reading environment variables from a kernel driver

NTDEV
1

Hi all,

I would like to know if there is a way for a kernel driver to access the
environment variables of the process which is calling the driver’s entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which inherits these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were commenting was out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find anything by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

2

No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change them and any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a better way to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to access the
environment variables of the process which is calling the driver’s entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which inherits these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were commenting was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find anything by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

What Doron says is definitely correct. There may be a better solution
depending on what you are actually trying to do. In your description, what
method is the program using to call into your driver? An IOCTL? If the
program is already dealing with a IOCTL interface to the driver, then why
not provide another mechanism by which the program can inform the driver
about the specific attributes of its environment that the driver might care
about. Without knowing more details, it’s hard to say what would be the
best course of action.

With that in mind, if you’re merely looking to experiment (read: not use in
a production driver), then there are ways that a driver can access the
environment variables associated with a process through undocumented means.
One approach is to use NtQueryInformationProcess (unprototyped export) with
the ProcessBasicInformation (0) process information class to obtain the
PebBaseAddress for the process. From there, you can reference the process’
environment through Peb->ProcessParameters->Environment. Keep in mind that
it is important to reference these memory locations in a safe fashion since
a malicious program could unmap or otherwise invalidate them (potentially
causing a crash). You also need to make sure that you do the appropriate
security checks to prevent kernel-mode memory from being referenced. Again,
this approach is entirely undocumented. It could stop working tomorrow, but
it probably won’t.

Undocumented structures used in the above approach:
PROCESS_BASIC_INFORMATION, PEB, RTL_USER_PROCESS_PARAMETERS.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, May 01, 2006 12:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] reading environment variables from a
kernel driver

No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change
them and any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a
better way to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to
access the
environment variables of the process which is calling the
driver’s entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which
inherits these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were
commenting was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find
anything by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer

4

Thanks Doron.

I am still in the exploratory phase, so I am trying to see what is feasible
and what is not. As you say, maybe there is a better way to do what I need.

The driver I am writing is a file system driver. It is expected that batch
files will be written that call programs that work on files in my file
system. These programs cannot be expected to make special calls specific to
my driver.

So one of the avenues I am investigating is the use of environment
variables. In the scenarios I am interested in, I assume the programmer is
programming in the batch file language, and he *does* know that he is
programming to my file system. He may want to set options in the file
system driver for the programs he is calling, but he does not want these
options to be globally applicable to all processes running on the machine,
or to have any side effects outside the scope of the batch file.

So one option I am looking into is environment variables. The programmer
could write a batch file like this:

@echo off
setlocal
set FS_OPTION1=value1
set FS_OPTION2=value2
notepad P:\file.txt

So when notepad opens file.txt (assuming P: is my file system), my file
system driver will use the two options as specified. When the batch file
ends, the options go away. Batch files can call other batch files with
different options without side effects.

(The “no side effects” comment depends on batch files calling setlocal
correctly, but this is a reasonable expectation for my scenarios)

I am new to driver development, so maybe there is a better way to pass
non-global, out-of-band information like this to my driver. The local
context for this information should be a process. All suggestions welcome.
Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, May 01, 2006 13:15
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] reading environment variables from a kernel driver

No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change them and any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a better way to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to access the
environment variables of the process which is calling the driver’s entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which inherits these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were commenting was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find anything by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

Of course, there is no synchronization between your access of
ProcessParameters->Environment and another thread in the app
reformatting/altering/reallocationg the buffer so I wouldn’t even go
there to begin with.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Matt Miller
Sent: Monday, May 01, 2006 11:07 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] reading environment variables from a kernel driver

What Doron says is definitely correct. There may be a better solution
depending on what you are actually trying to do. In your description,
what
method is the program using to call into your driver? An IOCTL? If the
program is already dealing with a IOCTL interface to the driver, then
why
not provide another mechanism by which the program can inform the driver
about the specific attributes of its environment that the driver might
care
about. Without knowing more details, it’s hard to say what would be the
best course of action.

With that in mind, if you’re merely looking to experiment (read: not use
in
a production driver), then there are ways that a driver can access the
environment variables associated with a process through undocumented
means.
One approach is to use NtQueryInformationProcess (unprototyped export)
with
the ProcessBasicInformation (0) process information class to obtain the
PebBaseAddress for the process. From there, you can reference the
process’
environment through Peb->ProcessParameters->Environment. Keep in mind
that
it is important to reference these memory locations in a safe fashion
since
a malicious program could unmap or otherwise invalidate them
(potentially
causing a crash). You also need to make sure that you do the
appropriate
security checks to prevent kernel-mode memory from being referenced.
Again,
this approach is entirely undocumented. It could stop working tomorrow,
but
it probably won’t.

