I’m looking for how to judge safe-mode in driver. And at last I found this
from MS:
http://support.microsoft.com/kb/837643
As the article described, simply judge the OS export variable:
InitSafeBootMode. Below is the sample code from the article:
extern PULONG InitSafeBootMode;
if (*InitSafeBootMode > 0){
// The system is in Safe Mode.
// Take appropriate action.
//
}
So, ‘InitSafeBootMode’ is a pointer to a ULONG. I used windbg to check this
in Win7 64Bit system:
// Non Safe-mode
1: kd> x nt!initsafebootmode
fffff80002ad34b0 nt!InitSafeBootMode = 0 1: kd\> dp fffff80002ad34b0 L2
fffff80002ad34b0 0000000000000000 00000000`00000000
// Safe-mode
1: kd> x nt!initsafebootmode
fffff80001e7d4b0 nt!InitSafeBootMode = 1 1: kd\> dp fffff80001e7d4b0 L2
fffff80001e7d4b0 0000000000000001 00000000`00000000
Strange! The previous content proof that ‘initsafebootmode’ should be ULONG
itself, but not PULONG. So that *InitSafeBootMode should cause an error. Is
there something I don’t know of “extern” and OS exported variables? Can
anyone explain this for me? Thanks!
å¼ ä½© wrote:
I’m looking for how to judge safe-mode in driver. And at last I found
this from MS:
http://support.microsoft.com/kb/837643
…
So, ‘InitSafeBootMode’ is a pointer to a ULONG. I used windbg to check
this in Win7 64Bit system:
// Non Safe-mode
1: kd> x nt!initsafebootmode
fffff80002ad34b0 nt!InitSafeBootMode = 0 1: kd\> dp fffff80002ad34b0 L2
fffff80002ad34b0 0000000000000000 00000000`00000000
// Safe-mode
1: kd> x nt!initsafebootmode
fffff80001e7d4b0 nt!InitSafeBootMode = 1 1: kd\> dp fffff80001e7d4b0 L2
fffff80001e7d4b0 0000000000000001 00000000`00000000
Strange! The previous content proof that ‘initsafebootmode’ should be
ULONG itself, but not PULONG. So that *InitSafeBootMode should cause
an error. Is there something I don’t know of “extern” and OS exported
variables? Can anyone explain this for me?
Exporting variables from a DLL has always been a bit problematic, but I
believe your analysis is correct. The symbol InitSafeBootMode
represents an unsigned long, not a pointer. I’ve submitted a comment on
the MSDN page.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thanks Tim! If any update, please let me know.
2011/2/12 Tim Roberts
> Changpei wrote:
> > I’m looking for how to judge safe-mode in driver. And at last I found
> > this from MS:
> > http://support.microsoft.com/kb/837643
> > …
> > So, ‘InitSafeBootMode’ is a pointer to a ULONG. I used windbg to check
> > this in Win7 64Bit system:
> >
> > // Non Safe-mode
> > 1: kd> x nt!initsafebootmode
> > fffff80002ad34b0 nt!InitSafeBootMode = 0<br>> > 1: kd> dp fffff80002ad34b0 L2
> > fffff80002ad34b0 0000000000000000 0000000000000000<br>> ><br>> > // Safe-mode<br>> > 1: kd> x nt!initsafebootmode<br>> > fffff80001e7d4b0 nt!InitSafeBootMode = 1
> > 1: kd> dp fffff80001e7d4b0 L2<br>> > fffff80001e7d4b0 0000000000000001 0000000000000000
> >
> > Strange! The previous content proof that ‘initsafebootmode’ should be
> > ULONG itself, but not PULONG. So that *InitSafeBootMode should cause
> > an error. Is there something I don’t know of “extern” and OS exported
> > variables? Can anyone explain this for me?
>
> Exporting variables from a DLL has always been a bit problematic, but I
> believe your analysis is correct. The symbol InitSafeBootMode
> represents an unsigned long, not a pointer. I’ve submitted a comment on
> the MSDN page.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>