PsCreateSystemThread

Hi,

the description of PsCreateSystemThread says that “Drivers for Windows
2000 must call PsCreateSystemThread only from the system process context”.
Is this true for W2KSP4 too and what should happen when I do
PsCreateSystemThread from another context ?

Regards
Else

Hello Else,

I can’t really answer this, but in general functions for w2kSP4 + rollup
1 are analogous to xp sp2.
Since fltmgr was added in w2k sp4 urp1, there were major kernel updates,
however the docs don’t
show this.

Since you only specified sp4, I would assume the docs are correct. However,
if you were to install
URP1, then I’m pretty sure this would change to something a little more
simular to a current OS.

I can’t pull up the docs on this function now.

Just something for you to think about…

Good Luck,

Matt

----- Original Message -----
From: “Else Kluger”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, January 15, 2008 6:14 AM
Subject: [ntdev] PsCreateSystemThread

> Hi,
>
> the description of PsCreateSystemThread says that “Drivers for Windows
> 2000 must call PsCreateSystemThread only from the system process context”.
> Is this true for W2KSP4 too and what should happen when I do
> PsCreateSystemThread from another context ?
>
> Regards
> Else
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

> Drivers for Windows 2000 must call PsCreateSystemThread only

from the system process context".

Nonsense!!! I wrote a code that was creating system threads in response to IOCTLs in context of a calling thread (threads themselves were running in context of a system process, because I had specified NULL for a ProcessHandle). My code was required to work on all service packs of W2K from 0 to 4, as well as on XP SP0 and SP1 (it was the year 2004, so that a retailer version of XP SP2 had not yet been released). The code was working perfectly well everywhere…

BTW, somewhere on MSDN I saw quite an interesting statement on the topic . It was saying "Drivers for Windows 98/Me/2000 must call PsCreateSystemThread only from the system process context " - it was speaking about W2K as if it was from Win9X family of functions…

Probably, the above statement holds true for Win9x, but it *definitely* false for W2K…

Anton Bassov

The statement is not correct, system thread can be created in context of a non-system thread

Well thanks, I saw that statement too, it’s the
reason for my question. As my driver (W2K,XP,Vista) SEEMS to have no
problem under W2K creating threads from somewhere else. I just want to get
rid of the “SEEMS”.
Regards
Else

|---------±-------------------------------->
| | xxxxx@hotmail.c|
| | om |
| | Sent by: |
| | bounce-311542-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/15/2008 02:27 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-----------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE:[ntdev] PsCreateSystemThread |
>-----------------------------------------------------------------------------------------------------------|

> Drivers for Windows 2000 must call PsCreateSystemThread only
> from the system process context".

Nonsense!!! I wrote a code that was creating system threads in response to
IOCTLs in context of a calling thread (threads themselves were running in
context of a system process, because I had specified NULL for a
ProcessHandle). My code was required to work on all service packs of W2K
from 0 to 4, as well as on XP SP0 and SP1 (it was the year 2004, so that a
retailer version of XP SP2 had not yet been released). The code was working
perfectly well everywhere…

BTW, somewhere on MSDN I saw quite an interesting statement on the topic .
It was saying "Drivers for Windows 98/Me/2000 must call
PsCreateSystemThread only from the system process context " - it was
speaking about W2K as if it was from Win9X family of functions…

Probably, the above statement holds true for Win9x, but it definitely
false for W2K…

Anton Bassov


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer