Re: Using section/view in the driver

Gary,

DriverEntry() and AddDevice() are called in the context of a system
process. If you create a kernel thread with PsCreateSystemThread() and
specify NULL as ProcessHandle argument,
your thread will run in the context of a system process as well.
Therefore, if you create a section in DriverEntry() or AddDevice(), you
will have no problem mapping it in the context of a kernel thread that
you have created. To summarize, all your worries are unfounded


Anton Bassov

Gary Li wrote:
Thanks for the feeback.

My problem actually is:
I need to access a big file in the workitem routine (kernel thread created
by driver and running in the PASSIVE_LEVEL). However, ZwCreateSection() will
report STATUS_SECTION_TOO_BIG if called in the routines other than
DriverEntry() or AddDevice().
Therefore, I am planing to create the file and section in AddDevice(), and
to map the view in the workitem routines. Now sure whether they are legal.
NtCurrentProcess() will be used to get process handle during mapping the view.
If AddDevice() and workitem are in different processes, how to use this
mechanism ? or is there any other mechanism to try for the same purpose ?

Thanks

-Gary

"soviet_bloke@xxxxxxxxxxx" wrote:

Can I call ZwCreateSection() and ZwMapViewOfSection() with the same handle in
the different processes ?

Of course you cannot do it - *ANY* handle is valid only in the context
of a process that has opened it, unless it has been duplicated with
DuplicateHandle()

Anton Bassov

Gary Li wrote:
Can I call ZwCreateSection() and ZwMapViewOfSection() with the same handle in
the different processes ?

-Gary



.

Relevant Pages