Hi all ,
Can any body tell me how to call LdrLoadDll .
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations!
Hi all ,
Can any body tell me how to call LdrLoadDll .
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations!
Why? What are you trying to do? Just call LoadLibrary instead, it calls ldrLoadDll.
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 8:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] how to call LdrLoadDll
Hi all ,
Can any body tell me how to call LdrLoadDll .
?
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations! — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Hi Doron
I need to call LdrLoadDll in Native mode.
Prithvi
Doron Holan wrote:
Why? What are you trying to do? Just call LoadLibrary instead, it calls ldrLoadDll.
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 8:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] how to call LdrLoadDll
Hi all ,
Can any body tell me how to call LdrLoadDll .
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations! — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
Again, why? Is your app running at boot?
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 11:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] how to call LdrLoadDll
Hi Doron
I need to call LdrLoadDll in Native mode.
?
Prithvi
Doron Holan wrote:
Why? What are you trying to do? Just call LoadLibrary instead, it calls ldrLoadDll.
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 8:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] how to call LdrLoadDll
Hi all ,
Can any body tell me how to call LdrLoadDll .
?
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations! — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
________________________________________
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
yes my app running at boot time.
Prithvi
Doron Holan wrote:
Again, why? Is your app running at boot?
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 11:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] how to call LdrLoadDll
Hi Doron
I need to call LdrLoadDll in Native mode.
Prithvi
Doron Holan wrote:
Why? What are you trying to do? Just call LoadLibrary instead, it calls ldrLoadDll.
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Pruthviraj Kajale
Sent: Tuesday, March 14, 2006 8:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] how to call LdrLoadDll
Hi all ,
Can any body tell me how to call LdrLoadDll .
Prithvi
Yahoo! Travel
Find great deals to the top 10 hottest destinations! — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
---------------------------------
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
Call LoadLibraryEx instead, it does the same (it is a wrapper around
LdrLoadDll)
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Pruthviraj Kajale”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 15, 2006 7:41 AM
Subject: [ntdev] how to call LdrLoadDll
>
> Hi all ,
> Can any body tell me how to call LdrLoadDll .
>
> Prithvi
>
>
> ---------------------------------
> Yahoo! Travel
> Find great deals to the top 10 hottest destinations!
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Pruthviraj Kajale wrote:
Hi all ,
Can any body tell me how to call *LdrLoadDll .*Prithvi
Yahoo! Travel
Find great deals
http:
> to the top 10 hottest destinations!
Since nobody is actually answering your question (don’t worry, that’s
normal, native mode apps are considered ungodly. Unless of course you
work for a defrag company and then ‘somehow’ they seem to know all the
tricks):
NTSTATUS
NTAPI
LdrLoadDll(
IN PWSTR SearchPath OPTIONAL,
IN PULONG LoadFlags OPTIONAL,
IN PUNICODE_STRING Name,
OUT PVOID *BaseAddress OPTIONAL
);
*LoadFlags should be set to IMAGE_FILE_EXECUTABLE_IMAGE if you’re not
loading a DLL but an EXE instead.
Best regards,
Alex Ionescu</http:>
>> (don’t worry, that’s normal, native mode apps are considered ungodly
Who told you that ?
Dan
----- Original Message -----
From: “Alex Ionescu [397670]”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 15, 2006 4:51 PM
Subject: Re:[ntdev] how to call LdrLoadDll
> Pruthviraj Kajale wrote:
>>
>> Hi all ,
>> Can any body tell me how to call LdrLoadDll .
>> Prithvi
>>
>> ------------------------------------------------------------------------
>> Yahoo! Travel
>> Find great deals
>> http:
>> to the top 10 hottest destinations!
