how to obtain a handle of a event in user mode, which created in kernal mode

OSR_Community_User · March 13, 2007, 7:39am

i want to create a event in kernal mode and wait on this event.
and my user application set this event to signal state.
but i face 2 problems:

1.how to set these auguments when i use ZwCreateEvent in kernal mode ,such as :
event name and properties.

2.how to open the event which created in kernal mode . I use OpenEvent,but the 3rd
augument: lpName

thank you
!

Don_Burn_1 · March 13, 2007, 8:43am

This is a bad idea, it has all the problems of the user mode event you
asked about earlier plus the additional ones of creating the event in a
place where the user space code can access it.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

wrote in message news:xxxxx@ntfsd…
>i want to create a event in kernal mode and wait on this event.
> and my user application set this event to signal state.
> but i face 2 problems:
>
> 1.how to set these auguments when i use ZwCreateEvent in kernal mode
> ,such as :
> event name and properties.
>
> 2.how to open the event which created in kernal mode . I use
> OpenEvent,but the 3rd
> augument: lpName
>
> thank you
> !
>

OSR_Community_User · March 27, 2007, 2:54am

Create the event in the app and pass the handle to the driver, this is
simpler.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntfsd…
> i want to create a event in kernal mode and wait on this event.
> and my user application set this event to signal state.
> but i face 2 problems:
>
> 1.how to set these auguments when i use ZwCreateEvent in kernal mode ,such as
:
> event name and properties.
>
> 2.how to open the event which created in kernal mode . I use OpenEvent,but
the 3rd
> augument: lpName
>
> thank you
> !
>

Aishwary_Bhashkar · March 30, 2007, 9:29am

Hi,

Well you can use named even for that. Create a Named even in Kernel mode and for the same name create event in user mode.

Thanks & Regards
Aishwary Bhashkar
Sr. Software Engineer
R Systems International Ltd.

Don_Burn_1 · March 30, 2007, 9:41am

First, creating s named event is a bad idea, since you are restricted on
where you create the event, and there is nothing stopping some other
component choosing the same name. Second, using an event is a bad idea,
since unless there is absolutely no data related to the event, and it is ok
to loose events (since the driver can signal the event multiple times
before the app runs) there are a lot better ways of doing this. Finally,
your explanation needs to identify the difference between creating an event
and the CreateEvent call since by your description both the driver and the
app create events! While you may think this is an easy one, it is all too
likely people will messup the naming, and the driver will be busilly
signalling its event, while the app waits forever on its event.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

wrote in message news:xxxxx@ntfsd…
> Hi,
>
> Well you can use named even for that. Create a Named even in Kernel mode
> and for the same name create event in user mode.
>
> Thanks & Regards
> Aishwary Bhashkar
> Sr. Software Engineer
> R Systems International Ltd.
>

deepumon_es · March 30, 2007, 9:57am

Your driver load in the early phase of booting ? Then create event from
userspace. Also it reduce other possible security issues. You can share by
handle or name, according to your system’s requirement.

I am not sure you can open the event in Kernel by just giving the event
name, you may need to give the full directory path to open the object in
Kernel Land.

~Sisimon
Bangalore

On 3/30/07, xxxxx@rsystems.com
wrote:
>
> Hi,
>
> Well you can use named even for that. Create a Named even in Kernel mode
> and for the same name create event in user mode.
>
> Thanks & Regards
> Aishwary Bhashkar
> Sr. Software Engineer
> R Systems International Ltd.
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html

Aishwary_Bhashkar · March 30, 2007, 10:14am

Hi,

I know that it is bad idea to do but if you still want to do this then I was suggesting. Well for creating named event on driver use IoCreateNotificationEvent just make it sure that it is running in IRQL = PASSIVE_LEVEL. Now as u r in Kernel mode u need to map this handle with the object for that need to do ObReferenceObjectByHandle.

I hope that answer your question.

Thanks & Regards
Aishwary Bhashkar
Sr. Software Engineer
R Systems International Ltd.