How to launch process from a Kernel Mode Driver

TheMSsForum.com: The Microsoft Software Forum

I have a Kernel Mode driver (a keyboard filter driver). I want to do a "CreateProcess" from the driver. How can this be done? If it can't, any advice on how to accomplish the same effect? As a contrived example, how could I launch notepad.exe from the filter driver.

TIA, phil
Top

Re: How to launch process from a Kernel Mode Driver by Don

Don
Wed Feb 04 17:07:07 CST 2004

It cannot not be done directly from a driver. You will need a helper
service to launch the application.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

"Phil" <anonymous@discussions.microsoft.com> wrote in message
news:B47ADE72-6103-4866-8CD4-7617A5430FA3@microsoft.com...
> I have a Kernel Mode driver (a keyboard filter driver). I want to do a
"CreateProcess" from the driver. How can this be done? If it can't, any
advice on how to accomplish the same effect? As a contrived example, how
could I launch notepad.exe from the filter driver.
>
> TIA, phil


Top

Re: How to launch process from a Kernel Mode Driver by Brian

Brian
Thu Feb 05 00:37:29 CST 2004

"Don Burn" <burn@stopspam.acm.org> wrote in message
news:1022us2edn1co35@corp.supernews.com...
> It cannot not be done directly from a driver. You will need a helper
> service to launch the application.

I think that statement is a bit too strong. How about "creating a process from
a driver is not supported"? Clearly, if you know enough about the system, just
about anything is possible

-Brian

Brian Catlin, Sannas Consulting 310-944-9492
Windows Network, Video, WDM Device Driver Training & Consulting
See WWW.AZIUS.COM.bad for courses and scheduling
REMOVE .BAD FROM EMAIL AND WEB ADDRESS

> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
> "Phil" <anonymous@discussions.microsoft.com> wrote in message
> news:B47ADE72-6103-4866-8CD4-7617A5430FA3@microsoft.com...
> > I have a Kernel Mode driver (a keyboard filter driver). I want to do a
> "CreateProcess" from the driver. How can this be done? If it can't, any
> advice on how to accomplish the same effect? As a contrived example, how
> could I launch notepad.exe from the filter driver.
> >
> > TIA, phil
>
>


Top

Re: How to launch process from a Kernel Mode Driver by Tim

Tim
Thu Feb 05 22:59:53 CST 2004

"Brian Catlin" <brianc@sannas.org.bad> wrote:

>"Don Burn" <burn@stopspam.acm.org> wrote:
>
>> It cannot not be done directly from a driver. You will need a helper
>> service to launch the application.
>
>I think that statement is a bit too strong. How about "creating a process from
>a driver is not supported"? Clearly, if you know enough about the system, just
>about anything is possible

Although your statement might be factually accurate, it is not helpful.
Don's answer is exactly the right one for a newsgroup like this.

Anyone who asks that kind of question almost certainly does not know enough
about Windows to hack something like that successfully, and will generate
nothing but trouble, crashes, and more weird questions. On the other hand,
by following the rules and using a user-mode service, they can actually
achieve successful results.
--
- Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc
Top