>
> Since nobody is actually answering your question (don’t worry, that’s
> normal, native mode apps are considered ungodly. Unless of course you work
> for a defrag company and then ‘somehow’ they seem to know all the tricks):
>
> NTSTATUS
> NTAPI
> LdrLoadDll(
> IN PWSTR SearchPath OPTIONAL,
> IN PULONG LoadFlags OPTIONAL,
> IN PUNICODE_STRING Name,
> OUT PVOID *BaseAddress OPTIONAL
> );
>
> *LoadFlags should be set to IMAGE_FILE_EXECUTABLE_IMAGE if you’re not
> loading a DLL but an EXE instead.
>
> Best regards,
> Alex Ionescu
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer</http:>
Dan Partelly wrote:
>> (don’t worry, that’s normal, native mode apps are considered ungodly
Who told you that ?
Dan
There seems to be a typical reaction whenever someone asks a question
about native or undocumented APIs. While I generally agree with it in
kernel-mode development (using hooks/undocumented functions makes your
driver prone to causing system instability or compatiiblity problems),
I’m somewhat disgusted by the fact that plently of WHQLed drivers seem
to make use of them in order to get features or performance in order to
beat the competition. Same thing goes for native mode programs or
user-mode programs using native APIs, which seem to be totally left out
in the cold documentation wise. I’ve found it actually ironic how
Microsoft discourages their use, and then someone like SysInternals
comes in and uses them, and then gets praised on writing “great
low-level system tools”. I give them praise too and I’ve written similar
programs myself, but then why give a hard time to others trying to use
those same APIs for their own educational programs/tools? It seems to me
like there’s this attempt to keep knowledge of the Native API a closely
guarded secret, so that those that actually know it are considered
somehow superior or more knowledgeful, and can take advatange of it to
wow everybody else. It just seems to me like the prototype should’ve
simply been given to Prithvi along with a disclaimer around its usage
(“try to avoid this in the first place, don’t ship a commercial product
with this unless you take strong steps to ensure it keeps working,
etc”), not be given a questionnaire. Just my two cents…
Best regards,
Alex Ionesu
Im here on this list by many many years, and I did not found ppl on this
list
discouraging of using native APIs. Of course, hooking was always
discouraged,
as several other techniques , but I never seen somone discouraging use of
native
API where it’s required. Im also not aware of WHQLed driver which hook,
but if you can please point me to one of them.
I personaly choosed to disclose undocumented NT native / kernel / hal
information about on a “need to know” basis, where Im the only judge of
“he needs to know”. And usually ppl do not need to know. I seen
that more than 80% of ppl which ask about undcoumented NT and kernel
internals actually know nada about NT. In fact some of them aint even good
to write Visual Basic applications In fact a trained coder, which is
versed in normal devlopment, would really easy know requirments
of native applications and find relativly easy info about any native API.
Im not a fan of Mr. Mark Russinovich (never was one), he has some
good stuff, but I dont think he gets praise from Microsoft or OSR or
whatever
about what he writes. He gets praise from 3rd parties, and
usually those dilletants are easily impressed. Im not aware of
anyone trained in NT devel worhiping him in awe for his tools.
Do not forget that MSs policy is mainly not to disclose info about native
APIs. So you have to understand Doron’s question. He wants to validate
, IMHO, at minimum a “need to know”. Is the policy good or bad, I cant be
the judge
of that. The reaction, however, is completly understandable from my point
of
view.
Dan
----- Original Message -----
From: “Alex Ionescu [397670]”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 15, 2006 7:23 PM
Subject: Re:[ntdev] how to call LdrLoadDll
> Dan Partelly wrote:
>>>> (don’t worry, that’s normal, native mode apps are considered ungodly
>>
>>
>> Who told you that ?
