physical memory
> >
> > i appreciate if you expert people can help me to get rid from this
>BSOD
> > and making the driver work properly.
> >
> > Best Regards
> > Nayan
> >
> >
> > Always wanted to be a writer? Here’s your chance!
> > http://content.msn.co.in/Contribute/Default.aspx
> >
> >
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer


Get up-to-date with movies, music and TV. Its happening on MSN Entertainment
http://content.msn.co.in/Entertainment/Default