(IFS filter driver) Accessing user buffer from kernel thread or accessing handles within user context

(IFS filter driver) Accessing user buffer from kernel thread or accessing handles within user context: Posted by RA on December 7th, 2005; I am using the Windows IFS kit to write a replication filter-driver.

I am currently doing the following

In open (IRP_MJ_CREATE):
Handle= ZwCreateFile(..);
.. Save Handle

Then in write (IRP_MJ_WRITE):
ZwWriteFile(Handle, .., DataFromTheBufferInIRP)

Unfortunately, the handle is only valid within the context of the process
calling the function. I have also tried to pass all these calls (including
ZwCreateFile and ZwWriteFile) to kernel worker threads using
IoAllocateWorkItem-IoQueueWorkItem sequence. This allows the handle to be
accessed independent of the user thread. However the Irp->UserBuffer is not
accessible in the kernel threads any more.

What can I do to both be able to access the user buffer and have a valid
handle during read/write. Any advice would be greatly appreciated.

Thanks in advance.

RA; Posted by Carl Woodward on December 7th, 2005; One thing you can do is call KeStackAttachProcess to attach the current
thread to the process address space of your choice. Once you've finished
doing what you need to, call KeUnstackDetachProcess to restore the process
context back to what it was.

Take real care using these APIs, dont do anything complex inbetween the two
calls; dont send Irps for example, because you really can cause horrible
problems and dead locks.

Carly

"RA" <roha.20846976@bloglines.com> wrote in message
news:%23WTBirs%23FHA.2628@TK2MSFTNGP11.phx.gbl...; Posted by Vladimir Zinin on December 7th, 2005; Hi,

for direct io - MmGetSystemAddressForMdl
for buffered io - use the IO manager prepared buffer

ObReferenceObjectByHandle
ObOpenObjectByPointer

--
Best regards,
Vladimir Zinin
mailto:vzinin@gmail.com; Posted by RA on December 21st, 2005; Thank you. Your rsponse has been very helpful.
Best wishes,
-- RA

"Carl Woodward" <news@themonkey*removemeplease*alliance.com> wrote in
message news:PMxlf.19421$a15.18649@newsfe5-win.ntli.net...; Posted by Don Burn on December 21st, 2005; The solution here is to use OBJ_KERNEL_HANDLE in InitializeObjectAttributes.
This makes the handle valid in all contexts in the kernel, and not valid in
user space. Using the solutions offered before this are likely to cause
crashes, and are overkill.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

"RA" <roha.20846976@bloglines.com> wrote in message
news:%23WTBirs%23FHA.2628@TK2MSFTNGP11.phx.gbl...

Similar Posts

XP PRO Accessing User Accounts (Microsoft Windows) by ATand HMB
accessing kernel driver from non admin user account (Drivers) by Anders Sipuri
Kernel handle and user thread (Drivers) by Alexander Grigoriev
Sharing very large buffer between User and Kernel (Drivers) by blu
making a kernel buffer user friendly (Drivers) by h. keller