switching to user mode

Is it possible to call a user mode function which in turn calls Win32
functions from kernel mode. It means that I should switch to user mode
temporarily.

Alexey Logachyov
xxxxx@vba.com.by
VirusBlokAda ltd.
http://www.vba.com.by


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Well it is probably possible, but honestly, doesn’t this just feel like the
wrong design approach?

-----Original Message-----
From: Alexey Logachyov [mailto:xxxxx@vba.com.by]
Sent: Monday, February 04, 2002 7:49 AM
To: NT Developers Interest List
Subject: [ntdev] switching to user mode

Is it possible to call a user mode function which in turn
calls Win32 functions from kernel mode. It means that I
should switch to user mode temporarily.

Alexey Logachyov
xxxxx@vba.com.by
VirusBlokAda ltd.
http://www.vba.com.by


You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You could have a user-mode program that will sit waiting
a command from you and then call a Win32 function you request
and send you results. You will have to send it a command at
PASSIVE_LEVEL and then wait for response. You could use the
approach with an IRP from the program pended in the driver and
completed to send the command. This should work in NT, but
not in VxD systems, not in general case.

So what function do you want to call?

— “Roddy, Mark” wrote:
> Well it is probably possible, but honestly, doesn’t this just feel like the
> wrong design approach?
>
> > -----Original Message-----
> > From: Alexey Logachyov [mailto:xxxxx@vba.com.by]
> > Sent: Monday, February 04, 2002 7:49 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] switching to user mode
> >
> >
> > Is it possible to call a user mode function which in turn
> > calls Win32 functions from kernel mode. It means that I
> > should switch to user mode temporarily.
> >
> > Alexey Logachyov
> > xxxxx@vba.com.by
> > VirusBlokAda ltd.
> > http://www.vba.com.by
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as:
> > xxxxx@stratus.com To unsubscribe send a blank email to
> > leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@yahoo.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Maybe you’ll try to do some work in the user mode part of your application?
Sockets, events all that stuff. Calling Ring3 from Ring0 is not supported
in Intel architecture and even if OS supports this (in the way of hack) it
looks like it’s a flaw in your driver design…

On 02/04/02, ““Alexey Logachyov” ” wrote:
> Is it possible to call a user mode function which in turn calls Win32
> functions from kernel mode. It means that I should switch to user mode
> temporarily.
>
> Alexey Logachyov
> xxxxx@vba.com.by
> VirusBlokAda ltd.
> http://www.vba.com.by
>
>
>
> —
> You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Actually, you can send an IOCTL to your driver with a pointer to a
function in your UM code. When you get the IOCTL, simply call your UM
function. Now, you have UM code running at protection-level 0.

I too do not recommend doing this, but have fun if you do :slight_smile:

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, February 05, 2002 9:33 AM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

Maybe you’ll try to do some work in the user mode part of your
application?
Sockets, events all that stuff. Calling Ring3 from Ring0 is not
supported
in Intel architecture and even if OS supports this (in the way of hack)
it
looks like it’s a flaw in your driver design…

On 02/04/02, ““Alexey Logachyov” ” wrote:
> Is it possible to call a user mode function which in turn calls Win32
> functions from kernel mode. It means that I should switch to user mode

> temporarily.
>
> Alexey Logachyov
> xxxxx@vba.com.by
> VirusBlokAda ltd.
> http://www.vba.com.by
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I’m not sure that will work for a number of reasons:

  1. The code will still be executing at kernel mode. Just because the
    pointer is passed from user mode to kernel doesn’t change the execution
    mode.

  2. The pointer will probably NOT be valid since it is a user-mode virtual
    address. If it can be assured the kernel-mode driver code is executing in
    the context of the calling process, then OK, otherwise, BSOD.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: Tuesday, February 05, 2002 10:50 AM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

Actually, you can send an IOCTL to your driver with a pointer to a
function in your UM code. When you get the IOCTL, simply call your UM
function. Now, you have UM code running at protection-level 0.

I too do not recommend doing this, but have fun if you do :slight_smile:

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, February 05, 2002 9:33 AM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

Maybe you’ll try to do some work in the user mode part of your
application?
Sockets, events all that stuff. Calling Ring3 from Ring0 is not
supported
in Intel architecture and even if OS supports this (in the way of hack)
it
looks like it’s a flaw in your driver design…

On 02/04/02, ““Alexey Logachyov” ” wrote:
> Is it possible to call a user mode function which in turn calls Win32
> functions from kernel mode. It means that I should switch to user mode

> temporarily.
>
> Alexey Logachyov
> xxxxx@vba.com.by
> VirusBlokAda ltd.
> http://www.vba.com.by
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I would say it is best to have an application running
up there for u… may be something like a service
…and waiting on some means of IPC between the two…
(may be a pipe… i have used them previously) pass
what ever u want up the pipe and …get the results
too…
So u thought, u can so easily make a Win 32 call
running at Kernel Protection??

