Section and DriverObject

I’ve to make available the DriverObject that is passed to the DriverEntry of my driver to an application in user mode for read/write access, and retrieve the modifications commited in user mode, later in kernel mode.
Do you think a section object could be suitable for it?

Tnx
Matt

>I’ve to make available the DriverObject that is passed to the DriverEntry

of my driver to an application in user mode for read/write access, and
retrieve the modifications commited in user mode, later in kernel mode.
Do you think a section object could be suitable for it?

I’d like to suggest that making the memory for a DriverObject accessible
from a user-mode program sounds like a really bad idea. Not only is it a
horrible security breach, but you now will have an app (or a malicious app)
that can crash the system. Generally, my rule of thumb is it should be
impossible for user mode code to bring down the system.

If your driver wants to communicate with a user mode app in some unusual
way, then define an IOCTL, and be sure the driver verifies any data in the
IOCTL before using it. A few rare cases might be best served by a shared
memory block between an app and a driver, certainly NOT by trying to share
the DriverObject or any other kernel data structure.

  • Jan

Yes, I know that what I’m doing (giving applications access to kernel
objects) sounds like crazy, but I’m working on an academic project where the
scope is making a driver runnable in user mode.
What I’m implementing right now is a proxy driver that will forward I/O
manager requests to a special user mode component (an I/O manager
stub…let’s say) that, in turn will call entry points of my kernel mode
driver running in user mode. This structure will, in the future, host a user
mode version of NDIS.
So, to give full access to kernel functions in user mode I’ve to provide an
interface to and from the kernel. From user mode to the kernel, I created a
kernel mode driver that extend the WinNT native API giving access to kernel
mode functions not exported by NTDLL.DLL (via INT 2E). Now, I’m figuring out
how to communicate from the proxy driver to the user mode stub…
Any suggestion is welcome…

Thanks
Regards

Matt

----- Original Message -----
From: “Jan Bottorff”
To: “NT Developers Interest List”
Sent: Thursday, October 19, 2000 2:23 PM
Subject: [ntdev] Re: Section and DriverObject

>
> >I’ve to make available the DriverObject that is passed to the DriverEntry
> >of my driver to an application in user mode for read/write access, and
> >retrieve the modifications commited in user mode, later in kernel mode.
> >Do you think a section object could be suitable for it?
>
> I’d like to suggest that making the memory for a DriverObject accessible
> from a user-mode program sounds like a really bad idea. Not only is it a
> horrible security breach, but you now will have an app (or a malicious
app)
> that can crash the system. Generally, my rule of thumb is it should be
> impossible for user mode code to bring down the system.
>
> If your driver wants to communicate with a user mode app in some unusual
> way, then define an IOCTL, and be sure the driver verifies any data in the
> IOCTL before using it. A few rare cases might be best served by a shared
> memory block between an app and a driver, certainly NOT by trying to share
> the DriverObject or any other kernel data structure.
>
> - Jan
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@dolce.it
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>

> So, to give full access to kernel functions in user mode I’ve to

provide an
interface to and from the kernel. From user mode to the kernel, I
created a
kernel mode driver that extend the WinNT native API giving access
to kernel
mode functions not exported by NTDLL.DLL (via INT 2E). Now, I’m
figuring out
how to communicate from the proxy driver to the user mode stub…
Any suggestion is welcome…

From user-mode app send private IOCTL to your driver
passing address of function in your user-mode exe
Driver calls this function by pointer
Now this function still runs in kernel mode
but in user addresses( because driver called it
but it’s address is in user space )
What this means that this function
can call both kernel-mode functions(its running in kernel-mode)
and call user-mode functions too( because exe is linked with kernel
for example)

Have fun


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

This way every dispatch function of my driver will be running in kernel
mode, but I’ll have the andavntage of eliminating a custom ntdll that will
export kernel inaccessible kernel functions to user mode.
My idea was running as much code as possible in user mode and switching to
kernel mode only when necessary (when kernel functions are called). That is
why i was wondering about memory mapping between kernel and user mode.

  • Matt

----- Original Message -----
From: “Dennis”
To: “NT Developers Interest List”
Sent: Thursday, October 19, 2000 2:49 PM
Subject: [ntdev] Re: Section and DriverObject

> So, to give full access to kernel functions in user mode I’ve to
> provide an
> interface to and from the kernel. From user mode to the kernel, I
> created a
> kernel mode driver that extend the WinNT native API giving access
> to kernel
> mode functions not exported by NTDLL.DLL (via INT 2E). Now, I’m
> figuring out
> how to communicate from the proxy driver to the user mode stub…
> Any suggestion is welcome…

From user-mode app send private IOCTL to your driver
passing address of function in your user-mode exe
Driver calls this function by pointer
Now this function still runs in kernel mode
but in user addresses( because driver called it
but it’s address is in user space )
What this means that this function
can call both kernel-mode functions(its running in kernel-mode)
and call user-mode functions too( because exe is linked with kernel
for example)

Have fun

__________________________________________________

Do You Yahoo!?

Talk to your friends online with Yahoo! Messenger.

http://im.yahoo.com


You are currently subscribed to ntdev as: xxxxx@dolce.it
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Do u think this can be accomplished with an NDIS protocol driver as well?

-Matt
----- Original Message -----
From: “Dennis”
To: “NT Developers Interest List”
Sent: Thursday, October 19, 2000 2:49 PM
Subject: [ntdev] Re: Section and DriverObject

> So, to give full access to kernel functions in user mode I’ve to
> provide an
> interface to and from the kernel. From user mode to the kernel, I
> created a
> kernel mode driver that extend the WinNT native API giving access
> to kernel
> mode functions not exported by NTDLL.DLL (via INT 2E). Now, I’m
> figuring out
> how to communicate from the proxy driver to the user mode stub…
> Any suggestion is welcome…

From user-mode app send private IOCTL to your driver
passing address of function in your user-mode exe
Driver calls this function by pointer
Now this function still runs in kernel mode
but in user addresses( because driver called it
but it’s address is in user space )
What this means that this function
can call both kernel-mode functions(its running in kernel-mode)
and call user-mode functions too( because exe is linked with kernel
for example)

Have fun

__________________________________________________

Do You Yahoo!?

Talk to your friends online with Yahoo! Messenger.

http://im.yahoo.com


You are currently subscribed to ntdev as: xxxxx@dolce.it
To unsubscribe send a blank email to $subst(‘Email.Unsub’)