I have to use a few undocumented structures in my kernel mode driver. I am worried about compatibility and I don't want to just put all of those offsets into global variables and use RtlGetVersion to select which offsets I should load. I want something more dynamic.
I thought about letting the user-mode application send driver an IOCTL for which offsets it should use. It would get those offsets from a server. This has a few problems:
- My driver is loaded at boot,
- Thus, I cannot use WSK to get the offsets,
- I need the offsets immediately at driver load.
So I thought about using a "dictionary" file for the offsets. But quickly changed my mind due to similar issues. And I don't want to manipulate strings in kernel mode.
I think I have no choice but putting them at compile-time in Offsets.h huh?
I mean, I mentioned it loads on boot and I need the offsets immediately, where an internet connection is not possible.
I don't want to show a bluescreen to my users, but I can't just "let it not run", that's not how my product works.
Maybe I am missing something. Do you guys have any ideas?
No I can't force my users to plug in a USB that contains the offsets.
I'll point out a few things before you do:
Yes, I know I should not use undocumented structures.
No, I must use undocumented structures.
^ Yes, I try to use their "document functions" (e.g. PsGetProcessId) that will work across releases, but it just isn't enough.
No, I am not playing around and I take stability seriously.