Undocumented structures used in the above approach:
PROCESS_BASIC_INFORMATION, PEB, RTL_USER_PROCESS_PARAMETERS.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, May 01, 2006 12:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] reading environment variables from a
kernel driver

No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change
them and any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a
better way to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to
access the
environment variables of the process which is calling the
driver’s entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which
inherits these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were
commenting was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find
anything by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

6

I think what you are describing is a way for, essentially, a non
programmer dictate that action of a file system driver, on a per process
basis? I can’t say that I have a better idea that this. That being
said, the idea of having a file system that may or may not be writeable
modify it’s behavior based on environment variables with, essentially,
arbitrary values, but hardcoded names is about as unsafe a practice as I
could imagine. Someone is going to have to write some real code in
order for this to have a prayer of being workable.

>> xxxxx@tawacentral.net 2006-05-01 14:18:23 >>>
Thanks Doron.

I am still in the exploratory phase, so I am trying to see what is
feasible
and what is not. As you say, maybe there is a better way to do what I
need.

The driver I am writing is a file system driver. It is expected that
batch
files will be written that call programs that work on files in my file
system. These programs cannot be expected to make special calls
specific to
my driver.

So one of the avenues I am investigating is the use of environment
variables. In the scenarios I am interested in, I assume the
programmer is
programming in the batch file language, and he *does* know that he is
programming to my file system. He may want to set options in the file
system driver for the programs he is calling, but he does not want
these
options to be globally applicable to all processes running on the
machine,
or to have any side effects outside the scope of the batch file.

So one option I am looking into is environment variables. The
programmer
could write a batch file like this:

@echo off
setlocal
set FS_OPTION1=value1
set FS_OPTION2=value2
notepad P:\file.txt

So when notepad opens file.txt (assuming P: is my file system), my
file
system driver will use the two options as specified. When the batch
file
ends, the options go away. Batch files can call other batch files
with
different options without side effects.

(The “no side effects” comment depends on batch files calling setlocal
correctly, but this is a reasonable expectation for my scenarios)

I am new to driver development, so maybe there is a better way to pass
non-global, out-of-band information like this to my driver. The local
context for this information should be a process. All suggestions
welcome.
Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, May 01, 2006 13:15
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] reading environment variables from a kernel
driver

No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change them and
any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a better way
to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to access
the
environment variables of the process which is calling the driver’s
entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which inherits
these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were commenting
was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find anything
by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

7

Write a tiny C app which will call the necessary “set mode” IOCTLs to the
driver.
Add it as the first line to your BAT files.

All is trivial.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Roger Tawa”
To: “Windows System Software Devs Interest List”
Sent: Monday, May 01, 2006 10:18 PM
Subject: RE: [ntdev] reading environment variables from a kernel driver

> Thanks Doron.
>
> I am still in the exploratory phase, so I am trying to see what is feasible
> and what is not. As you say, maybe there is a better way to do what I need.
>
> The driver I am writing is a file system driver. It is expected that batch
> files will be written that call programs that work on files in my file
> system. These programs cannot be expected to make special calls specific to
> my driver.
>
> So one of the avenues I am investigating is the use of environment
> variables. In the scenarios I am interested in, I assume the programmer is
> programming in the batch file language, and he does know that he is
> programming to my file system. He may want to set options in the file
> system driver for the programs he is calling, but he does not want these
> options to be globally applicable to all processes running on the machine,
> or to have any side effects outside the scope of the batch file.
>
> So one option I am looking into is environment variables. The programmer
> could write a batch file like this:
>
> @echo off
> setlocal
> set FS_OPTION1=value1
> set FS_OPTION2=value2
> notepad P:\file.txt
>
> So when notepad opens file.txt (assuming P: is my file system), my file
> system driver will use the two options as specified. When the batch file
> ends, the options go away. Batch files can call other batch files with
> different options without side effects.
>
> (The “no side effects” comment depends on batch files calling setlocal
> correctly, but this is a reasonable expectation for my scenarios)
>
> I am new to driver development, so maybe there is a better way to pass
> non-global, out-of-band information like this to my driver. The local
> context for this information should be a process. All suggestions welcome.
> Thanks.
>
> =================================================
> Roger Tawa
> http://tawacentral.net/
> [One thing about paradigms: shift happens.]
> [When you stop, you’re done.]
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
> Sent: Monday, May 01, 2006 13:15
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] reading environment variables from a kernel driver
>
> No, there is no documented way to do this. Furthermore, env vars are
> not to be trusted. Anyone/thing in the process can change them and any
> application that launches the batch file can change the batch file
> itself.
>
> Even if you were able to get the env var, what decision in your driver
> would you make with that information? Perhaps there is a better way to
> do what you want in a documented fashion.
>
> d
>
> – I can spell, I just can’t type.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
> Sent: Monday, May 01, 2006 10:03 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] reading environment variables from a kernel driver
>
> Hi all,
>
> I would like to know if there is a way for a kernel driver to access the
> environment variables of the process which is calling the driver’s entry
> point. Specifically, if a user runs a batch file which sets some
> environment variables, and then executes a program (which inherits these
> variables) that calls into the driver, can get the driver get to the
> environment?
>
> I found this thread on the NTFSD list (which people were commenting was
> out
> of place there):
>
> http://www.osronline.com/showThread.cfm?link=87350
>
> but there is no answer in there anyway. I also did not find anything by
> searching this list or Google.
>
> There is a win32 api called GetEnvironmentVariable(), but I could not
> find
> an equivalent kernel level call.
>
> Thanks.
>
> =================================================
> Roger Tawa
> http://tawacentral.net/
> [One thing about paradigms: shift happens.]
> [When you stop, you’re done.]
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