Chiyam

— Anton Kolomyeytsev wrote:
> Maybe you’ll try to do some work in the user mode
> part of your application?
> Sockets, events all that stuff. Calling Ring3 from
> Ring0 is not supported
> in Intel architecture and even if OS supports this
> (in the way of hack) it
> looks like it’s a flaw in your driver design…
>
> On 02/04/02, ““Alexey Logachyov” ”
> wrote:
> > Is it possible to call a user mode function which
> in turn calls Win32
> > functions from kernel mode. It means that I should
> switch to user mode
> > temporarily.
> >
> > Alexey Logachyov
> > xxxxx@vba.com.by
> > VirusBlokAda ltd.
> > http://www.vba.com.by
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Yep, it does.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Monday, February 04, 2002 3:54 PM
To: NT Developers Interest List
Subject: [ntdev] RE: switching to user mode

Well it is probably possible, but honestly, doesn’t this just feel like
the
wrong design approach?

-----Original Message-----
From: Alexey Logachyov [mailto:xxxxx@vba.com.by]
Sent: Monday, February 04, 2002 7:49 AM
To: NT Developers Interest List
Subject: [ntdev] switching to user mode

Is it possible to call a user mode function which in turn
calls Win32 functions from kernel mode. It means that I
should switch to user mode temporarily.

Alexey Logachyov
xxxxx@vba.com.by
VirusBlokAda ltd.
http://www.vba.com.by


You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@vba.com.by
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Maybe this would be of some interest: It is an article from Microsoft
Research on developing a system to allow a driver to be developed in user
mode.

Basically what the article describes is a system where a generic driver
moves data from I/O control calls to a service that then carries out the
request and the returned data is fed back to the driver in order to
complete the IRP.

http://research.microsoft.com/~galenh/proxy/

-Shaun


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Actually, the pointer is fine. The problem is – callback function calls
some Win32 functions which usually switch to kernel mode. Switching to
KM 2 times is no good.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gregory G. Dyess
Sent: Tuesday, February 05, 2002 6:57 PM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

I’m not sure that will work for a number of reasons:

  1. The code will still be executing at kernel mode. Just because the
    pointer is passed from user mode to kernel doesn’t change the execution
    mode.

  2. The pointer will probably NOT be valid since it is a user-mode
    virtual
    address. If it can be assured the kernel-mode driver code is executing
    in
    the context of the calling process, then OK, otherwise, BSOD.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: Tuesday, February 05, 2002 10:50 AM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

Actually, you can send an IOCTL to your driver with a pointer to a
function in your UM code. When you get the IOCTL, simply call your UM
function. Now, you have UM code running at protection-level 0.

I too do not recommend doing this, but have fun if you do :slight_smile:

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, February 05, 2002 9:33 AM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

Maybe you’ll try to do some work in the user mode part of your
application?
Sockets, events all that stuff. Calling Ring3 from Ring0 is not
supported
in Intel architecture and even if OS supports this (in the way of hack)
it
looks like it’s a flaw in your driver design…

On 02/04/02, ““Alexey Logachyov” ” wrote:
> Is it possible to call a user mode function which in turn calls Win32
> functions from kernel mode. It means that I should switch to user mode

> temporarily.
>
> Alexey Logachyov
> xxxxx@vba.com.by
> VirusBlokAda ltd.
> http://www.vba.com.by
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@vba.com.by
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

All code must work in the same thread. That’s why I cannot create a
waiting thread or process. What do you mean under Kernel Protection? I
do not care about privileges I would have.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Sriram Neelakandan
Iyer
Sent: Tuesday, February 05, 2002 7:45 PM
To: NT Developers Interest List
Subject: [ntdev] Re: switching to user mode

I would say it is best to have an application running
up there for u… may be something like a service
…and waiting on some means of IPC between the two…
(may be a pipe… i have used them previously) pass
what ever u want up the pipe and …get the results
too…
So u thought, u can so easily make a Win 32 call
running at Kernel Protection??

Chiyam

— Anton Kolomyeytsev wrote:
> Maybe you’ll try to do some work in the user mode
> part of your application?
> Sockets, events all that stuff. Calling Ring3 from
> Ring0 is not supported
> in Intel architecture and even if OS supports this
> (in the way of hack) it
> looks like it’s a flaw in your driver design…
>
> On 02/04/02, ““Alexey Logachyov” ”
> wrote:
> > Is it possible to call a user mode function which
> in turn calls Win32
> > functions from kernel mode. It means that I should
> switch to user mode
> > temporarily.
> >
> > Alexey Logachyov
> > xxxxx@vba.com.by
> > VirusBlokAda ltd.
> > http://www.vba.com.by
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com


You are currently subscribed to ntdev as: xxxxx@vba.com.by
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com