ZwWriteVirtualMemory() missing in Win2K?

Hi everyone,

This mail comes from a newbie, so please let me apologize in advance
if this seems like a dumb question: I usually prefer to read and learn from
all of you (the gurus), but after having a quick search through the
docs/archives
I’m still stuck, so here it goes…

I’m having my first steps developing kernel-mode drivers on Win2K. I’m using
the Win2K DDK and I’ve been avoiding entering further into WDM details, as
the “legacy driver” scheme seemed to work fine. But now I need to perform a
specific task (write to a memory location whitin an application context) so I
realized the simplest way of doing that was to use ZwWriteVirtualMemory().

The problem I’m facing is that this function doesn’t seem to be available on
Win2K DDK. In fact, the NTDDK.H file I have implements around 28
ZwXxx functions (“BUILD Version: 0132”), mostly being file/key/link/timer
related, but many useful ZwXxxx functions (like ZwQuerySystemInformation
and virtual memory related ones) doesn’t seem to be available at all.

I can’t see the reason for this at present stage, so some help on the subject
would be mostly appreciated. I’ve been reading/learning from Dekker’s
“Developing WinNT Dev. Drivers” book and using the “Windows NT/2K
Native API” as a reference, so you may refer to both if it helps…

Thanks,

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hello Miguel,
are you sure you want to write into Apps memory ?
How does the App know that you have written memory ?
How do you know that the App is still alive ?

Consider having a DevIoControl/Read pending in the App.
This would be the normal way of data exchange between a driver and an
App.


| Norbert Kawulski | mailto:xxxxx@stollmann.de |
| Stollmann E+V GmbH, Development | http://www.stollmann.de |

“All generalizations are false.”

Hi everyone,

This mail comes from a newbie, so please let me apologize in advance
if this seems like a dumb question: I usually prefer to read and learn from
all of you (the gurus), but after having a quick search through the
docs/archives
I’m still stuck, so here it goes…

I’m having my first steps developing kernel-mode drivers on Win2K. I’m using
the Win2K DDK and I’ve been avoiding entering further into WDM details, as
the “legacy driver” scheme seemed to work fine. But now I need to perform a
specific task (write to a memory location whitin an application context) so I
realized the simplest way of doing that was to use ZwWriteVirtualMemory().

The problem I’m facing is that this function doesn’t seem to be available on
Win2K DDK. In fact, the NTDDK.H file I have implements around 28
ZwXxx functions (“BUILD Version: 0132”), mostly being file/key/link/timer
related, but many useful ZwXxxx functions (like ZwQuerySystemInformation
and virtual memory related ones) doesn’t seem to be available at all.

I can’t see the reason for this at present stage, so some help on the subject
would be mostly appreciated. I’ve been reading/learning from Dekker’s
“Developing WinNT Dev. Drivers” book and using the “Windows NT/2K
Native API” as a reference, so you may refer to both if it helps…

Thanks,

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

If you are trying to access memory of a process from a device
driver you need to be in the context of the process. For example,
if you are called from an application, you may access memory
from that application. If you need to access memory in an arbitrary
context (such as an interrupt or DPC routine) use the various
memory manager calls to create a MDL for the region you wish
to address, while you are in the context of the process.

If you really need to access an arbitrary process context, there
are undocumented calls to attach a specific processes context,
but I suspect as a newbie, you are not doing this.

Don Burn
Windows 2000 Device Driver and Filesystem consulting.

> Hi everyone,

> This mail comes from a newbie, so please let me apologize in advance
> if this seems like a dumb question: I usually prefer to read and learn
from
> all of you (the gurus), but after having a quick search through the
> docs/archives
> I’m still stuck, so here it goes…

> I’m having my first steps developing kernel-mode drivers on Win2K. I’m
using
> the Win2K DDK and I’ve been avoiding entering further into WDM details,
as
> the “legacy driver” scheme seemed to work fine. But now I need to
perform a
> specific task (write to a memory location whitin an application context)
so I
> realized the simplest way of doing that was to use
ZwWriteVirtualMemory().

> The problem I’m facing is that this function doesn’t seem to be
available on
> Win2K DDK. In fact, the NTDDK.H file I have implements around 28
> ZwXxx functions (“BUILD Version: 0132”), mostly being
file/key/link/timer
> related, but many useful ZwXxxx functions (like ZwQuerySystemInformation
> and virtual memory related ones) doesn’t seem to be available at all.

> I can’t see the reason for this at present stage, so some help on the
subject
> would be mostly appreciated. I’ve been reading/learning from Dekker’s
> “Developing WinNT Dev. Drivers” book and using the “Windows NT/2K
> Native API” as a reference, so you may refer to both if it helps…

> Thanks,

> Miguel Monteiro
> xxxxx@criticalsoftware.com
> www.criticalsoftware.com
> ------------------------------------------------------------
> «Humour and love are God’s answers
> to Human weaknesses»


You are currently subscribed to ntdev as: xxxxx@acm.org
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Is there some compelling you have to have a kernel mode driver write
directly into the applications data space? A far better way of doing this
that provides far fewer synchronization issues is would be to use a blocking
IoCtl call that returns when the data is “ready”.

Gary

-----Original Message-----
From: Miguel Monteiro
[mailto:xxxxx@criticalsoftware.com]
Sent: Wednesday, January 31, 2001 4:13 AM
To: NT Developers Interest List
Subject: [ntdev] ZwWriteVirtualMemory() missing in
Win2K?

Hi everyone,

This mail comes from a newbie, so please let me apologize in
advance
if this seems like a dumb question: I usually prefer to read
and learn from
all of you (the gurus), but after having a quick search
through the
docs/archives
I’m still stuck, so here it goes…

I’m having my first steps developing kernel-mode drivers on
Win2K. I’m using
the Win2K DDK and I’ve been avoiding entering further into
WDM details, as
the “legacy driver” scheme seemed to work fine. But now I
need to perform a
specific task (write to a memory location whitin an
application context) so I
realized the simplest way of doing that was to use
ZwWriteVirtualMemory().

The problem I’m facing is that this function doesn’t seem to
be available on
Win2K DDK. In fact, the NTDDK.H file I have implements
around 28
ZwXxx functions (“BUILD Version: 0132”), mostly being
file/key/link/timer
related, but many useful ZwXxxx functions (like
ZwQuerySystemInformation
and virtual memory related ones) doesn’t seem to be
available at all.

I can’t see the reason for this at present stage, so some
help on the subject
would be mostly appreciated. I’ve been reading/learning from
Dekker’s
“Developing WinNT Dev. Drivers” book and using the “Windows
NT/2K
Native API” as a reference, so you may refer to both if it
helps…

Thanks,

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

?Humour and love are God’s answers
to Human weaknesses?


You are currently subscribed to ntdev as:
xxxxx@delphieng.com
To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

On Wednesday, January 31, 2001 4:39 PM Gary Little wrote:

Subject: [ntdev] RE: ZwWriteVirtualMemory() missing in Win2K?

Is there some compelling you have to have a kernel mode driver write
directly into the applications data space? A far better way of doing this
that provides far fewer synchronization issues is would be to use a blocking
IoCtl call that returns when the data is “ready”.

Gary

Thanks, Gary. You’re right, but I already did that (I guess?) in my first
initial
approach (I passed data in the Irp->AssociatedIrp.SystemBuffer). The problem
is now I’m having to access another app context (the PID I get hold of might
be an arbitrary one, not exactly the one from the app calling the driver), and
it’s
becoming clear to me I’ll have to study Memory Device Lists (MDL) a bit further,
even if I don’t have (yet) the need to get into DPC stuff… :wink:

Miguel Monteiro
xxxxx@criticalsoftware.com
www.criticalsoftware.com

«Humour and love are God’s answers
to Human weaknesses»


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

> the “legacy driver” scheme seemed to work fine. But now I need to perform
a

specific task (write to a memory location whitin an application context)
so I
realized the simplest way of doing that was to use ZwWriteVirtualMemory().

Do not do this. Use the user buffer pointer and write to it directly by
RtlCopyMemory, but from under the __try/__except block.
The exception will mean - the user buffer pointer is bad.

Max


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com