Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
Trying to create a user space thread or worse a user space process is an
extremely complex procedure. There is no call that does it, you have to set
up a lot of code yourself. It is almost always better to have the process
do it for you.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Gian-luca Tenti” wrote in message
news:xxxxx@ntfsd…
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
It depends on what you are trying to do. If you want a driver thread that
runs in a specific user context, yes, it is possible. If you are creating a
thread in user mode from a kernel driver, you have some work ahead of you.
Jamey
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gian-luca Tenti
Sent: Saturday, January 28, 2006 8:20 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
__________ NOD32 1.1385 (20060128) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Thank’s Don and Jamey,
yes Jamey, I’ve to create a thread from a driver that run in user mode
(and in a specific process).
You know what I’ve to do or you can tell me where I can search ?
Using a service to create a thread should be the right way
(createremotethread) but the environment of our project is the terminal
server (2000 & 2003) and the createremotethread api by design don’t
work in multisession.
Thank’s
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jamey Kirby
Sent: domenica 29 gennaio 2006 6.56
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Create a User Thread running in a User Process
context
It depends on what you are trying to do. If you want a driver thread
that runs in a specific user context, yes, it is possible. If you are
creating a thread in user mode from a kernel driver, you have some work
ahead of you.
Jamey
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gian-luca Tenti
Sent: Saturday, January 28, 2006 8:20 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
__________ NOD32 1.1385 (20060128) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
I don’t think so. User threads can have some user-mode structures (some
undocumented) associated with them, and I don’t think you will be able to
create them.
I think that you can create a thread in non-System process by
PsCreateSystemThread, but this will be a kernel-only thread and will not be
able to execute in user space at all.
Why do you need this? It is the app who decides which threads it needs, not
the kernel. If you need to inject something - then inject a user-mode DLL (by
SetWindowsHookEx or such) and run the thread from there. You can also do
CreateRemoteThread from the helper user service process.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Gian-luca Tenti”
To: “Windows File Systems Devs Interest List”
Sent: Saturday, January 28, 2006 7:19 PM
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank’s Maxim,
I’ve to create the thread in a process that:
I think that there’s no solution to this problem. Pax
A question : I use FltStartFiltering to start the filter, but I don’t
see any function like FltStopFiltering. There is a way to stop or pause
the filtering action?
Regard’s
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
Shatskih
Sent: domenica 29 gennaio 2006 13.00
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Create a User Thread running in a User Process
context
I don’t think so. User threads can have some user-mode structures
(some
undocumented) associated with them, and I don’t think you will be able
to
create them.
I think that you can create a thread in non-System process by
PsCreateSystemThread, but this will be a kernel-only thread and will not
be
able to execute in user space at all.
Why do you need this? It is the app who decides which threads it
needs, not
the kernel. If you need to inject something - then inject a user-mode
DLL (by
SetWindowsHookEx or such) and run the thread from there. You can also do
CreateRemoteThread from the helper user service process.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Gian-luca Tenti”
To: “Windows File Systems Devs Interest List”
Sent: Saturday, January 28, 2006 7:19 PM
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@ibsnetwork.it
To unsubscribe send a blank email to xxxxx@lists.osr.com
> createremotethread api by design don’t work in multisession
Never tried that, but what if you create a process in that particular
session
beforehand and use it to create a remote thread in the target?
Like: when someone logs on, an interactive (not in Service-0x0-3e7$ WinSta
but in a WinSta you need) service is started that does nothing until told
otherwise.
As usual, “one more level of indirection”.
Looks like (yet again - I never tried that) you can just set WinSta in
STARTUPINFO when calling CreateProcess.
----- Original Message -----
From: Gian-luca Tenti
To: Windows File Systems Devs Interest List
Sent: Sunday, January 29, 2006 2:46 AM
Subject: RE: [ntfsd] Create a User Thread running in a User Process context
Thank’s Don and Jamey,
yes Jamey, I’ve to create a thread from a driver that run in user mode (and
in a specific process).
You know what I’ve to do or you can tell me where I can search ?
Using a service to create a thread should be the right way
(createremotethread) but the environment of our project is the terminal
server (2000 & 2003) and the createremotethread api by design don’t work in
multisession.
Thank’s
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jamey Kirby
Sent: domenica 29 gennaio 2006 6.56
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Create a User Thread running in a User Process context
It depends on what you are trying to do. If you want a driver thread that
runs in a specific user context, yes, it is possible. If you are creating a
thread in user mode from a kernel driver, you have some work ahead of you.
