I want to attach a driver thread to a user mode process from my driver and get the address space of the application, lock the pages and manipulate data. Is it OK to use in drivers? I can work without it totally- the pending IOCTL IRP mechanism is fine. Just looking for varius ways to do this. I need to work with user mode processes frequently.
Thank you.
KeStackAttachProcess() is your friend here. However, before you use it, pay attention to a warning that MSDN gives…
Anton Bassov
You can do it from user space also, I prefer do it from user space.
Sisimon
On 9/30/07, xxxxx@gmail.com wrote:
>
> I want to attach a driver thread to a user mode process from my driver and
> get the address space of the application, lock the pages and manipulate
> data. Is it OK to use in drivers? I can work without it totally- the pending
> IOCTL IRP mechanism is fine. Just looking for varius ways to do this. I need
> to work with user mode processes frequently.
>
> Thank you.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html
Anton:
> KeStackAttachProcess() is your friend here.
I did my homework before I posted the question :). Being a beginner, I was trying to understand if driver gurus says it to be bad. But as you write the function name that I am testing with, I feel safe with the style. I think before KeStackAttachProcess() was introduced it was not wise (for me at least). Thank you for your time.
deepumon es:
> You can do it from user space also, I prefer do it from user space.
Do you mean that I can attach a driver thread from a user process? O-o, I can not think of it in my mind. How do I know when that thread needs data from my process and when it is finished with it? OK, still alternative idea. Let my try a hello world. I think 2 events and wait for one object can solve it (i wont say it even a design though). Did you used it in your code? Or, I am totally misunderstanding you? I think I am. Can you please explain your idea - when you get some free time? Thank you.
By your explanation I understand that you want to replace an IOCTL communication (the typical pending ioctl) with direct data manipulation in your own process. Am I right ?
If this is your goal you don’t need at all to be in the context of your process to access a common data area .
Inaski Castillo:
> If this is your goal you don’t need at all to be in the context of your process to access a common
> data area.
OK. You are right. The file mapping way. But, did you tried that in 64 bit platform? I am very interested if anyone can give me a solution of mapping file type shared memory solution in 64 bit - kernel mode to user mode. I tried for it for severel hundred hours and finally given up and go for pending IOCTL IRP version. Though, 64 bit is strange - field offset in structure gets changed from 32 bit process- it may be that I was fooled with something like that.
BTW, I don’t want to replace the pending IOCTL irp solution. It seems to me best process fr my solution considering the source code compatibility. I am doing this for testing purpose only.
Thanks.
>> KeStackAttachProcess() is your friend here.
I did my homework before I posted the question :). Being a beginner, I was
trying to understand if driver gurus says it to be bad. But as you write the
function name that I am testing with, I feel safe with the style.
Actually, KeStackAttachProcess() is not as dangerous as it may seem - just don’t spend ages attached to another process’s address space, and avoid doing complex operations. As long as you know what you are doing, everything is going to be just fine…
Anton Bassov