Can kernel mode call Win32 API ?

TheMSsForum.com: The Microsoft Software Forum

Hi

Can kernel mode driver call Win32 API function like MessageBox and winsock ?

If I want to write a virtual driver use some Win32 API and library , is it
possible?

Thank you .
Top

Re: Can kernel mode call Win32 API ? by Don

Don
Tue May 06 05:19:33 CDT 2008

This has been answered many times the answer is NO. If you need a function
that does not have a kernel mode equivalent, you either need to write your
own or use a helper application to perform that work for the driver.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply



"Kid" <Kid@discussions.microsoft.com> wrote in message
news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
> Hi
>
> Can kernel mode driver call Win32 API function like MessageBox and winsock
> ?
>
> If I want to write a virtual driver use some Win32 API and library , is it
> possible?
>
> Thank you .


Top

Re: Can kernel mode call Win32 API ? by Maxim

Maxim
Tue May 06 13:19:30 CDT 2008

MessageBox - no, WinSock - no, only TDI and - in Vista+ - WinSock Kernel,
which has nothing common with WinSock except the general concepts.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

"Kid" <Kid@discussions.microsoft.com> wrote in message
news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
> Hi
>
> Can kernel mode driver call Win32 API function like MessageBox and winsock ?
>
> If I want to write a virtual driver use some Win32 API and library , is it
> possible?
>
> Thank you .

Top

Re: Can kernel mode call Win32 API ? by Kid

Kid
Tue May 06 17:27:01 CDT 2008

hi Don

Can we write some text or database from kernel mode, is there any API ?

Thanks much


"Don Burn" wrote:

> This has been answered many times the answer is NO. If you need a function
> that does not have a kernel mode equivalent, you either need to write your
> own or use a helper application to perform that work for the driver.
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
> "Kid" <Kid@discussions.microsoft.com> wrote in message
> news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
> > Hi
> >
> > Can kernel mode driver call Win32 API function like MessageBox and winsock
> > ?
> >
> > If I want to write a virtual driver use some Win32 API and library , is it
> > possible?
> >
> > Thank you .
>
>
>
Top

Re: Can kernel mode call Win32 API ? by Don

Don
Tue May 06 17:36:33 CDT 2008

Yes, look at ZwCreateFile, ZwWriteFile, ZwReadFile and ZwClose. They are
very similar to the Win32 functions. Other ZwXXX calls may also be of
interest.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply




"Kid" <Kid@discussions.microsoft.com> wrote in message
news:3950C5BB-2DE7-40B0-BD40-EF3EB880181F@microsoft.com...
> hi Don
>
> Can we write some text or database from kernel mode, is there any API ?
>
> Thanks much
>
>
> "Don Burn" wrote:
>
>> This has been answered many times the answer is NO. If you need a
>> function
>> that does not have a kernel mode equivalent, you either need to write
>> your
>> own or use a helper application to perform that work for the driver.
>>
>>
>> --
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>> Remove StopSpam to reply
>>
>>
>>
>> "Kid" <Kid@discussions.microsoft.com> wrote in message
>> news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
>> > Hi
>> >
>> > Can kernel mode driver call Win32 API function like MessageBox and
>> > winsock
>> > ?
>> >
>> > If I want to write a virtual driver use some Win32 API and library , is
>> > it
>> > possible?
>> >
>> > Thank you .
>>
>>
>>


Top

Re: Can kernel mode call Win32 API ? by Doron

Doron
Tue May 06 19:18:45 CDT 2008

note that to use these APIs you must be at passive level which means you
must defer to a work item if you want to write anything out if you are at an
IRQL > passive. at that point, it is almost just as easy to send the data
to an application which has a much richer set of APIs to write out the data

d

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.


"Don Burn" <burn@stopspam.windrvr.com> wrote in message
news:%23dV5lm8rIHA.1436@TK2MSFTNGP05.phx.gbl...
> Yes, look at ZwCreateFile, ZwWriteFile, ZwReadFile and ZwClose. They are
> very similar to the Win32 functions. Other ZwXXX calls may also be of
> interest.
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
>
> "Kid" <Kid@discussions.microsoft.com> wrote in message
> news:3950C5BB-2DE7-40B0-BD40-EF3EB880181F@microsoft.com...
>> hi Don
>>
>> Can we write some text or database from kernel mode, is there any API ?
>>
>> Thanks much
>>
>>
>> "Don Burn" wrote:
>>
>>> This has been answered many times the answer is NO. If you need a
>>> function
>>> that does not have a kernel mode equivalent, you either need to write
>>> your
>>> own or use a helper application to perform that work for the driver.
>>>
>>>
>>> --
>>> Don Burn (MVP, Windows DDK)
>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>> Website: http://www.windrvr.com
>>> Blog: http://msmvps.com/blogs/WinDrvr
>>> Remove StopSpam to reply
>>>
>>>
>>>
>>> "Kid" <Kid@discussions.microsoft.com> wrote in message
>>> news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
>>> > Hi
>>> >
>>> > Can kernel mode driver call Win32 API function like MessageBox and
>>> > winsock
>>> > ?
>>> >
>>> > If I want to write a virtual driver use some Win32 API and library ,
>>> > is it
>>> > possible?
>>> >
>>> > Thank you .
>>>
>>>
>>>
>
>

Top

Re: Can kernel mode call Win32 API ? by Kid

Kid
Tue May 06 20:07:00 CDT 2008

How could I send data to an application in kernel mode ?

Can I loead an application by some function in kernel mode ?

Thanks much


"Don Burn" wrote:

> Yes, look at ZwCreateFile, ZwWriteFile, ZwReadFile and ZwClose. They are
> very similar to the Win32 functions. Other ZwXXX calls may also be of
> interest.
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
>
> "Kid" <Kid@discussions.microsoft.com> wrote in message
> news:3950C5BB-2DE7-40B0-BD40-EF3EB880181F@microsoft.com...
> > hi Don
> >
> > Can we write some text or database from kernel mode, is there any API ?
> >
> > Thanks much
> >
> >
> > "Don Burn" wrote:
> >
> >> This has been answered many times the answer is NO. If you need a
> >> function
> >> that does not have a kernel mode equivalent, you either need to write
> >> your
> >> own or use a helper application to perform that work for the driver.
> >>
> >>
> >> --
> >> Don Burn (MVP, Windows DDK)
> >> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >> Website: http://www.windrvr.com
> >> Blog: http://msmvps.com/blogs/WinDrvr
> >> Remove StopSpam to reply
> >>
> >>
> >>
> >> "Kid" <Kid@discussions.microsoft.com> wrote in message
> >> news:2BFDA94B-3827-4BE9-9D58-811401CE401B@microsoft.com...
> >> > Hi
> >> >
> >> > Can kernel mode driver call Win32 API function like MessageBox and
> >> > winsock
> >> > ?
> >> >
> >> > If I want to write a virtual driver use some Win32 API and library , is
> >> > it
> >> > possible?
> >> >
> >> > Thank you .
> >>
> >>
> >>
>
>
>
Top

Re: Can kernel mode call Win32 API ? by Kerem

Kerem
Tue May 06 21:57:43 CDT 2008

Hi Kid,

>How could I send data to an application in kernel mode ?

You mean to your Driver in Kernel Mode. You can send
any data to your driver by using IOCTL (DeviceIoControl function)
and handling IRP_MJ_DEVICE_CONTROL in your Kernel Driver.
Or by opening a handle to your Driver/Device after your
driver has been loaded and created a symbolic link that the
user mode application can open and write/read to/from
it. Then you handle IRP_MJ_READ and IRP_MJ_WRITE,
and some others, which depends on your drivers layout.
There are some other (exotic) ways but these are the standartized
and well documented ones you should use. Vista offers something
named WSK, which is a User Mode like Kernel Socket interface
for TCP/IP Communication, but i dont know how to use it, though
it should be very simillar to usermode sockets. I did not use WSK
until today, so i dont know how usefull it is,... check if you like.

