- How to get the PUNICODE_STRING from Kernel mode to User mode?
- Posted by Siva Prakash on December 13th, 2003
Hi,
I am using PSSetLoadImageNotifyRoutine() function to
notify the loading of an image from in kernel mode. After
getting the notification, the kernel mode sets a event
object, In User mode, the program waits for the event
object to be signaled. After the event object is signaled,
the user mode program uses DeviceIOControl() function to
get the information about Loaded image. The loaded image
name comes as a PUNICODE_STRING in the kernel mode call
back function. When I use the same data type in the user
mode program, I am able to get only the address value of
the loaded image. How can I get the name of the loaded
image in the user mode?
- Posted by Don Burn on December 13th, 2003
Copy the buffer for the UNICODE_STRING into the buffer for the IOCTL for
Length. Something like, the following where p is the pointer to the buffer.
PWCHAR p;
PUICODE_STRING s;
RtlCopyMemory(p, s->Buffer, s-Length);
p[s->Length] = L'\0';
obviously return the length+1 in the information field. Your user space
program will then have a NULL terminated wide character string to access.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Siva Prakash" <anonymous@discussions.microsoft.com> wrote in message
news:065501c3c184$fedf0b60$a501280a@phx.gbl...
- How to find what OS it is in kernel mode? (Drivers) by Suneet Agera
- kernel mode to user mode (Drivers) by saurabh
- kernel mode to user mode (Drivers) by
- Timer in kernel mode (Drivers) by Sam Johnson
- Re: How detect USER Mode Application is loaded in kernel mode driver (Drivers) by William Ingle
