Is there any way to suspend/resume a process from kernel mode?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Drivers
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Virtual display driver I want to write a virtual display driver that paints the screen of one color when it loads. To test it I have also to write an application that loads and unloads the driver. What are the methods that I have to implement? Could anybody show me the way or a sample to develop this driver? Jordi Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62138
  - 2
    - NDIS miniport driver Hi all, I've following problem. I need low level access to NIC, so I want to create own NDIS miniport driver. Questions are: - is it possible to have two NDIS miniports running for one card in one time (one which drives card, sends packets and so on = manages normal traffic ... and second one which is responsible for running my own NIC's commands sequence and nothing else)? - I suppose that driver responsible for normal traffic should be "suspended" during working time of the second one. Is that true? Thanks for your time ... Michal Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62136
  - 3
    - problem building vfw now, I downloaded the VFWDK and I tried to build me some sample code but the thing does not work. I don't know the build line for a makefile project. anyone with help? Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62135
  - 4
    - Status printer question ? Hi, I made my own port monitor, This port monitor works fine, and I have just one question about printer connected on the port that I 've created. My printer is always offline after the spooler has started, I must click on "Use printer online" to work with it Why ? Do I forget anything in my port monitor, may be when the spooler try to open my port ? Does anyone have any idea ? Thanks in advance for your replies Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62133
  - 5
    - Install Printer-Driver / Plugin programatically Hi everyone, based on the OEMUNI sample in the XP DDK, I built a fax-printer-driver. This works pretty nice. Now I need to include this driver in the installation of our product. I'd like to do this using the AddPrinterDriver / AddPrinter APIs. In which way do I have to initialize the DriverInfo structure for the AddPrinterDriver to install this? Best regards, Tobias Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62131
  - 6
    - How get thread's context? How can a driver read the CONTEXT of thread in Windows 2000? ZwGetContextThread/NtGetContextThread only seem to exist in Windows XP...? / Hannes. Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62123
  - 7
    - Monochrome printing:how to make GDI do halftoning Hi, I'm working with monolithic print driver for monochrome printer. I would just soon have the GDI do the dither/halftoning for me, but I'm confused by the DDK documentation. I have gotten it to work by hooking in DrvStretchBlt and simpling passing it on to EngStretchBlt with a forced halftone parameter, but DrvStretchBlt is apparently not always called by some applications. Most of the time, my color graphics come out all black. I'm not sure how to set up GDIINFO and DEVINFO correctly to get the the GDI to halftone. Are there other functions I need to hook into? Thanks Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62120
  - 8
    - parport.sys Does anyone have some sample app code that uses parport.sys that they can share. Any code will do VB, V , Delphi, etc. Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62116
  - 9
    - About Processing IRP_MJ_PNP AND its minor functions in system thre Respected Sir, I want to know as to how can I be able to process IRP_MJ_PNP AND its minor functions like IRP_MN_START_DEVICE AND ALSO ALL OTHER RELATED minor functions in my system thread in my thread routine at run-time in thread ? How this can be achieved ? How can I get the current stack location and the irp in the system thread at run-time ? This is because, I want to continuously want to notify the memory resources to PNP. This is crucially necessary to me. regards, sudhanshu Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62114
