You do not need IFS kit for that.
- psapi will do that in user mode, if you are in kernel mode, you have many
options including use NtQuerySystemInformation (see Native NT API book) and
other APIs (PsXXX). - Run in code in user mode or kernel mode? You can. There are many ways. It
depends how you want to do it, documented or undocumented. In user mode you
can inject a (remote) thread to a process and do whatever you want. APC is
doable only if the thread you queue APC to is in alterable state. - See above.
- You must have the local admin privilege to do that kind of thing anyway.
Bi
-----Original Message-----
From: Dmitry [mailto:xxxxx@intel.com]
Sent: Sunday, October 13, 2002 7:26 AM
To: File Systems Developers
Subject: [ntfsd] Is it possible to run some my code in ring3 for some
specified process.
Can you, please, help me ?
I’m thinking about buying IFS kit in order to solve the following:
I have a PID of the process and should run some code there: ex. load some
DLL and perform some work. Is it possible to do so ? In particular:
- How can I get process by pid in ring0 ?
- How can I enforce some process to run my code (may be using kernel mode
special APC) ? - What APIs should I use for this ?
- What about security ?
Can IFS help me in this ?
You are currently subscribed to ntfsd as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%