>>
>> Dan
>>
>
> There seems to be a typical reaction whenever someone asks a question
> about native or undocumented APIs. While I generally agree with it in
> kernel-mode development (using hooks/undocumented functions makes your
> driver prone to causing system instability or compatiiblity problems), I’m
> somewhat disgusted by the fact that plently of WHQLed drivers seem to make
> use of them in order to get features or performance in order to beat the
> competition. Same thing goes for native mode programs or user-mode
> programs using native APIs, which seem to be totally left out in the cold
> documentation wise. I’ve found it actually ironic how Microsoft
> discourages their use, and then someone like SysInternals comes in and
> uses them, and then gets praised on writing “great low-level system
> tools”. I give them praise too and I’ve written similar programs myself,
> but then why give a hard time to others trying to use those same APIs for
> their own educational programs/tools? It seems to me like there’s this
> attempt to keep knowledge of the Native API a closely guarded secret, so
> that those that actually know it are considered somehow superior or more
> knowledgeful, and can take advatange of it to wow everybody else. It just
> seems to me like the prototype should’ve simply been given to Prithvi
> along with a disclaimer around its usage (“try to avoid this in the first
> place, don’t ship a commercial product with this unless you take strong
> steps to ensure it keeps working, etc”), not be given a questionnaire.
> Just my two cents…
>
> Best regards,
> Alex Ionesu
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
More importantly, understanding what needs to be done can lead to answer
that uses documented APIs and eliminate the need to depend on a function
signature that can change from underneath you.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, March 15, 2006 10:05 AM
To: Windows System Software Devs Interest List
Subject: Re: Re:[ntdev] how to call LdrLoadDll
Im here on this list by many many years, and I did not found ppl on
this
list
discouraging of using native APIs. Of course, hooking was always
discouraged,
as several other techniques , but I never seen somone discouraging use
of
native
API where it’s required. Im also not aware of WHQLed driver which hook,
but if you can please point me to one of them.
I personaly choosed to disclose undocumented NT native / kernel / hal
information about on a “need to know” basis, where Im the only judge of
“he needs to know”. And usually ppl do not need to know. I seen
that more than 80% of ppl which ask about undcoumented NT and kernel
internals actually know nada about NT. In fact some of them aint even
good
to write Visual Basic applications In fact a trained coder, which is
versed in normal devlopment, would really easy know requirments
of native applications and find relativly easy info about any native
API.
Im not a fan of Mr. Mark Russinovich (never was one), he has some
good stuff, but I dont think he gets praise from Microsoft or OSR or
whatever
about what he writes. He gets praise from 3rd parties, and
usually those dilletants are easily impressed. Im not aware of
anyone trained in NT devel worhiping him in awe for his tools.
Do not forget that MSs policy is mainly not to disclose info about
native
APIs. So you have to understand Doron’s question. He wants to validate
, IMHO, at minimum a “need to know”. Is the policy good or bad, I cant
be
the judge
of that. The reaction, however, is completly understandable from my
point
of
view.
Dan
----- Original Message -----
From: “Alex Ionescu [397670]”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 15, 2006 7:23 PM
Subject: Re:[ntdev] how to call LdrLoadDll
> Dan Partelly wrote:
>>>> (don’t worry, that’s normal, native mode apps are considered
ungodly
>>
>>
>> Who told you that ?
>>
>> Dan
>>
>
> There seems to be a typical reaction whenever someone asks a question
> about native or undocumented APIs. While I generally agree with it in
> kernel-mode development (using hooks/undocumented functions makes your
> driver prone to causing system instability or compatiiblity problems),
I’m
> somewhat disgusted by the fact that plently of WHQLed drivers seem to
make
> use of them in order to get features or performance in order to beat
the
> competition. Same thing goes for native mode programs or user-mode
> programs using native APIs, which seem to be totally left out in the
cold
> documentation wise. I’ve found it actually ironic how Microsoft
> discourages their use, and then someone like SysInternals comes in and
> uses them, and then gets praised on writing “great low-level system
> tools”. I give them praise too and I’ve written similar programs
myself,
> but then why give a hard time to others trying to use those same APIs
for
> their own educational programs/tools? It seems to me like there’s this
> attempt to keep knowledge of the Native API a closely guarded secret,
so
> that those that actually know it are considered somehow superior or
more
> knowledgeful, and can take advatange of it to wow everybody else. It
just
> seems to me like the prototype should’ve simply been given to Prithvi
> along with a disclaimer around its usage (“try to avoid this in the
first
> place, don’t ship a commercial product with this unless you take
strong
> steps to ensure it keeps working, etc”), not be given a questionnaire.
