How to send and receive data from a kernel mode driver to a binary in user mode

StackOverflow https://stackoverflow.com/questions/15810224

  •  01-04-2022
  •  | 
  •  

Pergunta

I am developing a kernel mode filter driver, I want this driver to send a UNICODE String to an exe running in user mode. Kindly provide an example for this, as i am a beginner in driver development.

Below is the code of my driver (From where I want to send UNICODE string)

#include "drv_common.h"
#include "ntddk.h"
#include "FsFilter.h"
#define SOME_SIZE
// PassThrough IRP Handler

NTSTATUS FsFilterDispatchPassThrough( __in PDEVICE_OBJECT DeviceObject, __in PIRP Irp )
{
    PFSFILTER_DEVICE_EXTENSION pDevExt = (PFSFILTER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

    IoSkipCurrentIrpStackLocation(Irp);
    return IoCallDriver(pDevExt->AttachedToDeviceObject, Irp);
}
///////////////////////// struct file info ////////////////////////////////////
struct {
    OBJECT_NAME_INFORMATION NameInfo;
    WCHAR Buffer[64];   // 64 chars must be enough for everybody :)
} InfoBuffer;
///////////////////////////////////////////////////////////////////////////////////////////////////
// IRP_MJ_CREATE IRP Handler

NTSTATUS FsFilterDispatchCreate(
    __in PDEVICE_OBJECT DeviceObject,
    __in PIRP           Irp
    )
{       
        PFILE_OBJECT pFileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;   
        PUNICODE_STRING **temp**;
        RtlInitUnicodeString( temp, L"\\vs\\vs\\Setup\\eula.txt" );

        LONG flag = RtlCompareUnicodeString( temp, &pFileObject->FileName, TRUE ); 

        if ( flag == 0 )
        {
            DbgPrint("File is opened.\n" );
            return STATUS_UNSUCCESSFUL;
    }   

    return FsFilterDispatchPassThrough(DeviceObject, Irp);
}

I want to send &pFileObject->FileName (UNICODE String) from the above code to an executable in the user mode. Suppose, that executable will just print this string on console. Below is my exe code in user mode

.......
.......
int main()
{
    cout<< getUnicodeStringFromKernel();   // Just supposition
    return 0;
}
Foi útil?

Solução

There are a few different ways that you can "access" a kernel mode driver. The most obvious in this case would be to use the ioctl interface.

Unfortunately, I can't provide you with an example, because to achieve that would require me to install the Windows DDK on my virtual machine, along with actually writing the code for it.

There is, however, an article here which explains how ioctls in filter drivers work.

From your application, you need to use DeviceIoControl.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top