I have searched the archives and DDK documentation and am unable to find an
answer; hopefully, some wise soul can help…
I have a kernel device driver and want to allow a user to load the driver on
demand when my user mode application starts. What is the best way to start
the driver on demand from a user mode app (Target OS = 2K & XP) without
elevating user permissions. Can this be done? Any help/advice is
appreciated.
I would forget this demand-loading and load the driver once and forever.
The driver, in turn, will check the user’s permission and possibly allow
some non-admins.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “BigFish”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Monday, November 01, 2004 4:05 PM
Subject: [ntdev] Security permissions question
> I have searched the archives and DDK documentation and am unable to find an
> answer; hopefully, some wise soul can help…
> I have a kernel device driver and want to allow a user to load the driver on
> demand when my user mode application starts. What is the best way to start
> the driver on demand from a user mode app (Target OS = 2K & XP) without
> elevating user permissions. Can this be done? Any help/advice is
> appreciated.
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Bigfish,
Yes, I agree with Maxim, what’s the advantage of demand loading?
A driver loadable by the user app is, as far as I understand it, a major
hassle, and it’s much easier to have the driver loaded at boot-time. It
just makes life a whole lot more complicated for the programmer, and to
very little or no advantage to the user.
The only reason I can think of, to have “load on demand” would be if the
driver is really big. Even so, if it’s correctly designed (as in pageable
code/data wherever allowable), it shouldn’t really cause any noticable
change to the memory available unless the driver is actually being used (in
which case some part needs to be loaded anyways, so doesn’t really make any
difference at this point). Of course if the driver has some initialization
procedure that takes a long time (many seconds) to perform as the driver is
loaded. But then that would be rather silly, becaluse I can’t see any
reason why that procedure couldn’t be moved to the point where the user is
actually activating the driver.
So, if you could explain what your goal is with this, maybe some of us here
(I’m by no means the best expert here, I just talk a lot ;-), can help sort
out the best way to do this.
–
Mats
xxxxx@lists.osr.com wrote on 11/01/2004 01:18:36 PM:
I would forget this demand-loading and load the driver once and
forever.The driver, in turn, will check the user’s permission and possibly
allow
some non-admins.Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com----- Original Message -----
From: “BigFish”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Monday, November 01, 2004 4:05 PM
> Subject: [ntdev] Security permissions question
>
>
> > I have searched the archives and DDK documentation and am unable to
find an
> > answer; hopefully, some wise soul can help…
> > I have a kernel device driver and want to allow a user to load
thedriver on
> > demand when my user mode application starts. What is the best way to
start
> > the driver on demand from a user mode app (Target OS = 2K & XP) without
> > elevating user permissions. Can this be done? Any help/advice is
> > appreciated.
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
> ForwardSourceID:NT0000673A
This is the first task I have been charged with on a short term contract. I
agree this is not the best approach, however it is the approach my client
has requested. I think they want to demand load / unload the driver to
reduce overhead / resource usage. I hope to influence the design of the
product during my time with them, however I also hope to get to the point
where I can influence the design of the app. They have a big demo in a day
or two and I hope to have a workable solution for the demo, thereafter, I
hope to revamp the app so demand loading from user space is not a
requirement… I know that any solution will be some what “clunky” but if I
can find a short term fix, I can buy some time to lay in a real solution.
Any suggestions welcome; are methods such as impersonation relevant ?
Thanks
OrgMsg:
I have searched the archives and DDK documentation and am unable to find an
answer; hopefully, some wise soul can help…
I have a kernel device driver and want to allow a user to load the driver on
demand when my user mode application starts. What is the best way to start
the driver on demand from a user mode app (Target OS = 2K & XP) without
elevating user permissions. Can this be done? Any help/advice is
appreciated.
“BigFish” wrote in message news:xxxxx@ntdev…
> I have searched the archives and DDK documentation and am unable to find
an
> answer; hopefully, some wise soul can help…
> I have a kernel device driver and want to allow a user to load the driver
on
> demand when my user mode application starts. What is the best way to start
> the driver on demand from a user mode app (Target OS = 2K & XP) without
> elevating user permissions. Can this be done? Any help/advice is
> appreciated.
>
>
>
> has requested. I think they want to demand load / unload the driver to
reduce overhead / resource usage.
Note: not all driver can be unloaded. FS filters (unless Filter Manager is
used) cannot be unloaded. The WDM/PnP filters can be unloaded only by the
devnode rebuild, and, if this is impossible (like for boot disk) - then they
cannot be unloaded.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
How about approaching the “big demo” with a “Load driver at boot - Let’s
solve demand loading later” approach?
Of course, if the point of “big demo” is to show demand loading, then
that’s not a particularly good idea
As to “saving resources”, it’s much better to be clever with resources in
the entire driver module, than to rely on loading/unloading of driver to
“save resources”. A loaded driver that doesn’t do anything shouldn’t take
up much resource, apart from a few unpopulated page-table-entries, and some
small amount of global variables (at least, we hope that there is only a
small amount of these!).
I do understand the concept of “staying with the project long enough to
influence it”, and I realize that my suggestions may be counterproductive
to this, so wait for what others have to say if you feel that my ideas are
too radical.
By the way, you could of course have a “Service” process that is used to
load your driver, but that makes things even more messy…
–
Mats
xxxxx@lists.osr.com wrote on 11/01/2004 02:46:25 PM:
This is the first task I have been charged with on a short term contract.
I
agree this is not the best approach, however it is the approach my client
has requested. I think they want to demand load / unload the driver to
reduce overhead / resource usage. I hope to influence the design of the
product during my time with them, however I also hope to get to the point
where I can influence the design of the app. They have a big demo in a
day
or two and I hope to have a workable solution for the demo, thereafter, I
hope to revamp the app so demand loading from user space is not a
requirement… I know that any solution will be some what “clunky” but if
I
can find a short term fix, I can buy some time to lay in a real solution.
Any suggestions welcome; are methods such as impersonation relevant ?
ThanksOrgMsg:
I have searched the archives and DDK documentation and am unable to find
an
answer; hopefully, some wise soul can help…
I have a kernel device driver and want to allow a user to load the driver
on
demand when my user mode application starts. What is the best way to
start
the driver on demand from a user mode app (Target OS = 2K & XP) without
elevating user permissions. Can this be done? Any help/advice is
appreciated.“BigFish” wrote in message news:xxxxx@ntdev…
> > I have searched the archives and DDK documentation and am unable to
find
> an
> > answer; hopefully, some wise soul can help…
> > I have a kernel device driver and want to allow a user to load the
driver
> on
> > demand when my user mode application starts. What is the best way to
start
> > the driver on demand from a user mode app (Target OS = 2K & XP) without
> > elevating user permissions. Can this be done? Any help/advice is
> > appreciated.
> >
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
> ForwardSourceID:NT0000675E
The short answer is that non-administrators cannot demand load drivers. So
either your demo runs as an administrator or you write a service that has
administrative privileges and have your user app ask your service to load
the driver.
That said, if this is a driver for a hardware device rather than some sort
of virtual device, your design is completely wrong anyhow. PnP manages
device installation for hardware devices.
=====================
Mark Roddy
-----Original Message-----
From: BigFish [mailto:xxxxx@intrastart.com]
Sent: Monday, November 01, 2004 9:46 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Security permissions question
This is the first task I have been charged with on a short term contract. I
agree this is not the best approach, however it is the approach my client
has requested. I think they want to demand load / unload the driver to
reduce overhead / resource usage. I hope to influence the design of the
product during my time with them, however I also hope to get to the point
where I can influence the design of the app. They have a big demo in a day
or two and I hope to have a workable solution for the demo, thereafter, I
hope to revamp the app so demand loading from user space is not a
requirement… I know that any solution will be some what “clunky” but if I
can find a short term fix, I can buy some time to lay in a real solution.
