[Tigzy]

Hello

I got a little problem while trying to pass args to my ThreadEntryPoint with PsCreateSystemThread ...
Here's my code:

Code: Select all

typedef struct _MESSAGE_TO_SEND {
  WCHAR  msg[MAX_MSG];
  LPWSTR port;
  ULONG command;
  
}MESSAGE_TO_SEND, *PMESSAGE_TO_SEND;

Code: Select all

MESSAGE_TO_SEND m2s = {0};
HANDLE hThread = NULL;

RtlStringCbPrintfW(m2s.msg, MAX_MSG, L"%d", id);
m2s.port = L"\\TestLpcPortName";
m2s.command = 0x5;

NtStatus = PsCreateSystemThread(&hThread, THREAD_ALL_ACCESS, NULL,  NULL, NULL, (PKSTART_ROUTINE)SendMessageLPC, &m2s);
//SendMessageLPC(&m2s);	

Code: Select all

KSTART_ROUTINE SendMessageLPC;

VOID SendMessageLPC(PVOID pm2s)
{
	DbgPrint("msg : %ws\n", ((PMESSAGE_TO_SEND)(pm2s))->msg);
}

When calling my function with SendMessageLPC(&m2s); all is working well.
But when calling with the PsCreateSystemThread it BSOD while attempting to display the DbgPrint...

Any idea?

[EP_X0FF]

Attach minidump.

[Tigzy]

Where can I find it? :roll:

[EP_X0FF]

How to configure Windows to create MiniDump files on BSOD

[Tigzy]

You're quick!
Well, will try to do that

[Tigzy]

Here you are.
Never tried to open it, I guess I must how to

[EP_X0FF]

Attach minidump here.

It is strange that you trying to do something in kernel mode without having simple kernel debugger installed.

Download WDK and install it, WinDBG debugger included.

[Tigzy]

Problem to upload... Will try later

Yes, I'm a beginner :roll:
WDK already installed. But I'm not aware of all tools included

[EP_X0FF]

Few questions:

1) From where called this PsCreateSystemThread?
2) BSOD is PAGE_FAULT_NONPAGED_AREA?
3) m2s is global or local?
4) Is it debug build or release?

[Tigzy]

1) From a Hook callback function
2) Don't know, the VM freezes without a real BSOD
3) m2s is local
4) Build with free x86