Hi,
is it possible to have the advantages of delay loading in drivers? Would be useful at times when an OS function is available for a later release but not for the minimum required release to run the driver (e.g. CM-notifications).
As far as I understood this is basically a compiler-support issue on Win32, so I assume, if at all, Microsoft would have to implement this in the DDK compiler?!
May the source be with you, stranger 
ICQ: #281645
URL: http://assarbad.net
No. There is no LoadLibrary/GetProcAddr to resolve an export (outside
of NTOSKRNL/HAL) after load time. As such, there is now to resolve
imports at use. Furthermore, you would have to worry about IRQL which
is not a concern in UM
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Oliver Schneider
Sent: Monday, June 12, 2006 3:31 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Delay loading in drivers?
Hi,
is it possible to have the advantages of delay loading in drivers? Would
be useful at times when an OS function is available for a later release
but not for the minimum required release to run the driver (e.g.
CM-notifications).
As far as I understood this is basically a compiler-support issue on
Win32, so I assume, if at all, Microsoft would have to implement this in
the DDK compiler?!
May the source be with you, stranger
ICQ: #281645
URL: http://assarbad.net
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
[resending due to bounce]
No. There is no LoadLibrary/GetProcAddr to resolve an export (outside
of NTOSKRNL/HAL) after load time. As such, there is now to resolve
imports at use. Furthermore, you would have to worry about IRQL which
is not a concern in UM
d
âŚI did hear of an undocumented ZwLoadDriver(âŚ), can it be used in this
scenario.
On 6/12/06, Doron Holan wrote:
>
> [resending due to bounce]
>
> No. There is no LoadLibrary/GetProcAddr to resolve an export (outside
> of NTOSKRNL/HAL) after load time. As such, there is now to resolve
> imports at use. Furthermore, you would have to worry about IRQL which
> is not a concern in UM
>
> d
>
> â
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
â
- amitr0
ZwLoadDriver is documented in the IFS, but that doesnât help. That just
loads the driver, that doesnât give you the PDRIVER_OBJECT or a way to
resolve an import by name (w/out walking the PE header yourself).
Furthermore, unlike UM which has DLL reference counts which keep DLLs
around until they are no longer in use, you can call ZwUnloadDriver on a
driver being used by another driver and it will successfully unload.
This means that you cannot deterministically know when to unload a
driver unless you are the one and only one component which loaded it and
can track state.
d
Correct. Then use ObOpenObjectByName to open the driver object, the PE
image base is one of the fields in DRIVER_OBJECT.
Then use your own PE format parser to parse the exports and implement
GetProcAddress.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: âamitr0â
To: âWindows System Software Devs Interest Listâ
Sent: Monday, June 12, 2006 7:58 PM
Subject: Re: [ntdev] Delay loading in drivers?
> âŚI did hear of an undocumented ZwLoadDriver(âŚ), can it be used in this
> scenario.
>
>
>
>
> On 6/12/06, Doron Holan wrote:
> >
> > [resending due to bounce]
> >
> > No. There is no LoadLibrary/GetProcAddr to resolve an export (outside
> > of NTOSKRNL/HAL) after load time. As such, there is now to resolve
> > imports at use. Furthermore, you would have to worry about IRQL which
> > is not a concern in UM
> >
> > d
> >
> > â
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
>
>
>
> â
>
> - amitr0
>
> â
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
why not? we can use ObOpenObjectByName after that to open the driver object,
and if I rememebr correctly the Image Base for the PE is one of the fields
there.
But i donât think it would be tthat easyâŚ
On 6/12/06, Doron Holan wrote:
>
> ZwLoadDriver is documented in the IFS, but that doesnât help. That just
> loads the driver, that doesnât give you the PDRIVER_OBJECT or a way to
> resolve an import by name (w/out walking the PE header yourself).
>
> Furthermore, unlike UM which has DLL reference counts which keep DLLs
> around until they are no longer in use, you can call ZwUnloadDriver on a
> driver being used by another driver and it will successfully unload.
> This means that you cannot deterministically know when to unload a
> driver unless you are the one and only one component which loaded it and
> can track state.
>
> d
>
> â
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
â
- amitr0
Now ObOpenObjectByName is completely undocumented ⌠and you still have the lack of a ref count on the loaded image to deal with. Furthermore, you have IRQL constraints as well (PASSIVE_LEVEL only). Finally, you need to have stub code that will get called if all of this fails in some way so you are not jumping through NULL.
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of amitr0
Sent: Monday, June 12, 2006 9:40 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Delay loading in drivers?
why not? we can use ObOpenObjectByName after that to open the driver object, and if I rememebr correctly the Image Base for the PE is one of the fields? there.
?