See here:
[Winsock Kernel]
http://msdn.microsoft.com/en-us/library/aa504179.aspx

Here are some good basic tutorials i recommend to you:
Complete the Series and you have "basic" driver development
knowledge you can extend by reading the DDK, which is
a MUST!

[Driver Development Part 1: Introduction to Drivers]
http://www.codeproject.com/KB/system/driverdev.aspx

Windows DDK and Windows SDK are your best friends,...

Regards

Kerem

--
--
-----------------------
Beste Grüsse / Best regards / Votre bien devoue
Kerem Gümrükcü
Microsoft Live Space: http://kerem-g.spaces.live.com/
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."


Top

Re: Can kernel mode call Win32 API ? by Doron

Doron
Wed May 07 00:48:08 CDT 2008

you do not want to use a socket to talk to your driver. way too much
overhead for no gain. Just use custom IOCTLs to shuttle the data you want
back and forth.

d

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.


"Kerem Gümrükcü" <kareem114@hotmail.com> wrote in message
news:eVlTi5%23rIHA.672@TK2MSFTNGP02.phx.gbl...
> Hi Kid,
>
>>How could I send data to an application in kernel mode ?
>
> You mean to your Driver in Kernel Mode. You can send
> any data to your driver by using IOCTL (DeviceIoControl function)
> and handling IRP_MJ_DEVICE_CONTROL in your Kernel Driver.
> Or by opening a handle to your Driver/Device after your
> driver has been loaded and created a symbolic link that the
> user mode application can open and write/read to/from
> it. Then you handle IRP_MJ_READ and IRP_MJ_WRITE,
> and some others, which depends on your drivers layout.
> There are some other (exotic) ways but these are the standartized
> and well documented ones you should use. Vista offers something
> named WSK, which is a User Mode like Kernel Socket interface
> for TCP/IP Communication, but i dont know how to use it, though
> it should be very simillar to usermode sockets. I did not use WSK
> until today, so i dont know how usefull it is,... check if you like.
>
> See here:
> [Winsock Kernel]
> http://msdn.microsoft.com/en-us/library/aa504179.aspx
>
> Here are some good basic tutorials i recommend to you:
> Complete the Series and you have "basic" driver development
> knowledge you can extend by reading the DDK, which is
> a MUST!
>
> [Driver Development Part 1: Introduction to Drivers]
> http://www.codeproject.com/KB/system/driverdev.aspx
>
> Windows DDK and Windows SDK are your best friends,...
>
> Regards
>
> Kerem
>
> --
> --
> -----------------------
> Beste Grüsse / Best regards / Votre bien devoue
> Kerem Gümrükcü
> Microsoft Live Space: http://kerem-g.spaces.live.com/
> Latest Open-Source Projects: http://entwicklung.junetz.de
> -----------------------
> "This reply is provided as is, without warranty express or implied."
>
>

Top

Re: Can kernel mode call Win32 API ? by Kerem

Kerem
Wed May 07 01:12:47 CDT 2008

Hi Doron,

it was just an option. Sure, he should use user defined IOCTL's.
thats the best option for this. He only should decide how he send/receives
data on both ends, e.g. buffered, etc,...

Did you used the WSK, i mean in general? I have no experience
on WSK. Can Usermode and Kernelmode connect via User2Kernel
and vice versa socket? Is any kind of security possible?

Regards

K.

--
--
-----------------------
Beste Grüsse / Best regards / Votre bien devoue
Kerem Gümrükcü
Microsoft Live Space: http://kerem-g.spaces.live.com/
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."

