RE: Nt(Zw)QuerySystemEnvironmentVariable() equivalent for- KernelMode???

OSR_Community_User · November 21, 2001, 8:29am

If you want to know the current user, you might try filtering ZwLoadKey(2)
to see what ntuser.dat hives are being loaded.

Charles

-----Original Message-----
From: xxxxx@hotmail.com
[mailto:xxxxx@hotmail.com]
Sent: Tuesday, November 20, 2001 1:14 PM
To: NT Developers Interest List
Subject: [ntdev] Nt(Zw)QuerySystemEnvironmentVariable() equivalent for
KernelMode???

Hi everyone,

OK, undocumented Nt(Zw)QuerySystemEnvironmentVariable() exported by
ntdll.dll is accessable from UserMode only, HalGetEnvironmentValue seems to
check for “LastKnownGood” string and do some I/O port reads/writes (IDA
disassembler told this)… So, how to read “USERNAME” (for example)
environment variable from KernelMode driver? Any ideas?

Thanks for help,
Anton

You are currently subscribed to ntdev as: xxxxx@xetron.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com