Re[2]: Question about NtCreateProcess

OSR_Community_User · February 28, 2008, 4:35am

Hello soviet,

I saw now that things have to happen in user mode before that call.
The call to NtCreateProcess only creates the executive EPROCESS
object.

Thank you anyway,

Mihai

Thursday, February 28, 2008, 10:58:26 AM, you wrote:

I>> If anyone has a clue on what am I missing feel free to give me a piese of advice

What you are missing here is that drivers are not supposed to call
NtCreateProcess(), because it is not exported by ntoskrnl.exe. The
only advice I can give you is to give it up…

Anton Bassov

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Maxim_S_Shatskih · February 28, 2008, 9:45am

> I have a problem calling NtCreateProcess from a driver. I can’t
figgure-out why

You cannot. Write a helper user app to do this.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Maxim_S_Shatskih · February 28, 2008, 9:46am

> I saw now that things have to happen in user mode before that call.

The call to NtCreateProcess only creates the executive EPROCESS
object.

Yes. To set up the Win32 process in a proper way, around 10 complex steps
should be done, including registering it in CSRSS by sending a message there.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com