- KeStackAttachProcess
- Posted by Haejin Lee on October 2nd, 2003
Hi! I have a problem with porting driver(none plug and
plug driver) from w2k(nt) to w2k3.
We used ntddk when developing w2k product.
I am going to porting this product to w2k3 using w2k3 ddk.
PsLookupProcessByProcessId, KeAttachProcess,
KeDetachProcess, ObDereferenceObject functions were used
in W2K version to get process information.
But in W2K3 ddk, KeAttachProcess and KeDetachProcess
function are obsolete.
In some documentation, they say that "Use
KeStackAttachProcess and KeUnstackDetachProcess function
instead of them".
As I know, KeStackAttachProcess and KeUnstackDetachProcess
function are undocumented. I searched these functions in
Web sites but I couldn't find how to use.
Please let me know how to use these functions.
I have been troubled with with this problem for several
weeks. ^^;;;;;
In W2K, I used as follows.
typedef PVOID POBJET;
/*==== FORWARD DEFINES ===================*/
NTSYSAPI NTSTATUS NTAPI PsLookupProcessByProcessId(IN
ULONG ProcessId, OUT POBJECT * object);
NTSYSAPI NTSTATUS NTAPI KeAttachProcess(POBJECT Process);
Thank you for your help in advance.
- Posted by Don Burn on October 2nd, 2003
These are in the latest IFS, as was the definition of the KeAttachProcess.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
"Haejin Lee" <leehj99@lgnsys.com> wrote in message
news:147101c388b4$d94dc7f0$a401280a@phx.gbl...
- Posted by Peter Viscarola on October 2nd, 2003
"Haejin Lee" <leehj99@lgnsys.com> wrote in message
news:147101c388b4$d94dc7f0$a401280a@phx.gbl...
These are documented in the IFS kit.
For file systems, KeStackAttachProcess replaces KeAttachProcess which bug
checks when called from a context in which KeAttachProcess has already been
called (in other words, the old function doesn't "stack" -- an attach from
within an attach -- but the new one does).
Peter
OSR
http://www.osronline.com
- Posted by Maxim S. Shatskih on October 2nd, 2003
KeStackAttachProcess is documented in the IFS kit.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com
"Haejin Lee" <leehj99@lgnsys.com> wrote in message
news:147101c388b4$d94dc7f0$a401280a@phx.gbl...
- Posted by Maxim S. Shatskih on October 2nd, 2003
Yes, and thus the need in APC_STATE structure somewhere in the caller to save
the old part of the thread context for further return.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com
- Posted by Haejin Lee on October 6th, 2003
Thank you for your answer.
But, if I don't have IFS Kit, can I use these functions?
I only got these information in ntifs.h file from web site.
- Posted by Maxim S. Shatskih on October 6th, 2003
Yes, if you have the prototype for the function and the APC_STATE
structure.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com
"Haejin Lee" <leehj99@lgnsys.com> wrote in message
news:0ed101c38bc5$63585f60$a301280a@phx.gbl...
