Hi all,
I’ve started writing a minifilter which exposes some virtual files whose data are located remotely via the network, probably accessed using an HTTP protocol. I want to put the HTTP-request code + other complex logic into a user-mode helper process, using the inverted call model to communicate between the minifilter driver and this helper process.
One thing I have a question about, then, is when an application tries to read one of the virtual files exposed by the minifilter: Is there a way to map the application-provided read buffer into the user-mode helper process from within the driver, so when the helper process issues the corresponding HTTP request to fetch the data, it can directly fill in the buffer without needing any subsequent copying to get the data back to the application?
I was reading about MmMapLockedPagesSpecifyCache, but one of the caveats with that approach is that it needs to be called from the process context of the helper process.
Thanks!
your common entity is the driver. you need two threads. Thread one is
running in the context of the user process requesting the read(client). The
buffer is supplied by that process. in the kernel driver, you have another
thread (server)that is waiting to furnish IO through your own service in
user mode that fetches the data through http (or what ever other means).
Thread#1
Initialize and MDL
Lock it with MmProbeAndLockPages
Trigger Event to wake up server thread to process request and waits
Thread#2
waits for event. on event wakes up
Map the memory to server here with MmMapLockedPagesSpecifyCache. be
careful, this must be done when you are in the context of the server
process.
does it’s magic to get the data from where ever and put it in the buffer
trigger event to wake up client thread
ofcourse i have simplified it, there are lots of gotchas to take care of,
like:
- what happens if someone tries to kill the client process when
outstanding server requests are pending
- probing user mode memeory for reading etc
On Thu, Oct 27, 2016 at 5:12 PM, wrote:
> Hi all,
>
> I’ve started writing a minifilter which exposes some virtual files whose
> data are located remotely via the network, probably accessed using an HTTP
> protocol. I want to put the HTTP-request code + other complex logic into a
> user-mode helper process, using the inverted call model to communicate
> between the minifilter driver and this helper process.
>
> One thing I have a question about, then, is when an application tries to
> read one of the virtual files exposed by the minifilter: Is there a way to
> map the application-provided read buffer into the user-mode helper process
> from within the driver, so when the helper process issues the corresponding
> HTTP request to fetch the data, it can directly fill in the buffer without
> needing any subsequent copying to get the data back to the application?
>
> I was reading about MmMapLockedPagesSpecifyCache, but one of the caveats
> with that approach is that it needs to be called from the process context
> of the helper process.
>
> Thanks!
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
- ab</http:></http:>
MmMapLockedPagesSpecifyCache is the API you need. And, yes, you need to be in the right context (KeStackAttachProcess is your friend).
-scott
OSR
@OSRDrivers
xxxxx@outlook.com wrote:
One thing I have a question about, then, is when an application tries to read one of the virtual files exposed by the minifilter: Is there a way to map the application-provided read buffer into the user-mode helper process from within the driver, so when the helper process issues the corresponding HTTP request to fetch the data, it can directly fill in the buffer without needing any subsequent copying to get the data back to the application?
I suspect you are guilty of premature optimization here.
Memory-to-memory copies are really, really quick these days. Unless
these are large files being accessed over and over and over, I doubt the
copy will be a concern. If the no-copy solution makes your project more
delicate or introduces a testing burden, it’s probably better not to do
it, until you KNOW you have a performance problem.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.