Re: How to read current kernel image from driver?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Doron Holan [MS] (doronh_at_nospam.microsoft.com)
Date: 04/22/04

• Next message: paullee: "Re: what is DRIVER_VERIFIER_IOMANAGER_VIOLATION meaning??"
• Previous message: Doron Holan [MS]: "Re: DFW (WDF?) Example from WinHEC 2003 and Power Management"
• In reply to: Doug Phelps: "How to read current kernel image from driver?"
• Next in thread: Doug Phelps: "Re: How to read current kernel image from driver?"
• Reply: Doug Phelps: "Re: How to read current kernel image from driver?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 22 Apr 2004 08:50:31 -0700

how can you verify integrity given that service packs and hotfixes can
legitamitely change the code that you are supposed verifying? \SystemRoot
is a valid start to a path, you can figure out how to get the rest i am
sure.

d

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only.
"Doug Phelps" <Doug4361@hotmail.com> wrote in message
news:86940cce.0404220658.4211d9fe@posting.google.com...
> I want to be able to read parts of the current kernel' image on disk
> from a driver. This is partly to verify integrity of the current
> kernel.
>
> I'm having problems with this. First, I can't determine current
> kernel.
>
> NtQuerySystemInformation provides me with
> "\WINNT\System32\ntoskrnl.exe" as a path, but how do I convert that to
> useable path for ZwOpenFile or ZwCreateFile? This has to work for
> kernels that have been renamed or load from non-c: drives.
>
> This also assumes that the first entry returned in the module
> information list is always the kernel image, which may be a bad
> assumption.
>
> I'm not even certain that I can then read the file if I open it. I'd
> want to open, read, and close the file during my DriverEntry.
>
> Any advice?
>
> Thanks
> -Doug

---

• Next message: paullee: "Re: what is DRIVER_VERIFIER_IOMANAGER_VIOLATION meaning??"
• Previous message: Doron Holan [MS]: "Re: DFW (WDF?) Example from WinHEC 2003 and Power Management"
• In reply to: Doug Phelps: "How to read current kernel image from driver?"
• Next in thread: Doug Phelps: "Re: How to read current kernel image from driver?"
• Reply: Doug Phelps: "Re: How to read current kernel image from driver?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: How to read current kernel image from driver? ... kernel image on disk. ... >> from a driver. ... This is partly to verify integrity of the current ... >> information list is always the kernel image, ... (microsoft.public.development.device.drivers) How to read current kernel image from driver? ... I want to be able to read parts of the current kernel' image on disk ... from a driver. ... This is partly to verify integrity of the current ... useable path for ZwOpenFile or ZwCreateFile? ... (microsoft.public.development.device.drivers) Re: 2.6.30-rc4 kernel ... I think there may be a problem with the 2.6.30 kernel that is ... # Generic Driver Options ... # PCI IDE chipsets support ... # Other IDE chipsets support ... (Linux-Kernel) 2.6.30-rc4 kernel ... kernel panic - not syncing: ... # Generic Driver Options ... # PCI IDE chipsets support ... # Other IDE chipsets support ... (Linux-Kernel) [PATCH 18-rc2] Fix typos in /Documentation : N-P ... Again, if you're not gonna do synchronization with disk drives (dang, ... -the kernel. ... There are two options specific to PSX driver portion. ... The driver uses the settings from the EEPROM set in the SCSI BIOS ... (Linux-Kernel)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2004-04