how to call LdrLoadDll

There are some rules around what we can and can’t talk about but we do
get quite a bit of lee-way. Most of us would rather people did
undocumented stuff the “right” way rather than some of the solutions we
see crashing and irritating customers in the field.

The risk we have in explaining the undocumented NT functions is that few
people remember the “this may change at any time with no warning”
comments. We might add a flag to an NTAPI in a QFE to fix a security
problem; When this flag breaks your application it makes developers and
customers very unhappy with Microsoft (not the company who didn’t heed
the warnings).

Personally, I think many developers today don’t consider the long term
ramifications of building software on internal or undocumented
functionality. This does make me stop and think before I explain how an
internal bit works to someone asking a question like “How to call
LdrLoadDll” without providing any context.

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of cristalink
Sent: Wednesday, March 15, 2006 12:54 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] how to call LdrLoadDll

Well, it was partially a joke. Don’t take it too seriously.

Alex posts “Private HAL…” -> DDK seems to disappear.

Alex praises you with “it was really surprising for a kernel mode person
at Microsoft to even discuss such things” -> someone at Microsoft might
think it’s not appropriate “for a kernel mode person at Microsoft to
even discuss such things”

–

“Doron Holan” wrote in message
news:xxxxx@ntdev…
If I am going to get fired, it won’t be for bringing the private symbol
issue to the attention of the WDK team (which I don’t work for) :).

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of cristalink
Sent: Wednesday, March 15, 2006 11:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] how to call LdrLoadDll

“Alex Ionescu [397670]” wrote in message
news:xxxxx@ntdev…
> It is from mine too, and I was not trying to bash Doron. In fact, I
really
> liked his recent blog post about using a totally internal kernel
function
> to figure out what API your driver can’t load. I thought it was really

> surprising for a kernel mode person at Microsoft to even discuss such
> things, and I was really happy to see it being done. Sometimes people
in
> our position know when and how to deal with such “Dirty things”, and
it’s
> good to see this is being acknowledged.

Alex, your previous post titled “Private HAL/Kernel Symbols in WDK”
resulted
in Microsoft withdrawing DDKs from MSDN. Now I am afraid Doron will get
fired.

> I certaintly don’t, but I find the above attitude hypocritical (the
one

> And I find this “need to know” attitude elitist. There is no NDA
attached
> to undocumented functions. Everyone should have access to the same
level
> of information, and I think what Gary Nebbett did was great,

Why have you brought Microsoft’s attention to the private symbols then?

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Peter,

I guess I should have put some tags around the
“explanation” I gave for cristalink’s statement.

I didn’t have a problem with the WDK being pulled, any more than I have
any problem with keeping the source confidential, and I can see how what I
wrote might have looked like I was serious.

Sorry to have provoked you,

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Wednesday, March 15, 2006 2:27 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] how to call LdrLoadDll

Actually, the WDK team was aware of the issue, and pulled the downlaod
from both MSDN and the beta download site, before any post on this topic
appeared (in this newsgroup or anywhere else). I know this to be a fact.

“reactionary?”

Looks like I’m in the position of having to explain Microsoft to the
community again. Gad, this gets old.

THINK for a MINUTE: The private symbols to OS are just that. They’re
PRIVATE. They comprise the confidential and proprietary intellectual
property of a company.

The fact that this confidential and proprietary intellectual property
happens to be the symbols to Windows – and you’re probably interested in
using them – doesn’t mean you or me or anybody in the community has a
right to them. The fact that the company is Microsoft may mean you want to
ascribe evil motives to the action, but that’s the way it is.

Pulling the kit cuz it has the private symbols is no different than
pulling some download that accidentally contained source code. It’s their
stuff – They want to keep it theirs. Your company would do different??

I fail to see why that’s so “reactionary” or difficult to understand.

Peter
OSR

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer