Re: PsCreateSystemThread on Win2k
- From: Anton Bassov <AntonBassov@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Mar 2007 05:51:08 -0800
IIRC, you have to create the thread in a separate context, otherwise it will
run in the app context of the creating threa.
According to WDK documentation, process context depends on ProcessHandle
parameter - if it is NULL (according to DDK/WDK documentation, this is what
drivers should specify), then your thread runs in context of the system
process, and if its (HANDLE)-1, then it runs in context of a caller process
OBJ_KERNEL_HANDLE just means
that the handle you create that represents the thread is a protected kernel
handle
AFAIK, OBJ_KERNEL_HANDLE makes sure that the target handle is placed into
the handle table of the system process, rather than that of a caller. The
only reason why I mentioned OBJ_KERNEL_HANDLE is because its mentioning in
PsCreateSystemThread() documentation implies that the caller does not
necessarily
have to be the system process itself...
Anton Bassov
"Doron Holan [MS]" wrote:
IIRC, you have to create the thread in a separate context, otherwise it will.
run in the app context of the creating threa. OBJ_KERNEL_HANDLE just means
that the handle you create that represents the thread is a protected kernel
handle
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Anton Bassov" <AntonBassov@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:17F16ECB-29B4-40F7-9935-8E59D76DEB14@xxxxxxxxxxxxxxxx
The DDK states that PsCreateSystemThread under Win2K must be called from
the
system process context only.
I somehow failed to find such statement in W2K DDK documentation, although
WDK documentation, indeed, says it... However, W2K DDK documentation says
exactly the opposite - it states that callers that run in context of any
process, apart from the system, should set the OBJ_KERNEL_HANDLE flag
within
the Attributes parameter
(although it also says that this parameter should be NULL)....
In my experience, there is no problem with creating a system thread in
context of any caller whatsoever under W2K( at least as long as you
specify
NULL as Attributes, ProcessHandle and ClientId parameters - I did not try
anything else, but I believe it would work as well).
Therefore, there is just an ommision in WDK. Look at how they put it
-"Drivers for Windows 2000 and Windows 98/Me.....", i.e. as if W2K was
9x-based, rather than NT-based system....
Anton Bassov
"ijor" wrote:
The DDK states that PsCreateSystemThread under Win2K must be called from
the
system process context only. However checking older DDK versions and
older
samples seem to condtradict that statement. This suggest that it can, but
it
shouldn't perhaps because it exposes a bug or a security hole in Win2k.
So the question is if it is still possible to call PsCreateSystemThread
from
an abritrary process context, perhaps taking special precautions.
Yeah, I know that I can schedule a work item to create the system thread.
But this creates an overly sinchronization complication between the
dispatch
routines, the work item and the system thread.
- References:
- Re: PsCreateSystemThread on Win2k
- From: Doron Holan [MS]
- Re: PsCreateSystemThread on Win2k
- Prev by Date: Re: Difxapp error list
- Next by Date: Re: HID minidriver with multiple report descriptors
- Previous by thread: Re: PsCreateSystemThread on Win2k
- Next by thread: IM(passthru) installation
- Index(es):
Relevant Pages
|
