How to Execute An Application from Kernel Driver..

OSR_Community_User · April 22, 2002, 6:18am

Hello All,

I want to run a user program from kernel mode. What are the possible ways
How I can create process.
is it required to load the executable in memory then manually setting
program counter to apropriate location…(I am just guessing)

What would be the optimum way ?

Don_Burn_1 · April 22, 2002, 6:56am

Krishna Pawar wrote:

I want to run a user program from kernel mode. What are the possible ways
How I can create process.
is it required to load the executable in memory then manually setting
program counter to apropriate location…(I am just guessing)

What would be the optimum way ?

The recomended way is to have a service start the application for you.
There
is a lot of special effort to load and start and application from kernel
space
directly, and a lot of it is undocumented.

Don Burn
Windows NT/2000/XP Filesystem and Device Driver Consulting

OSR_Community_User · April 22, 2002, 7:50am

But I m needed to invoke a program from kernel space…Can I load it as
Loader of Operating System ,means by reading PE file then craeting
executable page in memory and Passing execution control to this Memory
area. but I dont know to set PC to my routine.
IS it realy Hard to get working ?? then also I need to know about it.

OSR_Community_User · April 22, 2002, 8:05am

Nope, u cannot act like a loader by Reading PE … Loader does several things
like creating Page tables etc … and i am sure you dont want to implement
whole loader to execute one process from Kernel space and it is not possible
also.

better u follow “Don Burn” method.

Regards,
Satish K.S

----- Original Message -----
From: “Krishna Pawar”
To: “NT Developers Interest List”
Sent: Monday, April 22, 2002 5:20 PM
Subject: [ntdev] Re: How to Execute An Application from Kernel Driver…

> But I m needed to invoke a program from kernel space…Can I load it as
> Loader of Operating System ,means by reading PE file then craeting
> executable page in memory and Passing execution control to this Memory
> area. but I dont know to set PC to my routine.
> IS it realy Hard to get working ?? then also I need to know about it.
>
> —
> You are currently subscribed to ntdev as: xxxxx@aalayance.com
> To unsubscribe send a blank email to %%email.unsub%%
>

Don_Burn_1 · April 22, 2002, 8:06am

> But I m needed to invoke a program from kernel space…Can I load it as

Loader of Operating System ,means by reading PE file then craeting
executable page in memory and Passing execution control to this Memory
area. but I dont know to set PC to my routine.
IS it realy Hard to get working ?? then also I need to know about it.

It is a royal pain, there is an example of doing this with native NT calls
in “Windows NT/2000 Native API Reference” by Gary Nebbett, the
example is around 180 lines, and last time I looked not everything was
available directly from kernel space (i.e. you have to go through the
system call vector table to call some of the functions).

If you really think you need to do this, please let the group know what
project/product you are working on. I for one make sure I never buy
such a product and recomend the same to my clients.

Don Burn
Windows NT/2000/XP Filesystem and Device Driver Consulting

OSR_Community_User · April 22, 2002, 8:15am

Hey I am not developing for anybody ,It’s my practice…I am just habitual
to try some ways.

OSR_Community_User · April 22, 2002, 8:43am

The best way is to run a helper app, which will poll your driver by IOCTLs and start the EXE if necessary.

Max

----- Original Message -----
From: “Krishna Pawar”
To: “NT Developers Interest List”
Sent: Monday, April 22, 2002 2:17 PM
Subject: [ntdev] How to Execute An Application from Kernel Driver…

> Hello All,
>
> I want to run a user program from kernel mode. What are the possible ways
> How I can create process.
> is it required to load the executable in memory then manually setting
> program counter to apropriate location…(I am just guessing)
>
> What would be the optimum way ?
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · April 22, 2002, 1:57pm

The main reason you never want to do this is security. Apps run in their
own process space, kernel mode components all share one resource space if
you will. Thus bringing a user-mode app to kernel-mode now allows that app,
which would normally be sheltered from interfering with other apps or
kernel-mode components, to blow away the world if it mis-behaves. So,
running user-mode code is made intentionally hard in NT and NT based OSes.
This is a good thing.

–
Bill McKenzie

“Krishna Pawar” wrote in message
news:xxxxx@ntdev…
>
> Hey I am not developing for anybody ,It’s my practice…I am just habitual
> to try some ways.
>
>

OSR_Community_User · April 22, 2002, 2:42pm

Oops I meant running user-mode code in the kernel is made intentionally
hard. Running user-mode code is quite simple

–
Bill McKenzie

“Bill McKenzie” wrote in message news:xxxxx@ntdev…
>
> The main reason you never want to do this is security. Apps run in their
> own process space, kernel mode components all share one resource space if
> you will. Thus bringing a user-mode app to kernel-mode now allows that
app,
> which would normally be sheltered from interfering with other apps or
> kernel-mode components, to blow away the world if it mis-behaves. So,
> running user-mode code is made intentionally hard in NT and NT based OSes.
> This is a good thing.
>
> –
> Bill McKenzie
>
>
>
> “Krishna Pawar” wrote in message
> news:xxxxx@ntdev…
> >
> > Hey I am not developing for anybody ,It’s my practice…I am just
habitual
> > to try some ways.
> >
> >
>
>
>
>