> Just my two cents…
>
> Best regards,
> Alex Ionesu
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Dan Partelly wrote:
Im here on this list by many many years, and I did not found ppl on
this list
discouraging of using native APIs. Of course, hooking was always
discouraged,
as several other techniques , but I never seen somone discouraging use
of native
API where it’s required. Im also not aware of WHQLed driver which hook,
but if you can please point me to one of them.
NVIDIA/ATI Video drivers, to name some of few. The NVIDIA video driver
uses an array of static pointers into kernel32.dll. These pointers
correspond to the static ANSI buffer that GetCommandLine reads. If a
video driver in kernel-mode memory reads a pointer (which changes every
OS release) in user-mode in a DLL can get WHQLed, God knows what else
does. The ATI drivers also do some evil stuff with Process Parameter
Block afaik, and assume it’s always located at 0x20000 (whereas that
isn’t a static address).
I personaly choosed to disclose undocumented NT native / kernel / hal
information about on a “need to know” basis, where Im the only judge of
“he needs to know”.
And I find this “need to know” attitude elitist. There is no NDA
attached to undocumented functions. Everyone should have access to the
same level of information, and I think what Gary Nebbett did was great,
when he published his book (although it’s now sadly somewhat outdated
and has some important mistakes).
And usually ppl do not need to know.
I think that’s a very selfish statement.
I seen
that more than 80% of ppl which ask about undcoumented NT and kernel
internals actually know nada about NT.
I agree with you here.
In fact some of them aint even good
to write Visual Basic applications
Here too.
In fact a trained coder, which is
versed in normal devlopment, would really easy know requirments
of native applications and find relativly easy info about any native API.
Also somewhat true, but not all good coders are good reverse engineers.
There’s nothing wrong with asking a question once in a while.
Im not a fan of Mr. Mark Russinovich (never was one), he has some
good stuff, but I dont think he gets praise from Microsoft or OSR or
whatever
about what he writes.
Really? Is that why he proudly boasts being referenced in x many MSKB
articles? Is that why he publishes a book used by Microsoft internally
and used as part of the CRK (the curriculum kit for the NT kernel classes)?
He gets praise from 3rd parties, and
usually those dilletants are easily impressed. Im not aware of
anyone trained in NT devel worhiping him in awe for his tools.
I certaintly don’t, but I find the above attitude hypocritical (the one
about MS recommending tools developped against the very recommendations
MS makes about development).
Do not forget that MSs policy is mainly not to disclose info about native
APIs. So you have to understand Doron’s question. He wants to validate
, IMHO, at minimum a “need to know”. Is the policy good or bad, I cant
be the judge
of that. The reaction, however, is completly understandable from my
point of
view.
It is from mine too, and I was not trying to bash Doron. In fact, I
really liked his recent blog post about using a totally internal kernel
function to figure out what API your driver can’t load. I thought it was
really surprising for a kernel mode person at Microsoft to even discuss
such things, and I was really happy to see it being done. Sometimes
people in our position know when and how to deal with such “Dirty
things”, and it’s good to see this is being acknowledged.
My problem has been with companies in the past that, through special
deals with Microsoft, have been allowed and given full documentation on
NT internals. For example, during the development of NT4, Diskkeeper was
very involved in the development of the FSCTLs needed for NTFS
defragmentation. Their current tools also currently have boot-time
defragmenters which are not only fully native, but also use very
low-level techniques (such as IOCTLs to KeyboardClass0 to monitor for
keypresses). Other companies had a hard time getting NTFS deframentation
to work, because those FSCTLs were originally undocumented, and anyone
asking for them and using them could not possibly hope to get a
certified product shipped. My second problem, again, is the hypocrisy of
being strongly against undocumented APIs (which, I reiterate, is my
policy as well), yet allowing and recommending such tools. This is like
saying “Drugs are bad, but by the way, Mr. Foobar sells some great weed
on 9th street! Try it out if you’re having a bad day.”
My apologies to Doron if my previous post seemed targetted at him.
Best regards,
Alex Ionescu
Doron Holan wrote:
More importantly, understanding what needs to be done can lead to answer
that uses documented APIs and eliminate the need to depend on a function
signature that can change from underneath you.d
I totally agree, and as I’ve just posted in another reply, my previous
post wasn’t directed against your questions, even though it came out so;
I apologize.
Best regards,
Alex Ionescu
“Alex Ionescu [397670]” wrote in message
news:xxxxx@ntdev…
> It is from mine too, and I was not trying to bash Doron. In fact, I really
> liked his recent blog post about using a totally internal kernel function
> to figure out what API your driver can’t load. I thought it was really
> surprising for a kernel mode person at Microsoft to even discuss such
> things, and I was really happy to see it being done. Sometimes people in
> our position know when and how to deal with such “Dirty things”, and it’s
> good to see this is being acknowledged.
Alex, your previous post titled “Private HAL/Kernel Symbols in WDK” resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.
> I certaintly don’t, but I find the above attitude hypocritical (the one
> And I find this “need to know” attitude elitist. There is no NDA attached
> to undocumented functions. Everyone should have access to the same level
> of information, and I think what Gary Nebbett did was great,
Why have you brought Microsoft’s attention to the private symbols then?
If I am going to get fired, it won’t be for bringing the private symbol
issue to the attention of the WDK team (which I don’t work for) :).
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of cristalink
Sent: Wednesday, March 15, 2006 11:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] how to call LdrLoadDll
“Alex Ionescu [397670]” wrote in message
news:xxxxx@ntdev…
> It is from mine too, and I was not trying to bash Doron. In fact, I
really
> liked his recent blog post about using a totally internal kernel
function
> to figure out what API your driver can’t load. I thought it was really
> surprising for a kernel mode person at Microsoft to even discuss such
> things, and I was really happy to see it being done. Sometimes people
in
> our position know when and how to deal with such “Dirty things”, and
it’s
> good to see this is being acknowledged.
Alex, your previous post titled “Private HAL/Kernel Symbols in WDK”
resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.
> I certaintly don’t, but I find the above attitude hypocritical (the
one
> And I find this “need to know” attitude elitist. There is no NDA
attached
> to undocumented functions. Everyone should have access to the same
level
> of information, and I think what Gary Nebbett did was great,
Why have you brought Microsoft’s attention to the private symbols then?
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> Alex, your previous post titled “Private HAL/Kernel Symbols in WDK” resulted
in Microsoft withdrawing DDKs from MSDN.
Is it really so? and what will be the means of obtaining the DDKs now? Can you
provide us with the URL to MS’s notice about this?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
No, it would be for discussing the use of a non published API, given the
reactionary environment which resulted in the WDK being pulled as soon as
the private symbol file leakage was publicized.
I hope cristalink is wrong…
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Wednesday, March 15, 2006 1:29 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] how to call LdrLoadDll
If I am going to get fired, it won’t be for bringing the private symbol
issue to the attention of the WDK team (which I don’t work for) :).
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of cristalink
Sent: Wednesday, March 15, 2006 11:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] how to call LdrLoadDll
“Alex Ionescu [397670]” wrote in message
news:xxxxx@ntdev…
> It is from mine too, and I was not trying to bash Doron. In fact, I
really
> liked his recent blog post about using a totally internal kernel
function
> to figure out what API your driver can’t load. I thought it was really
> surprising for a kernel mode person at Microsoft to even discuss such
> things, and I was really happy to see it being done. Sometimes people
in
> our position know when and how to deal with such “Dirty things”, and
it’s
> good to see this is being acknowledged.
