Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Querying an ULONG value from the registry

meiziromeiziro Member Posts: 7

Hello, everybody.

Im pretty new to kernel, and im using the registry to communicate between my um and my km because i dont want to deal with IoCtl.

I successfully retrieved a string from the registry using ZwQueryValueKey.

But now i cant figure out how to retrieve an ULONG. I want to pass a processID from my usermode to my kernelmode. Can someone help me out ?

Thanks for your help, Meiziro.

Comments

  • MBond2MBond2 Member Posts: 139

    Without meaning to dampen your enthusiasm, this is both a very basic question and a very bad idea.

    With this approach, you might as well sprint the process id into a string and atoi it out in KM using the REG_SZ values you already know how to use. The extra overhead will be the least of your issues. At the very least, remember that process id is ephemeral and can be recycled at any time. Also remember that there is no real way to synchronize access or be notified when changes are made in any kind of efficient way

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 242
    You need to deal with ioctls or use filter manager’s message interface.

    Btw pid is pointer- sized, not ULONG
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA