I have been attempting to use the ZwLoadDriver() function in DriverEntry()
on a Win 2000 SP1 PC, with some difficulty. The problem is that the call
page faults in RtlVolumeDeviceToDosName.
The primary driver (an NDIS intermediate driver) is set to load at
SERVICE_SYSTEM_START time. The secondary driver (the one I am attempting to
load) is set to start at SERVICE_DEMAND_START time in it’s Services
registry key. The ImagePath in the Services key is specified as
“system32\DRIVERS\mydriver.sys”. Here’s a code snippet:
NDIS_STRING SecondDriverRegPath =
NDIS_STRING_CONST(“\Registry\Machine\System\CurrentControlSet\Services\MyDriver”);
DriverEntry(…)
{
NDIS_STATUS Status;
NDIS_STRING RegPath;
NdisInitUnicodeString(&RegPath, SecondDriverRegPath.Buffer);
Status = ZwLoadDriver(&RegPath);
}
Does anyone have any insight into why this may be occurring, or if there
are any considerations (other than the fact that I am using an undocumented
function) that I should consider when using ZwLoadLibrary()? I know that an
obvious solution is to put all the functionality contained in the second
driver into the first, but I am trying to remove functionality from the
first driver intentionally, for various reasons.
I have tried stepping through the call with SoftICE but the code path is so
long that by the time I have reached the page fault, I have gotten quite
lost as to what is actually happening when the fault occurs.
Thanks in advance to anyone who may be able to shed some light on this.
Ed Lau
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com