Alex, your previous post titled “Private HAL/Kernel Symbols in WDK”
resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.
> I certaintly don’t, but I find the above attitude hypocritical (the
one
> And I find this “need to know” attitude elitist. There is no NDA
attached
> to undocumented functions. Everyone should have access to the same
level
> of information, and I think what Gary Nebbett did was great,
Why have you brought Microsoft’s attention to the private symbols then?
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Well, it was partially a joke. Don’t take it too seriously.
Alex posts “Private HAL…” -> DDK seems to disappear.
Alex praises you with “it was really surprising for a kernel mode person at
Microsoft to even discuss such things” -> someone at Microsoft might think
it’s not appropriate “for a kernel mode person at Microsoft to even discuss
such things”
–
“Doron Holan” wrote in message
news:xxxxx@ntdev…
If I am going to get fired, it won’t be for bringing the private symbol
issue to the attention of the WDK team (which I don’t work for) :).
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of cristalink
Sent: Wednesday, March 15, 2006 11:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] how to call LdrLoadDll
“Alex Ionescu [397670]” wrote in message
news:xxxxx@ntdev…
> It is from mine too, and I was not trying to bash Doron. In fact, I
really
> liked his recent blog post about using a totally internal kernel
function
> to figure out what API your driver can’t load. I thought it was really
> surprising for a kernel mode person at Microsoft to even discuss such
> things, and I was really happy to see it being done. Sometimes people
in
> our position know when and how to deal with such “Dirty things”, and
it’s
> good to see this is being acknowledged.
Alex, your previous post titled “Private HAL/Kernel Symbols in WDK”
resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.
> I certaintly don’t, but I find the above attitude hypocritical (the
one
> And I find this “need to know” attitude elitist. There is no NDA
attached
> to undocumented functions. Everyone should have access to the same
level
> of information, and I think what Gary Nebbett did was great,
Why have you brought Microsoft’s attention to the private symbols then?
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Actually, the WDK team was aware of the issue, and pulled the downlaod from both MSDN and the beta download site, before any post on this topic appeared (in this newsgroup or anywhere else). I know this to be a fact.
“reactionary?”
Looks like I’m in the position of having to explain Microsoft to the community again. Gad, this gets old.
THINK for a MINUTE: The private symbols to OS are just that. They’re PRIVATE. They comprise the confidential and proprietary intellectual property of a company.
The fact that this confidential and proprietary intellectual property happens to be the symbols to Windows – and you’re probably interested in using them – doesn’t mean you or me or anybody in the community has a right to them. The fact that the company is Microsoft may mean you want to ascribe evil motives to the action, but that’s the way it is.
Pulling the kit cuz it has the private symbols is no different than pulling some download that accidentally contained source code. It’s their stuff – They want to keep it theirs. Your company would do different??
I fail to see why that’s so “reactionary” or difficult to understand.
Peter
OSR
cristalink wrote:
Alex, your previous post titled “Private HAL/Kernel Symbols in WDK” resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.
Are you kidding or something? I’m very glad it resulted in MS pulling
the leaked binaries out. That’s like accusing a witness for giving
evidence in a case. Why would Doron get fired and what does this have to
do with anything?
>I certaintly don’t, but I find the above attitude hypocritical (the one
>And I find this “need to know” attitude elitist. There is no NDA attached
>to undocumented functions. Everyone should have access to the same level
>of information, and I think what Gary Nebbett did was great,Why have you brought Microsoft’s attention to the private symbols then?
Because I am a Microsoft enthusiast, a beta tester, and someone involved
in driver development for a long time and I know that MS probably did
not want to get those symbols out. Some of them may contain damaging
information in form of IP.
Best regards,
Alex Ionescu