Any suggestions welcome; are methods such as impersonation relevant ?
Thanks
OrgMsg:
I have searched the archives and DDK documentation and am unable to find an
answer; hopefully, some wise soul can help…
I have a kernel device driver and want to allow a user to load the driver on
demand when my user mode application starts. What is the best way to start
the driver on demand from a user mode app (Target OS = 2K & XP) without
elevating user permissions. Can this be done? Any help/advice is
appreciated.
“BigFish” wrote in message news:xxxxx@ntdev…
> I have searched the archives and DDK documentation and am unable to
> find
an
> answer; hopefully, some wise soul can help…
> I have a kernel device driver and want to allow a user to load the
> driver
on
> demand when my user mode application starts. What is the best way to
> start the driver on demand from a user mode app (Target OS = 2K & XP)
> without elevating user permissions. Can this be done? Any help/advice
> is appreciated.
>
>
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Mats -
The service idea is exactly what I am proposing. But, since I just got on
this boat, it may take a bit more rowing to get it to turn.
Sincerely…
“Mats PETERSSON” wrote in message
news:xxxxx@ntdev…
>
>
>
>
>
> How about approaching the “big demo” with a “Load driver at boot - Let’s
> solve demand loading later” approach?
>
> Of course, if the point of “big demo” is to show demand loading, then
> that’s not a particularly good idea
>
> As to “saving resources”, it’s much better to be clever with resources in
> the entire driver module, than to rely on loading/unloading of driver to
> “save resources”. A loaded driver that doesn’t do anything shouldn’t take
> up much resource, apart from a few unpopulated page-table-entries, and
some
> small amount of global variables (at least, we hope that there is only a
> small amount of these!).
>
> I do understand the concept of “staying with the project long enough to
> influence it”, and I realize that my suggestions may be counterproductive
> to this, so wait for what others have to say if you feel that my ideas are
> too radical.
>
> By the way, you could of course have a “Service” process that is used to
> load your driver, but that makes things even more messy…
>
> –
> Mats
>
> xxxxx@lists.osr.com wrote on 11/01/2004 02:46:25 PM:
>
> > This is the first task I have been charged with on a short term
contract.
> I
> > agree this is not the best approach, however it is the approach my
client
> > has requested. I think they want to demand load / unload the driver to
> > reduce overhead / resource usage. I hope to influence the design of the
> > product during my time with them, however I also hope to get to the
point
> > where I can influence the design of the app. They have a big demo in a
> day
> > or two and I hope to have a workable solution for the demo, thereafter,
I
> > hope to revamp the app so demand loading from user space is not a
> > requirement… I know that any solution will be some what “clunky” but if
> I
> > can find a short term fix, I can buy some time to lay in a real
solution.
> > Any suggestions welcome; are methods such as impersonation relevant ?
> > Thanks
> >
> > OrgMsg:
> > I have searched the archives and DDK documentation and am unable to find
> an
> > answer; hopefully, some wise soul can help…
> > I have a kernel device driver and want to allow a user to load the
driver
> on
> > demand when my user mode application starts. What is the best way to
> start
> > the driver on demand from a user mode app (Target OS = 2K & XP) without
> > elevating user permissions. Can this be done? Any help/advice is
> > appreciated.
> >
> >
> >
> > “BigFish” wrote in message news:xxxxx@ntdev…
> > > I have searched the archives and DDK documentation and am unable to
> find
> > an
> > > answer; hopefully, some wise soul can help…
> > > I have a kernel device driver and want to allow a user to load the
> driver
> > on
> > > demand when my user mode application starts. What is the best way to
> start
> > > the driver on demand from a user mode app (Target OS = 2K & XP)
without
> > > elevating user permissions. Can this be done? Any help/advice is
> > > appreciated.
> > >
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at http://www.
> > osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> > ForwardSourceID:NT0000675E
>
>
Ok. Fair enough.
