Hello, everybody.
I have 3rd-party kernel-mode DLL binary.
To communicate with hardware, I should use this DLL in my GDI graphic driver.
When I build my graphic driver with import library, it was successfully built without error.
But when it is loaded, it failed.
My GDI driver is located in %WINDIR%\SYSTEM32, and kernel-mode DLL(export driver) resides in %WINDIR%\SYSTEM32\DRIVERS.
I think this may related to import resolution rule, but cannot find references, and WinDbg doesn’t show any message about this, It simply failed to load my driver.
How can I make to load it successfully?
Thanks in advance.
P.S> I also have miniport driver which is linked against same export driver. It works well.
Choe, Hyun-ho wrote:
I have 3rd-party kernel-mode DLL binary.
To communicate with hardware, I should use this DLL in my GDI graphic driver.
When I build my graphic driver with import library, it was successfully built without error.
But when it is loaded, it failed.
My GDI driver is located in %WINDIR%\SYSTEM32, and kernel-mode DLL(export driver) resides in %WINDIR%\SYSTEM32\DRIVERS.
I think this may related to import resolution rule,…
Almost. GDI drivers cannot refer to any entry points outside of
win32k.sys. That is simply an absolute rule. You can use EngLoadImage
to load another DLL from your GDI driver, but that DLL also cannot refer
to anything outside of win32k.sys.
This was done in order to maintain the same separation of purpose that
was present when GDI drivers ran in user mode, pre-NT 4.0.
How can I make to load it successfully?
The clue is below.
P.S> I also have miniport driver which is linked against same export driver. It works well.
Have your GDI driver make an ioctl call into the miniport, and call the
third-party DLL from there.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
hi,Choe, Hyun-ho
you can use EngLoadImage to load your other kernel mode driver as tim said.
but “that DLL also cannot refer to anything outside of win32k.sys” is not
right. in fact,
your dll can call other module’s export function such as ntoskrnl.exe only
if your dll don’t refer to any entry points of win32k.sys. if you refer to
win32k, you only can refer to win32k. if you don’t refer to win32k,you can
refer to other freely.
danny
Hello,
just to complete the insight:
As Tim Roberts and Changkun Zhao already pointed out,
you cannot import functions from win32k XOR ntoskrnl (and other ones).
However, there are very few exceptions to this rule, e.g. you can still link against some DirectX-related modules/thunks.
Correction:
“[…] you can only import functions from win32k XOR ntoskrnl (and other ones).”