Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
How an NDIS filter driver can interact with a user-mode program
Hello everybody.Who can help me. How can I send outgoing Net Buffer Lists (outgoing traffic from NDIS filter driver (FilterSendNetBufferLists)) to user mode program for some modifications. I am doing it with IRPs, but I think it is not a best case. Because initiator of IRP is user, but I need the driver to be an initiator of communication between NDIS driver and user program.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 30 January 2023 | Live, Online |
| Developing Minifilters | 20 March 2023 | Live, Online |
| Internals & Software Drivers | 17 April 2023 | Live, Online |
| Writing WDF Drivers | 22 May 2023 | Live, Online |
Comments
First you can encrypt in the kernel, the operating system even has calls for the common model it provides in user space. If you really need to send it to user space look up "inverted call" that is well documented on the OSR site see https://www.osr.com/nt-insider/2013-issue1/inverted-call-model-kmdf/
Thank you Mr Don_Burn. This is very helpful advice. Yes, maybe "inverted call" is what I need. But please tell us about the first method you mentioned. (First you can encrypt in the kernel, the operating system even has calls for the common model it provides in user space.)
And the second question. Will "inverted call" work in an NDIS environment
Bcrypt.h has a kernel version, if you can use the Bcrypt calls in user mode, they should do the work in kernel mode if you want. Yes, the basic inverted call model works with NDIS.
I read "Inverted Call". This is what I have already done. Yes, from the user mode program I issue an IOCTL request, in the driver I receive this request and store it in the context structure of the driver module. After that, I take it from the FilterSendNetBufferLists function, fill the MDL from NetBufferLists and return it to the user program. If this is the right way, then thanks..
DLLs can be loaded in kernel mode, as long as they don't call user-mode APIs.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
well, thank You Mr.