"Doron Holan [MSFT]" <doronh@online.microsoft.com> schrieb im Newsbeitrag
news:eGSmuXAsIHA.4492@TK2MSFTNGP02.phx.gbl...
> you do not want to use a socket to talk to your driver. way too much
> overhead for no gain. Just use custom IOCTLs to shuttle the data you want
> back and forth.
>
> d
>
> --
> Please do not send e-mail directly to this alias. this alias is for
> newsgroup purposes only.
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Kerem Gümrükcü" <kareem114@hotmail.com> wrote in message
> news:eVlTi5%23rIHA.672@TK2MSFTNGP02.phx.gbl...
> > Hi Kid,
> >
> >>How could I send data to an application in kernel mode ?
> >
> > You mean to your Driver in Kernel Mode. You can send
> > any data to your driver by using IOCTL (DeviceIoControl function)
> > and handling IRP_MJ_DEVICE_CONTROL in your Kernel Driver.
> > Or by opening a handle to your Driver/Device after your
> > driver has been loaded and created a symbolic link that the
> > user mode application can open and write/read to/from
> > it. Then you handle IRP_MJ_READ and IRP_MJ_WRITE,
> > and some others, which depends on your drivers layout.
> > There are some other (exotic) ways but these are the standartized
> > and well documented ones you should use. Vista offers something
> > named WSK, which is a User Mode like Kernel Socket interface
> > for TCP/IP Communication, but i dont know how to use it, though
> > it should be very simillar to usermode sockets. I did not use WSK
> > until today, so i dont know how usefull it is,... check if you like.
> >
> > See here:
> > [Winsock Kernel]
> > http://msdn.microsoft.com/en-us/library/aa504179.aspx
> >
> > Here are some good basic tutorials i recommend to you:
> > Complete the Series and you have "basic" driver development
> > knowledge you can extend by reading the DDK, which is
> > a MUST!
> >
> > [Driver Development Part 1: Introduction to Drivers]
> > http://www.codeproject.com/KB/system/driverdev.aspx
> >
> > Windows DDK and Windows SDK are your best friends,...
> >
> > Regards
> >
> > Kerem
> >
> > --
> > --
> > -----------------------
> > Beste Grüsse / Best regards / Votre bien devoue
> > Kerem Gümrükcü
> > Microsoft Live Space: http://kerem-g.spaces.live.com/
> > Latest Open-Source Projects: http://entwicklung.junetz.de
> > -----------------------
> > "This reply is provided as is, without warranty express or implied."
> >
> >
>


Top

Re: Can kernel mode call Win32 API ? by Maxim

Maxim
Wed May 07 05:39:22 CDT 2008

> Did you used the WSK, i mean in general? I have no experience
> on WSK. Can Usermode and Kernelmode connect via User2Kernel
> and vice versa socket? Is any kind of security possible?

This is one of the worst possible designs.

This employs TCP/IP for internal communications within the product, which is
probably not a networking product at all.

This means some funny things like the product's ability to work is dependent on
firewall (Windows or 3rd party) settings. Very funny for non-networking
product.

BTW, XP SP2 changed the default firewall settings for 127.0.0.1, which broke
lots of such misdesigned software.

I would never ever use TCP/IP or sockets just as a communication channel
between the product components which cannot be located on different computers,
like between the driver and its user-mode helper code.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

Top

Re: Can kernel mode call Win32 API ? by Pavel

Pavel
Wed May 07 10:12:31 CDT 2008

"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:#L0Ae6CsIHA.1200@TK2MSFTNGP03.phx.gbl...
>
> This is one of the worst possible designs.
.........
> I would never ever use TCP/IP or sockets just as a communication channel
> between the product components which cannot be located on different
> computers,
> like between the driver and its user-mode helper code.

Nevertheless, sockets are the no-brainer choice of every linux minded
developer I've seen during several last years.
(is this how they are teached?)

--PA


Top

Re: Can kernel mode call Win32 API ? by Maxim

Maxim
Wed May 07 10:18:12 CDT 2008

> Nevertheless, sockets are the no-brainer choice of every linux minded
> developer I've seen during several last years.
> (is this how they are teached?)

Support issues due to interops with nearly all firewall software do teach them
:-)

Linux has UNIX-domain sockets for this, which are not touched by firewalls.
Using TCP/UDP sockets instead of UNIX-domain for such a thing is also stupid on
Linux.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

Top