  - 10
    - About Processing IRP_MJ_XXX AND IRP_MN_XXX IN SYSTEM THREAD. Respected Sir, I want to know as to how can I be able to process IRP_MJ_PNP AND its minor functions like IRP_MN_START_DEVICE AND ALSO ALL OTHER RELATED minor functions in my system thread in my thread routine at run-time in thread ? How this can be achieved ? How can I get the current stack location and the irp in the system thread at run-time ? Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62109
  - 11
    - Biometric Fingerprint Reader Microsoft sell a keyboard and mouse with in-built fingerprint reader. There's also a standalone device. Does anyone know if there is an SDK to be able to develop code for these devices? This may not be the forum for the above question but it doesn't seem to fit anywhere else either. Thanks swg Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62103
  - 12
    - Setitng OID_802_11_SSID in XP SP2 Hello, I'm developing a WiFi tool. I could successfully implement it in Win2K and XP (SP1) but I'm having problems with SP2 (XP). This is what I'm doing: //////////////////////////////////////////////////////////////////////////// ///////////////////// 1. I disable microsoft WZC service (by doing "net stop wzcsvc") before my software does any kind of Wifi related stuff. 2. hNdis = CreateFile("\\\\.\\\\Ndisuio", ...); //SUCCESS 3. DeviceIoControl (hNdis, IOCTL_NDISUIO_BIND_WAIT, ...); //SUCCESS 4. DeviceIoControl (hNdis, IOCTL_NDISUIO_OPEN_DEVICE, L"\\DEVICE\\{CBBD6910-2191-4E07-8F88-6AB5FAABFE9B}", ...); //SUCCESS 5. NDIS_802_11_SSID ndis = {NULL}; memset(&ndis, 0, sizeof(ndis)); _tcscpy((TCHAR*)ndis.Ssid, "webtogo"); ndis.SsidLength = _tcslen((LPCTSTR)ndis.Ssid); UCHAR buffer[sizeof(NDISUIO_SET_OID) + sizeof(NDIS_802_11_SSID)] = {NULL}; NDISUIO_SET_OID* poid = (NDISUIO_SET_OID*)buffer; poid->Oid = OID_802_11_SSID; memcpy(&poid->Data, &ndis, sizeof(NDIS_802_11_SSID)); DeviceIoControl (hNdis, IOCTL_NDISUIO_SET_OID_VALUE, poid, sizeof(NDISUIO_SET_OID)+sizeof(NDIS_802_11_SSID), ...); // This FAILED //GetLastError gives 2 (The system cannot find the file specified). //////////////////////////////////////////////////////////////////////////// ///////////////////// If device name was wrong, it should have given me error on point 4 (while doing IOCTL_NDISUIO_OPEN_DEVICE). The same code works on XP-SP1 and on Win2K. I heard that WZC wont stop completely in SP2 and that we have to disable it for each and every adapter. But if that was the case, why "IOCTL_NDISUIO_OPEN_DEVICE" was successful? I did try disabling WZC for my adapter though (without doing "net stop wzcsvc"). Then it gives error 170 ("The requested resource is in use") for "IOCTL_NDISUIO_OPEN_DEVICE" though it doesn't give any error while disabling WZC for my adapter. I tried asking this question in "microsoft.public.win32.programmer.networks" but was suggested to post it in this group. Any ideas please? Thanks, John. Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62102
  - 13
    - VFW development hello, So I did some research and figured out that one way to share my screen trough flash is with a vfw driver. Before I think about buying one I want to try develop one of my own. The situation is that I have a web based application for e-learning designed in Flash. I want to be able to send a clients desktop screen to the application. No screenshots but stream. So, the source must be available in the camera properties of flash. (right click flash movie, properties, camera tab, dropdown menu). I also saw that there is a possibility to do this with a mirror driver. I installed the VNC mirror driver but it don't appear in the flash properties. Since I have no experience in writing a vfw driver I wonder if someone could point me into some direction I should start looking or even give me some advise about how to do it. Regards Tom Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62101