8

I replied earlier, in what probably seemed like a needlessly critical
manner. My apologies; this was not my intention.

What I was trying to say is that, in my opinion, regardless of the
implementation on which you decide, you definitely want someone who will
find it very difficult to escape being held accountable (i. e. - they
sign checks) to sign off on this. Personally, I think you are out of
your mind if you don’t, because, however genuine the intentions are
present, a disaster with this setup very easily could result in the
sorts of security problems, real or perceived, that tend to send
everyone running for cover. In this case, based on about 10 years of my
experience as a consultant (which, compared to many on this list, is not
all that much; I no longer am one), the only way to indemnify yourself
from this one, assuming that it may make it out the door in any way,
shape or form ( assuming that your employer operate’s for profit (I’m
not trying to be obnoxious here; profit does not apply to my current
situation), I don’t see how there could be any other working
assumption), is for the client to sign off on something that says that
combining the goals of ease of programming to the extreme and a file
system driver will invariably result in gigantic security issues, no
matter how implemented. That you forthrightly and laudably, in my
opinion, make no bones about you’re being new to this issue will only
makes things worse, mostly because it, should the situation boil over,
will make things untenable for those that put you in charge.

The technical aspects of this just massively and not exactly
deterministicly (for the reasons Doron described) complicate things.
For example, there is a very suggestively variable named something like
EnvironmentPointer in a structure that has, at times, been documented,
and, for most purposes, is essentially so to a useful degree.
Additionally, it is located within the structure in such a way the a
heuristic could easily be developed that would never, by any but
pathological degenerates, fail to at least demonstrate that the data in
question could not be trusted (it’s located between a self-reference and
the client ID (which you know)). However, ignoring that it is either
misleadingly named or essentially never used (I don’t know which), it is
also right next to the area where the stack boundaries are maintained,
and, as such, is the primary target for things like buffer overflow
attacks. There are a lot of problems like this that require a lot of
experiencing to have a chance to sort out.

I included the technicial reason only as a reference. My real message,
for whatever it is worth, is to protect yourself.

MM

>> xxxxx@microsoft.com 2006-05-01 13:15 >>>
No, there is no documented way to do this. Furthermore, env vars are
not to be trusted. Anyone/thing in the process can change them and
any
application that launches the batch file can change the batch file
itself.

Even if you were able to get the env var, what decision in your driver
would you make with that information? Perhaps there is a better way
to
do what you want in a documented fashion.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roger Tawa
Sent: Monday, May 01, 2006 10:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading environment variables from a kernel driver

Hi all,

I would like to know if there is a way for a kernel driver to access
the
environment variables of the process which is calling the driver’s
entry
point. Specifically, if a user runs a batch file which sets some
environment variables, and then executes a program (which inherits
these
variables) that calls into the driver, can get the driver get to the
environment?

I found this thread on the NTFSD list (which people were commenting
was
out
of place there):

http://www.osronline.com/showThread.cfm?link=87350

but there is no answer in there anyway. I also did not find anything
by
searching this list or Google.

There is a win32 api called GetEnvironmentVariable(), but I could not
find
an equivalent kernel level call.

