Miguel,
To answer your question, need to look at a couple possible
scenarios:
- Does the process you wish to write to ever call your driver?
It is likely it does, some mechanism has to exist to communicate
that a PID, virtual address, and length combination is valid to write
to. If this is the case the simplest way to handle things is to use the
standard NT/2000 mechanisms of receiving a buffer and mapping
for use. The following is the sequence used here:
a. Application calls driver to let driver know that it is to place data
in the specified buffer, this call is done with overlapped I/O so
that the driver may hold on to the request.
b. Driver is called with IOCTL, marks the IRP pending
(IoMarkIrpPending), stores the IRP and sets up an address for
the buffer for the data using MmGetSystemAddressForMdlSafe.
The driver returns from the DeviceIoControl call with
STATUS_MORE_PROCESSING_REQUIRED.
c. When the data is available, the driver takes the IRP it stored and
using the address setup returned by MmGetSystemAddressForMdlSafe
stores the data. The IRP is then completed.
NOTE, IF YOUR APPLICATION ARCHITECTURE DOES NOT
FIT THE ABOVE MODEL, SERIOUSLY THINK ABOUT CHANGING
YOUR APPLICATION SINCE WHAT FOLLOWS IS PRONE TO
ERROR, AND USES UNDOCUMENTED CALLS. THERE IS NO
LOGICAL REASON, NOT TO MAKE THINGS WORK AS ABOVE.
- If you absolutely have to arbitrarily take a PID, VA and Len combo
and write to it, you have a number of problems:
a. Getting the address in the correct process context: When you receive
the PID, VA and Len tuple, use a combination of calls to put the
calling
thread into the PID’s process context, then allocate your own MDL,
then use MmGetSystemAddressForMdlSafe to get the pointer. Then
restore the thread to its original process context.
b. The storing of data, is simple, then you have to manually free the MDL.
c. You also have to have your driver handle the fact that the process may
wish to terminate in the middle of this, so you really don’t want to
store
the data (note, you can do this the creation of the
MmGetSystemAddressForMdlSafe, ups the reference count of the memory
region). But to be a good citizen you need to know that the process is
gone
so destroy the MDL.
ALL OF THE STEPS ABOVE CAN BE DONE, BUT IT INVOLVES A
MULTITUDE OF UNDOCUMENTED CALLS. THIS IS A MESSY SOLUTION
THAT WILL BITE YOU OR THE PERSON WHO COMES AFTER YOU.
If you really insist on a solution like 2, email me directly with
an explanation, an I will
give information on the calls. This is such a bad idea, I do not want to
describe the details on the
list.
Don Burn
Windows 2000 Device Driver and Filesystem consulting
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com