  - 14
    - Driver Install using : DPInst + amd64 + WIN XP 64 Dear all: I got another question. I want install my driver to XP 64 and 2003 64(AMD64).I use DIFX 1.1. But DPInst seems don't work. There are two folders x86 and ia64. PDInst inf folder ia64 won't work in XP64 using AMD64. I work perfect in 32 bit OS. What else I can do ? Thanks Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62090
  - 15
    - driver reload from kernel mode Hello, does anyone know how to force a driver to reload from Kernel mode? I understand how to do it from user mode using 'SetupDiGet/SetDeviceInstallParams' to change the DI_FLAGSEX_PROPCHANGE_PENDING flag, but I need to do this from kernel mode. Any ideas? Thx, Rick Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62088
  - 16
    - Question on EXPORT_DRIVER Hello All, I have a question on EXPORT_DRIVER. I have read the related articles and the questions raised on the same and the answers also for the same. But, I could not get the answer to my question anywhere. Please correct me if I have missed out any posting and give me pointers for the same. There is a mention in the DDK and in the related articles/postings that a driver compiled as an EXPORT_DRIVER can be used as a normal driver also. Also, there is a mention that the DriverEntry of this EXPORT_DRIVER is never called and the DllInitialize is called instead. Does this mean that, if I convert my driver to an EXPORT_DRIVER, I have to move contents of DriverEntry into DllInitialize? Or is the DllInitialize called only when the driver is used as EXPORT_ONLY driver? Please clarify this point and help me in using my driver as an EXPORT_DRIVER and DRIVER (Normal driver for Hardware). Thanks in advance, Best Regards, Raj Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62074
  - 17
    - LookAside lists question Hi, Introduction: ************* I have a fixed size structure of which I need to manage a dynamic amount of instances, Look-a-side lists looks like the perfect solution for that... The Query: ************* I Wonder... The fixed sized structures allocated by the look-a-aside list should be held in a linked list ( e.g. LIST_ENTRY ), Is it OK to use the LIST_ENTRY contained in the NPAGED_LOOKASIDE_LIST structure? Should I manage some kind of a locking mechanims before I access NPAGED_LOOKASIDE_LIST::LIST_ENTRY ??? Is this the right way to track the allocated blocks OR should I rather manage my own list... Any help comments or remarks would be appreciated... -- Nadav http://www.sophin.com Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62071
  - 18
    - windows noob needs pointers to writing a device driver Hello all, I am a fairly experience c/c++ programmer, but I have done very little work on the windows platform. I would like to try my hand at writing a device driver for a usb keyboard. Can some one point me to some good articles. Everything I turned up in google, was a sign up for an online course, or advertisement for a book. Thanks, ~S Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62062
  - 19
    - NdisGetReceivedPacket doesn't work in NDIS IM ???? I had try the passthruex part 2, but it not work properly. It doesnt filter IP packet, event when I try testuiocrl to show the filter status, no IP packet is proccesssed. Then I try to modify it to filter ARP packet as follow. It can realize ARP packet, it's fields. But when I try to modify the ARP packet. The NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext) doens't work well, and I always see "No packet receive!" but the network still work well and I can see the PtReceivePacket never work. What happens here??? The following is my code. In this FltFilterReceive, I modified to only filt ARP packet, and I sure it work well. I test the driver in the ethernet connection with router modem ADSL, the ARP packet of that modem, always add 18 byte as data of ARP packet. I try to modify this packet by strip this 18 bytes, only ARP header is encapsulate. Thank you very much. NDIS_STATUS PtReceive(..) { ... [snip] DbgPrint("===>PtReceive \n"); if ((!pAdapt->MiniportHandle) || (pAdapt->MPDeviceState > NdisDeviceStateD0)) { Status = NDIS_STATUS_FAILURE; } else do { // BEGIN_PTEX_FILTER ULONG RcvFltAction; RcvFltAction = FltFilterReceive( pAdapt, MacReceiveContext, HeaderBuffer, HeaderBufferSize, LookAheadBuffer, LookAheadBufferSize, PacketSize ); // // Possibly Block (Drop) Packet // if( RcvFltAction & RCV_FLT_BLOCK_PACKET ) { if (LookAheadBufferSize>sizeof(ArpHdr)) { ulNewPayload=HeaderBufferSize+sizeof(ArpHdr); Stt=NdisAllocateMemoryWithTag( &pNewPayload, ulNewPayload, TAG); if (Stt!=NDIS_STATUS_SUCCESS) { DbgPrint("Can't Allocate memory ! Drop packet!"); Status=NDIS_STATUS_SUCCESS; break; } memcpy( pNewPayload, HeaderBuffer, HeaderBufferSize); memcpy( pNewPayload+HeaderBufferSize, LookAheadBuffer, sizeof(ArpHdr)); } else DbgPrint("ARP packet have no data!, the length of packet is %u", LookAheadBufferSize); } // END_PTEX_FILTER Packet = NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext); if (Packet==NULL) DbgPrint("No Packet receive!"); if (Packet != NULL) { DbgPrint("Have Packet!"); ...[snip] NdisDprAllocatePacket(&Status, &MyPacket, pAdapt->RecvPacketPoolHandle); if (Status == NDIS_STATUS_SUCCESS) { PNDIS_BUFFER pNewNdisBfr; DbgPrint("Allocate a packet from pool success"); if (pNewPayload==NULL) { DbgPrint("The payload do not need to modify"); MyPacket->Private.Head = Packet->Private.Head; MyPacket->Private.Tail = Packet->Private.Tail; } else { DbgPrint("Allocate buffer for modified packet!"); NdisAllocateBuffer( &Status, &pNewNdisBfr, pAdapt->hRecvBufferPool, pNewPayload, ulNewPayload); if (NDIS_STATUS_SUCCESS!=Status) { DbgPrint("PtReceivePacket() failed to get a buffer, drop it!"); NdisFreeMemory( pNewPayload, ulNewPayload, 0); pNewPayload=NULL; Status=NDIS_STATUS_SUCCESS; break; } DbgPrint("Allocate buffer success!"); NdisChainBufferAtFront( MyPacket, pNewNdisBfr ); } NDIS_SET_ORIGINAL_PACKET(MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet)); NDIS_SET_PACKET_HEADER_SIZE(MyPacket, HeaderBufferSize); NdisGetPacketFlags(MyPacket)= NdisGetPacketFlags(Packet); NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet); NDIS_SET_PACKET_STATUS(MyPacket, NDIS_STATUS_RESOURCES); NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1); if (NULL!=pNewPayload) // Have unencapsulated payload? { DbgPrint("Success in set OOB data, new payload length is %u",ulNewPayload); NdisFreeBuffer(pNewNdisBfr); NdisFreeMemory( pNewPayload, ulNewPayload, 0); pNewPayload = NULL; } NdisDprFreePacket(MyPacket); break; } } else { // // The miniport below us uses the old-style (not packet) // receive indication. Fall through. // } // // Fall through if the miniport below us has either not // indicated a packet or we could not allocate one // pAdapt->IndicateRcvComplete = TRUE; ...[snip] Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62060
  - 20
    - NdisGetReceivedPacket doesn't work in NDIS IM ??? I had try the passthruex part 2, but it not work properly. It doesnt filter IP packet, event when I try testuiocrl to show the filter status, no IP packet is proccesssed. Then I try to modify it to filter ARP packet as follow. It can realize ARP packet, it's fields. But when I try to modify the ARP packet. The NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext) doens't work well, and I always see "No packet receive!" but the network still work well and I can see the PtReceivePacket never work. What happens here??? The following is my code. In this FltFilterReceive, I modified to only filt ARP packet, and I sure it work well. I test the driver in the ethernet connection with router modem ADSL, the ARP packet of that modem, always add 18 byte as data of ARP packet. I try to modify this packet by strip this 18 bytes, only ARP header is encapsulate. Thank you very much. NDIS_STATUS PtReceive(..) { ... [snip] DbgPrint("===>PtReceive \n"); if ((!pAdapt->MiniportHandle) || (pAdapt->MPDeviceState > NdisDeviceStateD0)) { Status = NDIS_STATUS_FAILURE; } else do { // BEGIN_PTEX_FILTER ULONG RcvFltAction; RcvFltAction = FltFilterReceive( pAdapt, MacReceiveContext, HeaderBuffer, HeaderBufferSize, LookAheadBuffer, LookAheadBufferSize, PacketSize ); // // Possibly Block (Drop) Packet // if( RcvFltAction & RCV_FLT_BLOCK_PACKET ) { if (LookAheadBufferSize>sizeof(ArpHdr)) { ulNewPayload=HeaderBufferSize+sizeof(ArpHdr); Stt=NdisAllocateMemoryWithTag( &pNewPayload, ulNewPayload, TAG); if (Stt!