Is there a way for EvtWdfDeviceD0Entry to trigger a usermode program to run?
I need to reprogram an FPGA whenever power is restored to a board. Currently, I have a service which runs permanently, sleeping in another driver, which is woken indirectly from EvtWdfDeviceD0Entry. Is there a better way of achieving this? I have looked at ZwCreateProcess, which I have concluded is not a viable solution.
Chris Read
You can’t start a program directly from the driver so having a service waiting for an event/IOCTL/interface arrival is a common solution.
If you don’t want/need the service running all the time you could use a Service Trigger.
There is an example right there: https://cpp.hotexamples.com/examples/-/-/ZwCreateProcess/cpp-zwcreateprocess-function-examples.html#0xdf7392991fd19c07ab8b444af303bf3ebe2a0c31b0bab6013b1e7d6b56036ad0-177,387,
Otherwise, you can install your usermode process as a service and load the service from your driver with NtLoadDriver (FltLoadFilter for filter drivers).
This is all undocumented thought, obviously, but there is no otherway that I know of (to do it all from kernel).
Sure, but you don’t want to do any of that in an actual product.