thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E in which thread context is the Native API is executed? System thread context or Caller thread context?

Thanks
-Matt

When you invoke a system service call the invoking thread transitions from
user mode to kernel mode. This transition gives the thread a new stack and
an expanded virtual address space, but the thread continues to retain most
other features it had in user mode. It belongs to the same process, has the
same priority, the same security context etc. And of course its user virtual
address space is the same user virtual address space as before the thread
entered the kernel.

Mark Roddy
Windows 2000/NT Consultant
Hollis Technology Solutions
www.hollistech.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Monday, October 30, 2000 5:25 AM
To: NT Developers Interest List
Subject: [ntdev] thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E in
which thread context is the Native API is executed? System thread context or
Caller thread context?

Thanks
-Matt

>When a NT Native API is executed from User Mode by calling an INT 2E in

which thread context is the Native API is executed? System thread context
or Caller thread context?

Caller thread context.
System threads are kmode-only and cannot return to user mode - NT does not
allocate the control structure necessary to return to user mode for them.

Max

Caller Thread Context!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Monday, October 30, 2000 3:55 PM
To: NT Developers Interest List
Subject: [ntdev] thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E in
which thread context is the Native API is executed? System thread context or
Caller thread context?

Thanks
-Matt

How can I request the execution of a Native API in System Thread Context from User mode?

Thanks
-Matt
----- Original Message -----
From: Sivaselvam C N
To: NT Developers Interest List
Sent: Thursday, November 02, 2000 1:00 PM
Subject: [ntdev] RE: thread context of native apis

Caller Thread Context!
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Monday, October 30, 2000 3:55 PM
To: NT Developers Interest List
Subject: [ntdev] thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E in which thread context is the Native API is executed? System thread context or Caller thread context?

Thanks
-Matt

As for as my knowledge goes

  1. Thread context is something to do with the address space etc. Consider
    data reading from some external device! Though system threads can read from
    devices, after the IO completion in the drivers, when the control goes to
    user mode as an APC (Anysc procedure callback), the APC has to be invoked in
    the thread context of the user mode thread. Only then the data read will be
    seen by the user mode application in its address space. The pointers in
    user mode are valid only in the thread and corresponding process context.

  2. This applies to GUI as well as worker threads (Created using CreateThread
    etc)

  3. When a thread is created in a driver and if it runs at or above
    DISPACTH_LEVEL it will run in the context of system thread. Meaning it can
    not assume a process space of the user application (if the system thread
    runs due to some user mode application action). It can not touch any
    pointers not allocated in the kernel space.

In other words In my opinion user mode programs which run at PASSIVE_LEVEL
or APC_LEVEL can not be considered/made to execute in system thread context.

Siva
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Thursday, November 02, 2000 6:53 PM
To: NT Developers Interest List
Subject: [ntdev] RE: thread context of native apis

How can I request the execution of a Native API in System Thread Context
from User mode?

Thanks
-Matt
----- Original Message -----
From: Sivaselvam C N
To: NT Developers Interest List
Sent: Thursday, November 02, 2000 1:00 PM
Subject: [ntdev] RE: thread context of native apis

Caller Thread Context!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Monday, October 30, 2000 3:55 PM
To: NT Developers Interest List
Subject: [ntdev] thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E
in which thread context is the Native API is executed? System thread context
or Caller thread context?

Thanks
-Matt

If I interpret your question literally, and I have a healthy suspicion that
I shouldn’t, then you would send an IOCTL to a driver of your own design.
This IOCTL would request the API. Your driver would hand the request off to
a system worker thread, either one of its own creation (preferred in this
case) or one of the standard system worker threads. The worker thread would
execute the api and return the results (via some event signaling mechanism)
to the driver. I have no clue what benefit you expect to gain from such a
convoluted series of operations. You would have to deal with all issues
regarding things like input/output buffers etc.

