Nt(Zw)QuerySystemEnvironmentVariable() equivalent for KernelMode???

Hi everyone,

OK, undocumented Nt(Zw)QuerySystemEnvironmentVariable() exported by
ntdll.dll is accessable from UserMode only, HalGetEnvironmentValue seems to
check for “LastKnownGood” string and do some I/O port reads/writes (IDA
disassembler told this)… So, how to read “USERNAME” (for example)
environment variable from KernelMode driver? Any ideas?

Thanks for help,
Anton

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com