AntonBassov
Fri Mar 09 07:51:08 CST 2007
> IIRC, you have to create the thread in a separate context, otherwise it will
> run in the app context of the creating threa.
According to WDK documentation, process context depends on ProcessHandle
parameter - if it is NULL (according to DDK/WDK documentation, this is what
drivers should specify), then your thread runs in context of the system
process, and if its (HANDLE)-1, then it runs in context of a caller process
> OBJ_KERNEL_HANDLE just means
> that the handle you create that represents the thread is a protected kernel
> handle
AFAIK, OBJ_KERNEL_HANDLE makes sure that the target handle is placed into
the handle table of the system process, rather than that of a caller. The
only reason why I mentioned OBJ_KERNEL_HANDLE is because its mentioning in
PsCreateSystemThread() documentation implies that the caller does not
necessarily
have to be the system process itself...
Anton Bassov
"Doron Holan [MS]" wrote:
> IIRC, you have to create the thread in a separate context, otherwise it will
> run in the app context of the creating threa. OBJ_KERNEL_HANDLE just means
> that the handle you create that represents the thread is a protected kernel
> handle
>
> d
>
> --
> Please do not send e-mail directly to this alias. this alias is for
> newsgroup purposes only.
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "Anton Bassov" <AntonBassov@discussions.microsoft.com> wrote in message
> news:17F16ECB-29B4-40F7-9935-8E59D76DEB14@microsoft.com...
> >> The DDK states that PsCreateSystemThread under Win2K must be called from
> >> the
> >> system process context only.
> >
> > I somehow failed to find such statement in W2K DDK documentation, although
> > WDK documentation, indeed, says it... However, W2K DDK documentation says
> > exactly the opposite - it states that callers that run in context of any
> > process, apart from the system, should set the OBJ_KERNEL_HANDLE flag
> > within
> > the Attributes parameter
> > (although it also says that this parameter should be NULL)....
> >
> > In my experience, there is no problem with creating a system thread in
> > context of any caller whatsoever under W2K( at least as long as you
> > specify
> > NULL as Attributes, ProcessHandle and ClientId parameters - I did not try
> > anything else, but I believe it would work as well).
> >
> > Therefore, there is just an ommision in WDK. Look at how they put it
> > -"Drivers for Windows 2000 and Windows 98/Me.....", i.e. as if W2K was
> > 9x-based, rather than NT-based system....
> >
> > Anton Bassov
> >
> > "ijor" wrote:
> >
> >> The DDK states that PsCreateSystemThread under Win2K must be called from
> >> the
> >> system process context only. However checking older DDK versions and
> >> older
> >> samples seem to condtradict that statement. This suggest that it can, but
> >> it
> >> shouldn't perhaps because it exposes a bug or a security hole in Win2k.
> >>
> >> So the question is if it is still possible to call PsCreateSystemThread
> >> from
> >> an abritrary process context, perhaps taking special precautions.
> >>
> >> Yeah, I know that I can schedule a work item to create the system thread.
> >> But this creates an overly sinchronization complication between the
> >> dispatch
> >> routines, the work item and the system thread.
>
>
>