Although, I’d still think a driver that loads during BOOT with code that
“activates it” when the user-mode app is run is the neatest and simplest
idea. It saves many headaches.
As Mark Roddy said (I wasn’t sure if there’s a way around it, but Mark
knows his stuff), you need to have admin priv’s to load a driver (otherwise
anyone could load a driver and get to do all sorts of nasty stuff!). I
suppose you could emulate “Run As different user…” in the app. I don’t
know what happens in “Run As …” in windows, but I expect it can be done
somehow in any app if you do the right thing.
Easiest would of couse be to just “adjust” your privileges on the demo
machine so that JohnSmith is now a Administrator user…
Best of luck anyways.
–
Mats
xxxxx@lists.osr.com wrote on 11/01/2004 03:18:05 PM:
Mats -
The service idea is exactly what I am proposing. But, since I just got on
this boat, it may take a bit more rowing to get it to turn.
Sincerely…“Mats PETERSSON” wrote in message
> news:xxxxx@ntdev…
> >
> >
> >
> >
> >
> > How about approaching the “big demo” with a “Load driver at boot -
Let’s
> > solve demand loading later” approach?
> >
> > Of course, if the point of “big demo” is to show demand loading, then
> > that’s not a particularly good idea
> >
> > As to “saving resources”, it’s much better to be clever with resources
in
> > the entire driver module, than to rely on loading/unloading of driver
to
> > “save resources”. A loaded driver that doesn’t do anything shouldn’t
take
> > up much resource, apart from a few unpopulated page-table-entries, and
> some
> > small amount of global variables (at least, we hope that there is only
a
> > small amount of these!).
> >
> > I do understand the concept of “staying with the project long enough to
> > influence it”, and I realize that my suggestions may be
counterproductive
> > to this, so wait for what others have to say if you feel that my ideas
are
> > too radical.
> >
> > By the way, you could of course have a “Service” process that is used
to
> > load your driver, but that makes things even more messy…
> >
> > –
> > Mats
> >
> > xxxxx@lists.osr.com wrote on 11/01/2004 02:46:25 PM:
> >
> > > This is the first task I have been charged with on a short term
> contract.
> > I
> > > agree this is not the best approach, however it is the approach my
> client
> > > has requested. I think they want to demand load / unload the driver
to
> > > reduce overhead / resource usage. I hope to influence the design of
the
> > > product during my time with them, however I also hope to get to the
> point
> > > where I can influence the design of the app. They have a big demo in
a
> > day
> > > or two and I hope to have a workable solution for the demo,
thereafter,
> I
> > > hope to revamp the app so demand loading from user space is not a
> > > requirement… I know that any solution will be some what “clunky” but
if
> > I
> > > can find a short term fix, I can buy some time to lay in a real
> solution.
> > > Any suggestions welcome; are methods such as impersonation relevant ?
> > > Thanks
> > >
> > > OrgMsg:
> > > I have searched the archives and DDK documentation and am unable to
find
> > an
> > > answer; hopefully, some wise soul can help…
> > > I have a kernel device driver and want to allow a user to load the
> driver
> > on
> > > demand when my user mode application starts. What is the best way to
> > start
> > > the driver on demand from a user mode app (Target OS = 2K & XP)
without
> > > elevating user permissions. Can this be done? Any help/advice is
> > > appreciated.
> > >
> > >
> > >
> > > “BigFish” wrote in message
news:xxxxx@ntdev…
> > > > I have searched the archives and DDK documentation and am unable to
> > find
> > > an
> > > > answer; hopefully, some wise soul can help…
> > > > I have a kernel device driver and want to allow a user to load the
> > driver
> > > on
> > > > demand when my user mode application starts. What is the best way
to
> > start
> > > > the driver on demand from a user mode app (Target OS = 2K & XP)
> without
> > > > elevating user permissions. Can this be done? Any help/advice is
> > > > appreciated.
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at http://www.
> > > osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> > > ForwardSourceID:NT0000675E
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
> ForwardSourceID:NT00006772