Jamey
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gian-luca Tenti
Sent: Saturday, January 28, 2006 8:20 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
__________ NOD32 1.1385 (20060128) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
You can do this in many ways. Not knowing much about your design, I
would suggest send a message from service to your process(es). The
process will handle the message by creating a thread
(CreateThread/beginthreadex).
Also review your design to see if things can be made simpler.
Hope that helps.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gian-luca Tenti
Sent: Saturday, January 28, 2006 11:46 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Create a User Thread running in a User Process
context
Thank’s Don and Jamey,
yes Jamey, I’ve to create a thread from a driver that run in user mode
(and in a specific process).
You know what I’ve to do or you can tell me where I can search ?
Using a service to create a thread should be the right way
(createremotethread) but the environment of our project is the terminal
server (2000 & 2003) and the createremotethread api by design don’t
work in multisession.
Thank’s
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jamey Kirby
Sent: domenica 29 gennaio 2006 6.56
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Create a User Thread running in a User Process
context
It depends on what you are trying to do. If you want a driver thread
that runs in a specific user context, yes, it is possible. If you are
creating a thread in user mode from a kernel driver, you have some work
ahead of you.
Jamey
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gian-luca Tenti
Sent: Saturday, January 28, 2006 8:20 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Create a User Thread running in a User Process context
Hi,
can a driver create a user’s thread that run in a user process?
I’ve tried some api (ZwCreateThread, RtlCreateUserThread) but the System
goes on BSOD or the thread return to address 0x00000000 when exit.
There are other ways from kernel to create the thread in user’s space?
Thank’s
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
__________ NOD32 1.1385 (20060128) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Sessions are different from windowstations.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@Home
Sent: Sunday, January 29, 2006 8:45 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Create a User Thread running in a User Process
context
createremotethread api by design don’t work in multisession
Never tried that, but what if you create a process in that particular
session
beforehand and use it to create a remote thread in the target?
Like: when someone logs on, an interactive (not in Service-0x0-3e7$
WinSta
but in a WinSta you need) service is started that does nothing until
told
otherwise.
As usual, “one more level of indirection”.
Looks like (yet again - I never tried that) you can just set WinSta in
STARTUPINFO when calling CreateProcess.
> Sessions are different from windowstations
Sorry if I did not make it clear in my answer.
Create a (say, service) process in a particular session, say, as part of
logon - item #1.
When creating this process, make sure that it is interactive, that is, uses
a particular winsta - item #2.
----- Original Message -----
From: “Satya Das”
To: “Windows File Systems Devs Interest List”
Sent: Wednesday, February 15, 2006 1:48 PM
Subject: RE: [ntfsd] Create a User Thread running in a User Process context
Sessions are different from windowstations.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@Home
Sent: Sunday, January 29, 2006 8:45 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Create a User Thread running in a User Process
context
> createremotethread api by design don’t work in multisession
Never tried that, but what if you create a process in that particular
session
beforehand and use it to create a remote thread in the target?
Like: when someone logs on, an interactive (not in Service-0x0-3e7$
WinSta
but in a WinSta you need) service is started that does nothing until
told
otherwise.
As usual, “one more level of indirection”.
Looks like (yet again - I never tried that) you can just set WinSta in
STARTUPINFO when calling CreateProcess.
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Wow this is a good idea!!
Thank’s!!
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@Home
Sent: mercoled? 15 febbraio 2006 22.31
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Create a User Thread running in a User Process context
Sessions are different from windowstations
Sorry if I did not make it clear in my answer.
Create a (say, service) process in a particular session, say, as part of
logon - item #1.
When creating this process, make sure that it is interactive, that is, uses
a particular winsta - item #2.
----- Original Message -----
From: “Satya Das”
To: “Windows File Systems Devs Interest List”
Sent: Wednesday, February 15, 2006 1:48 PM
Subject: RE: [ntfsd] Create a User Thread running in a User Process context
Sessions are different from windowstations.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@Home
Sent: Sunday, January 29, 2006 8:45 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Create a User Thread running in a User Process
context
> createremotethread api by design don’t work in multisession
Never tried that, but what if you create a process in that particular
session
beforehand and use it to create a remote thread in the target?
Like: when someone logs on, an interactive (not in Service-0x0-3e7$
WinSta
but in a WinSta you need) service is started that does nothing until
told
otherwise.
As usual, “one more level of indirection”.
Looks like (yet again - I never tried that) you can just set WinSta in
STARTUPINFO when calling CreateProcess.
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@filippetti.it
To unsubscribe send a blank email to xxxxx@lists.osr.com