GetProcAddress

OSR_Community_User · February 13, 2006, 2:59pm

Hi,
Is there any way to get the address of an exported
function in another kernel driver, dll, or exe? In
user space there is the convenient GetProcAddress(…)
Cheers
Dave

Find your next car at http://autos.yahoo.ca

Don_Burn_1 · February 13, 2006, 3:51pm

You can do it for HAL and the kernel with MmGetSystemRoutineAddress. For
everything else you have to roll your own. Normally if you own both items,
it is easier to create a function pointer structure that you access in one
of many way’s (Ioctl, exported function call, device interface) to access
these functions.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dave B. Sharp” wrote in message news:xxxxx@ntdev…
> Hi,
> Is there any way to get the address of an exported
> function in another kernel driver, dll, or exe? In
> user space there is the convenient GetProcAddress(…)
> Cheers
> Dave
>
>
>
>
>
>
> __________________________________________________________
> Find your next car at http://autos.yahoo.ca
>
>

Doron_Holan · February 13, 2006, 4:11pm

And if you roll your own, you need to manage the reference count against
the exported image so that it stays in memory as long as you are going
to call it…

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, February 13, 2006 12:51 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] GetProcAddress

You can do it for HAL and the kernel with MmGetSystemRoutineAddress.
For
everything else you have to roll your own. Normally if you own both
items,
it is easier to create a function pointer structure that you access in
one
of many way’s (Ioctl, exported function call, device interface) to
access
these functions.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dave B. Sharp” wrote in message
news:xxxxx@ntdev…
> Hi,
> Is there any way to get the address of an exported
> function in another kernel driver, dll, or exe? In
> user space there is the convenient GetProcAddress(…)
> Cheers
> Dave
>
>
>
>
>
>
> __________________________________________________________
> Find your next car at http://autos.yahoo.ca
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · February 13, 2006, 4:22pm

Thanx Don, much appreciated.
Cheers
Dave

— Don Burn wrote:

> You can do it for HAL and the kernel with
> MmGetSystemRoutineAddress. For
> everything else you have to roll your own. Normally
> if you own both items,
> it is easier to create a function pointer structure
> that you access in one
> of many way’s (Ioctl, exported function call, device
> interface) to access
> these functions.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> “Dave B. Sharp” wrote in
> message news:xxxxx@ntdev…
> > Hi,
> > Is there any way to get the address of an exported
> > function in another kernel driver, dll, or exe? In
> > user space there is the convenient
> GetProcAddress(…)
> > Cheers
> > Dave
> >
> >
> >
> >
> >
> >
> >
>

> > Find your next car at http://autos.yahoo.ca
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.ca
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

Find your next car at http://autos.yahoo.ca

OSR_Community_User · February 13, 2006, 4:26pm

If you do not own both drivers, undesigned direct calls to driver
modules that you do not control is really not a good idea. Do you really
want some third party driver calling your functions? I’ll just call your
DriverEntry routine out of the blue, have a nice day. The architected
mechanisms - export driver linkage and interface exporting - are
sufficient.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, February 13, 2006 4:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] GetProcAddress

And if you roll your own, you need to manage the reference count against
the exported image so that it stays in memory as long as you are going
to call it…

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, February 13, 2006 12:51 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] GetProcAddress

You can do it for HAL and the kernel with MmGetSystemRoutineAddress.
For
everything else you have to roll your own. Normally if you own both
items,
it is easier to create a function pointer structure that you access in
one
of many way’s (Ioctl, exported function call, device interface) to
access
these functions.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dave B. Sharp” wrote in message
news:xxxxx@ntdev…
> Hi,
> Is there any way to get the address of an exported
> function in another kernel driver, dll, or exe? In
> user space there is the convenient GetProcAddress(…)
> Cheers
> Dave
>
>
>
>
>
>
> __________________________________________________________
> Find your next car at http://autos.yahoo.ca
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim_S_Shatskih · February 14, 2006, 9:01pm

Parse its PE file header manually, the image base is one of the
DRIVER_OBJECT fields, the necessary DRIVER_OBJECT can be found by
ObReferenceObjectByName.

But anyway it is seriously undocumented. Instead, create a device object in
the lower driver and send IOCTLs to it from the upper one. You can also
exchange the function pointer tables via some internal IOCTL
(MJ_INTERNAL_DEVICE_CONTROL).

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Dave B. Sharp”
To: “Windows System Software Devs Interest List”
Sent: Monday, February 13, 2006 10:59 PM
Subject: [ntdev] GetProcAddress

> Hi,
> Is there any way to get the address of an exported
> function in another kernel driver, dll, or exe? In
> user space there is the convenient GetProcAddress(…)
> Cheers
> Dave
>
>
>
>
>
>
> __________________________________________________________
> Find your next car at http://autos.yahoo.ca
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com