Some of the LPC routines are now exposed in the IFS Kit - for example,
the function ZwConnectPort is in ntifs.h. While not all LPC functions
have been added, certainly several have been. That further suggests if
there is a compelling reason to do so, the additional functions can be
added.
A disadvantage of LPC is that the messages are all small and limited in
size - it is not a good mechanism for transferring large blocks of data.
Given that there are numerous other ways of achieving this without
resorting to undocumented APIs, I wouldn’t find this a compelling
argument for documenting LPCs.
Why not use named pipes instead? They ALSO work between processes and
threads, include security, etc. They are also documented and supported
from kernel mode for direct open (see IoCreateFile for example). Or
shared memory (via section objects)? Again, documented, can be secured,
and has many of the same advantages.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Tuesday, November 23, 2004 5:46 AM
To: ntfsd redirect
Subject: Re: Re:[ntfsd] About inverted calls
be presented as to why this is needed. I’ve never played with Windows
LPC’s, so please if there is a good reason they are better than other
mechanisms please share it.
Maybe I will write an example and put it to the web.
But if you will Google a while, you can find many examples,
like http://www.windowsitlibrary.com/Content/356/08/3.html
(which seems to be quite well written)
I cannot say where the LPC is better or worse than
other methods.
An advantage of LPC here is that is is intended to be used for sharing
informations between two threads, regardless of the process,
regardless of the mode (kernel or user). It is based on
creating LPC port (NtCreatePort), which allows any client to
connect to this port (NtConnectPort). The mechanism allows
waiting for connection, so the user mode application may
wait for connection request from the driver.
I can see one issue with Max’s suggestion,
which may or must not be a problem.
If the user mode application sends an IOCTL which is blocked
by the driver until the driver needs something,
the thread is blocked and cannot be terminated
(even with brutal methods like TerminateThread),
is it right ? AFAIK when a thread runs in kernel mode,
it cannot be terminated (and thus, the owner process
cannot be killed).
L.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com