Thanks.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

9

Thanks Max. That is one of the solutions I am considering too.

However, it requires two lines in the batch file: the first, as you mention,
to set the options, and then another at the end to reset them. Otherwise
side effects will remain and accumulate.

And this assumes the batch file does not exist prematurely, or is killed
with Ctrl-C.

Not quite so trivial… :slight_smile:

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Monday, May 01, 2006 15:53
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] reading environment variables from a kernel driver

Write a tiny C app which will call the necessary “set mode” IOCTLs to
the
driver.
Add it as the first line to your BAT files.

All is trivial.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

10

Tie the options to the process ID, which you can either pass in or get
from your dispatch routine (PsMumbleMumble… don’t remember the
function call).

As for resetting the parameters at the end of the batch file, batch
files typically modify the environment of their parent process, so you
can have that same problem there, especially if a bunch of batch files
are called in sequence. There’s no free lunch there.

Needless to say, there could be security implications of any of these
methods.

Roger Tawa wrote:

Thanks Max. That is one of the solutions I am considering too.

However, it requires two lines in the batch file: the first, as you mention,
to set the options, and then another at the end to reset them. Otherwise
side effects will remain and accumulate.

And this assumes the batch file does not exist prematurely, or is killed
with Ctrl-C.

Not quite so trivial… :slight_smile:

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Monday, May 01, 2006 15:53
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] reading environment variables from a kernel driver

Write a tiny C app which will call the necessary “set mode” IOCTLs to
the
driver.
Add it as the first line to your BAT files.

All is trivial.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Ray

11

Np Martin. I get your message to protect myself.

For one, I will not consider any solution that is not officially supported.
If getting environment variables from a kernel driver is not something that
is officially supported, then this solution is dead right here.

If getting environment variables were officially supported, which I now
assume is not the case from all the responses I have received, then that
would bring up another set of questions wrt security and such. Based on
those concerns this solution could also be dead. I think what you are
saying is that security concerns also make this solution a no-go.

Thanks to everyone who responded.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

12

Furthermore, if the app needs to have finer grain control of the options
at the thread level you are out of luck as well since all threads share
the same set of env vars.

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, May 01, 2006 2:14 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] reading environment variables from a kernel driver

Tie the options to the process ID, which you can either pass in or get
from your dispatch routine (PsMumbleMumble… don’t remember the
function call).

As for resetting the parameters at the end of the batch file, batch
files typically modify the environment of their parent process, so you
can have that same problem there, especially if a bunch of batch files
are called in sequence. There’s no free lunch there.

Needless to say, there could be security implications of any of these
methods.

Roger Tawa wrote:

Thanks Max. That is one of the solutions I am considering too.

However, it requires two lines in the batch file: the first, as you
mention,
to set the options, and then another at the end to reset them.
Otherwise
side effects will remain and accumulate.

And this assumes the batch file does not exist prematurely, or is
killed
with Ctrl-C.

Not quite so trivial… :slight_smile:

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
Shatskih
Sent: Monday, May 01, 2006 15:53
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] reading environment variables from a kernel
driver

Write a tiny C app which will call the necessary “set mode” IOCTLs
to
the
driver.
Add it as the first line to your BAT files.

All is trivial.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Ray

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

13

Hi Ray,

Its true that setting environment variables in a batch file change the
value in the cmd.exe process that executes it, but when you call
setlocal, cmd.exe guarantees that the variables are scoped to the
batch file. Effectively, those values are deleted when the batch file
ends, or revert back to their original value.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]

14

Sorry, missed that point in the original posting.

If you wrote a little app that sets the parameters the way you want,
there’s no reason you couldn’t have it track those changes and add
another command line parameter that says “revert the changes” and use
that instead of setlocal (it’s not as convenient, granted… you have to
make sure the batch file always exits through a point that reverts the
changes (using “goto revertAndExit” instead of “exit”, etc., is one
approach).

Or, you could wrap all your bat files in a little generic bat file that
does something like:

call %1
myIOCTLApp -revert

It’s hard to get around this being a little bit inconvenient.

Roger Tawa wrote:

Hi Ray,

Its true that setting environment variables in a batch file change the
value in the cmd.exe process that executes it, but when you call
setlocal, cmd.exe guarantees that the variables are scoped to the
batch file. Effectively, those values are deleted when the batch file
ends, or revert back to their original value.

=================================================
Roger Tawa
http://tawacentral.net/
[One thing about paradigms: shift happens.]
[When you stop, you’re done.]


Ray