Mark Roddy
xxxxx@hollistech.com
www.hollistech.com
WindowsNT Windows 2000 Consulting Services

-----Original Message-----
From: Matteo Pelati [mailto:xxxxx@dolce.it]
Sent: Thursday, November 02, 2000 8:23 AM
To: NT Developers Interest List
Subject: [ntdev] RE: thread context of native apis

How can I request the execution of a Native API in System Thread Context
from User mode?

Thanks
-Matt

----- Original Message -----
From: Sivaselvam C N mailto:xxxxx
To: NT Developers Interest List mailto:xxxxx
Sent: Thursday, November 02, 2000 1:00 PM
Subject: [ntdev] RE: thread context of native apis

Caller Thread Context!

-----Original Message-----
From: xxxxx@lists.osr.com
mailto:xxxxx [
mailto:xxxxx@lists.osr.com
mailto:xxxxx]On Behalf Of Matteo Pelati
Sent: Monday, October 30, 2000 3:55 PM
To: NT Developers Interest List
Subject: [ntdev] thread context of native apis

Hi!

When a NT Native API is executed from User Mode by calling an INT 2E in
which thread context is the Native API is executed? System thread context or
Caller thread context?

Thanks
-Matt</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

>3) When a thread is created in a driver and if it runs at or above

DISPACTH_LEVEL it will run in the context of system thread.

No. KeRaiseIrql does not switch the thread context. DISPATCH_LEVEL does not
mean “system thread context”.
The majority of the DISPATCH_LEVEL code is called from DpcForIsrs of timer
DPCs. They interrupt any thread running in this time. Thus - you’re correct
in this - it is impossible to assume any thread context while in DPC.

Max

Yes! I agree and thanks for correcting! Probably we should say that the
thread will be running at arbitrary thread context.

One related question is when will you say a thread executes in system thread
context?

Siva

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Friday, November 03, 2000 5:41 AM
To: NT Developers Interest List
Subject: [ntdev] RE: thread context of native apis

  1. When a thread is created in a driver and if it runs at or above
    DISPACTH_LEVEL it will run in the context of system thread.

No. KeRaiseIrql does not switch the thread context. DISPATCH_LEVEL does not
mean “system thread context”.
The majority of the DISPATCH_LEVEL code is called from DpcForIsrs of timer
DPCs. They interrupt any thread running in this time. Thus - you’re correct
in this - it is impossible to assume any thread context while in DPC.

Max


You are currently subscribed to ntdev as: xxxxx@teil.soft.net
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

If the thread belongs to system process.
Every driver entry and driver unload routine is called in some thread
belonging
to system process ie. it executes in system thread context.
Every worker sheduled by ExQueueWorkItem is also executed in system
thread context.
Also you can create your own system thread yourself by
PsCreateSystemThread.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Sivaselvam C N
Sent: Friday, November 03, 2000 6:47 AM
To: NT Developers Interest List
Subject: [ntdev] RE: thread context of native apis

Yes! I agree and thanks for correcting! Probably we should say that the
thread will be running at arbitrary thread context.

One related question is when will you say a thread executes in system
thread
context?

Siva

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Friday, November 03, 2000 5:41 AM
To: NT Developers Interest List
Subject: [ntdev] RE: thread context of native apis

  1. When a thread is created in a driver and if it runs at or above
    DISPACTH_LEVEL it will run in the context of system thread.

No. KeRaiseIrql does not switch the thread context. DISPATCH_LEVEL does
not
mean “system thread context”.
The majority of the DISPATCH_LEVEL code is called from DpcForIsrs of
timer
DPCs. They interrupt any thread running in this time. Thus - you’re
correct
in this - it is impossible to assume any thread context while in DPC.

Max


You are currently subscribed to ntdev as: xxxxx@teil.soft.net
To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntdev as: xxxxx@compelson.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

> One related question is when will you say a thread executes in system
thread

context?

ExQueueWorkItem callbacks and the function called by PsCreateSystemThread.

Max