But i donât think it would be tthat easyâŚ
?
On 6/12/06, Doron Holan wrote:
ZwLoadDriver is documented in the IFS, but that doesnât help.??That just
loads the driver, that doesnât give you the PDRIVER_OBJECT or a way to
resolve an import by name (w/out walking the PE header yourself).
Furthermore, unlike UM which has DLL reference counts which keep DLLs
around until they are no longer in use, you can call ZwUnloadDriver on a
driver being used by another driver and it will successfully unload.
This means that you cannot deterministically know when to unload a
driver unless you are the one and only one component which loaded it and
can track state.
d
â
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
â
- amitr0 â Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Which may be a hint that it isnât exactly a good idea.
If you want to support interfaces between your drivers, and different
versions of your drivers, there are plenty of good ways to do this.
IOCTLs, IRP_MN_QUERY_INTERFACE, or defining your own âQueryInterfaceâ
export, which is always present, but gives you control over how to
expose vtables and similar structures.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amitr0
Sent: Monday, June 12, 2006 9:40 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Delay loading in drivers?
why not? we can use ObOpenObjectByName after that to open the driver
object, and if I rememebr correctly the Image Base for the PE is one of
the fields there.
But i donât think it would be tthat easyâŚ
On 6/12/06, Doron Holan wrote:
ZwLoadDriver is documented in the IFS, but that doesnât help.
That just
loads the driver, that doesnât give you the PDRIVER_OBJECT or a
way to
resolve an import by name (w/out walking the PE header
yourself).
Furthermore, unlike UM which has DLL reference counts which keep
DLLs
around until they are no longer in use, you can call
ZwUnloadDriver on a
driver being used by another driver and it will successfully
unload.
This means that you cannot deterministically know when to unload
a
driver unless you are the one and only one component which
loaded it and
can track state.
d
â
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
â
- amitr0 â Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Why not just use the existing support for platform version specific apis
in MmGetSystemRoutineAddress?
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amitr0
Sent: Monday, June 12, 2006 12:40 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Delay loading in drivers?
why not? we can use ObOpenObjectByName after that to open the driver
object, and if I rememebr correctly the Image Base for the PE is one of
the fields there.
But i donât think it would be tthat easyâŚ
On 6/12/06, Doron Holan wrote:
ZwLoadDriver is documented in the IFS, but that doesnât help. That just
loads the driver, that doesnât give you the PDRIVER_OBJECT or a way to
resolve an import by name (w/out walking the PE header yourself).
Furthermore, unlike UM which has DLL reference counts which keep DLLs
around until they are no longer in use, you can call ZwUnloadDriver on a
driver being used by another driver and it will successfully unload.
This means that you cannot deterministically know when to unload a
driver unless you are the one and only one component which loaded it and
can track state.
d
â
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
â
- amitr0 â Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> No. There is no LoadLibrary/GetProcAddr to resolve an export (outside
of NTOSKRNL/HAL) after load time. As such, there is now to resolve
imports at use. Furthermore, you would have to worry about IRQL which
is not a concern in UM
That's right, but NTOSKRNL/HAL may be enough for mayn things. The IRQL issue, however, seems more tricky ... :-\
Why not just use the existing support for platform version specific apis
in MmGetSystemRoutineAddress?
Guess what? That's what I am using. However, I'd prefer a transparent mechanism, but as Doron pointed out, this has some pitfalls that may not be possible to overcome ...
Thanks for all comments,
May the source be with you, stranger
ICQ: #281645
URL: http://assarbad.net
Well just to beat an obviously dead horse: you wrap your usage of
MmGetSystemRoutineAddress in your own library of your own apis that makes
usage entirely transparent outside of the library itself. Itâs a 90%
solution that is trivial to implement.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Oliver
Schneider
Sent: Monday, June 12, 2006 5:09 PM
To: Windows System Software Devs Interest List
Subject: Re: RE: [ntdev] Delay loading in drivers?> No. There is no LoadLibrary/GetProcAddr to resolve an
export (outside
> of NTOSKRNL/HAL) after load time. As such, there is now to resolve
> imports at use. Furthermore, you would have to worry about
IRQL which
> is not a concern in UM
Thatâs right, but NTOSKRNL/HAL may be enough for mayn things.
The IRQL issue, however, seems more tricky ⌠:-\> Why not just use the existing support for platform version specific
> apis in MmGetSystemRoutineAddress?
Guess what? Thatâs what I am using. However, Iâd prefer a
transparent mechanism, but as Doron pointed out, this has
some pitfalls that may not be possible to overcome âŚThanks for all comments,
Oliver
May the source be with you, stranger
ICQ: #281645
URL: http://assarbad.net
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256To unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
