Hi all.
I'm developing a kernel-mode driver for notifying new process creation,I use PsSetCreateProcessNotifyRoutineEx for doing it:
I want to send a string value (For example "String") from Kernel-mode driver to user-mode application .
I'm using Event sharing method(Create a user mode Event and pas that's handle to kernel), but when start User mode app the GUI begin hanged !
If you can, put a simple example for me (Only for sending data from kernel to user land)
I'm developing a kernel-mode driver for notifying new process creation,I use PsSetCreateProcessNotifyRoutineEx for doing it:
I want to send a string value (For example "String") from Kernel-mode driver to user-mode application .
I'm using Event sharing method(Create a user mode Event and pas that's handle to kernel), but when start User mode app the GUI begin hanged !
If you can, put a simple example for me (Only for sending data from kernel to user land)
Code: Select all
My callback:
//----------------------------------------------
// Private storage for process retreiving
//----------------------------------------------
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT DeviceObject;
//----------------------------------------------
// Shared section
//----------------------------------------------
HANDLE hProcessId;
PUNICODE_STRING szImageFileName;
PUNICODE_STRING szCmdLine ;
//----------------------------------------------
// Process section data
//----------------------------------------------
PKEVENT ProcessEvent;
HANDLE hParentId;
BOOLEAN bCreate;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;Code: Select all
can anyone help me to do this ?//----------------------------------------------
// Process function callback
//----------------------------------------------
VOID CreateProcessNotifyEx(
__inout PEPROCESS Process,
__in HANDLE ProcessId,
__in_opt PPS_CREATE_NOTIFY_INFO CreateInfo)
{
PDEVICE_EXTENSION extension;
if (CreateInfo)
{
if(CreateInfo->FileOpenNameAvailable==TRUE)
{
// Assign extension variable
extension =(PDEVICE_EXTENSION) g_pDeviceObject->DeviceExtension;
DbgPrintEx(
DPFLTR_IHVDRIVER_ID,
DPFLTR_INFO_LEVEL,
"PID : 0x%X (%d) ImageName :%wZ CmdLine : %wZ \n",
ProcessId,ProcessId,
CreateInfo->ImageFileName,
CreateInfo->CommandLine
);
// Assign current values into device extension.
// User-mode apps will pick it up using DeviceIoControl calls.
extension->hProcessId = ProcessId;
extension->szImageFileName =(PUNICODE_STRING) CreateInfo->ImageFileName;
extension->szCmdLine = (PUNICODE_STRING)CreateInfo->CommandLine;
//extension->bCreate = bCreate;
// Signal the event thus the user-mode apps listening will be aware
// that something interesting has happened.
KeSetEvent(extension->ProcessEvent, 0, FALSE);
KeClearEvent(extension->ProcessEvent);
/*
for passing data by RtlCopyMemory(Irp->UserBuffer, &_OutBuffer, outputLength);
RtlCopyMemory(_OutBuffer,CreateInfo->ImageFileName,sizeof(CreateInfo->ImageFileName));
if(gpEventObject!=NULL)
KeSetEvent((PRKEVENT)gpEventObject, 0, FALSE);*/
}
}
}