=NDIS_STATUS_SUCCESS) { DbgPrint("Can't Allocate memory ! Drop packet!"); Status=NDIS_STATUS_SUCCESS; break; } memcpy( pNewPayload, HeaderBuffer, HeaderBufferSize); memcpy( pNewPayload+HeaderBufferSize, LookAheadBuffer, sizeof(ArpHdr)); } else DbgPrint("ARP packet have no data!, the length of packet is %u", LookAheadBufferSize); } // END_PTEX_FILTER Packet = NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext); if (Packet==NULL) DbgPrint("No Packet receive!"); if (Packet != NULL) { DbgPrint("Have Packet!"); ...[snip] NdisDprAllocatePacket(&Status, &MyPacket, pAdapt->RecvPacketPoolHandle); if (Status == NDIS_STATUS_SUCCESS) { PNDIS_BUFFER pNewNdisBfr; DbgPrint("Allocate a packet from pool success"); if (pNewPayload==NULL) { DbgPrint("The payload do not need to modify"); MyPacket->Private.Head = Packet->Private.Head; MyPacket->Private.Tail = Packet->Private.Tail; } else { DbgPrint("Allocate buffer for modified packet!"); NdisAllocateBuffer( &Status, &pNewNdisBfr, pAdapt->hRecvBufferPool, pNewPayload, ulNewPayload); if (NDIS_STATUS_SUCCESS!=Status) { DbgPrint("PtReceivePacket() failed to get a buffer, drop it!"); NdisFreeMemory( pNewPayload, ulNewPayload, 0); pNewPayload=NULL; Status=NDIS_STATUS_SUCCESS; break; } DbgPrint("Allocate buffer success!"); NdisChainBufferAtFront( MyPacket, pNewNdisBfr ); } NDIS_SET_ORIGINAL_PACKET(MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet)); NDIS_SET_PACKET_HEADER_SIZE(MyPacket, HeaderBufferSize); NdisGetPacketFlags(MyPacket)= NdisGetPacketFlags(Packet); NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet); NDIS_SET_PACKET_STATUS(MyPacket, NDIS_STATUS_RESOURCES); NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1); if (NULL!=pNewPayload) // Have unencapsulated payload? { DbgPrint("Success in set OOB data, new payload length is %u",ulNewPayload); NdisFreeBuffer(pNewNdisBfr); NdisFreeMemory( pNewPayload, ulNewPayload, 0); pNewPayload = NULL; } NdisDprFreePacket(MyPacket); break; } } else { // // The miniport below us uses the old-style (not packet) // receive indication. Fall through. // } // // Fall through if the miniport below us has either not // indicated a packet or we could not allocate one // pAdapt->IndicateRcvComplete = TRUE; ...[snip] Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62059
  - 21
    - How to get the exit status of a system thread A system thread created with PsCreateSystemThread can be terminated by the thread calling PsTerminateSystemThread that takes a parameter ExitStatus. The DDK documentation says that the ExitStatus specifies the status of the terminating thread to the thread creator, it is undocumented how to get the exit status but this can be done using the function ZwQueryInformationThread. It is common to save a pointer to the thread object using ObReferenceObject ByHandle and later wait for termination using KeWaitForSingleObject. Since ZwQueryInformationThread wants a handle one would in this case use ObOpen ObjectByPointer to get a handle from the pointer when its time to query the exit status however it is also possible to save a handle to the thread and wait on it using ZwWaitForSingleObject where after the handle can be used with ZwQueryInformationThread, both these methods is demonstrated below. If a thread returns from its main function without calling PsTerminateSystemThread it will mean an implicit exit status of 0. The function ZwQueryInformationThread is only exported to drivers on Windows XP and later so on older versions of Windows must it be called by its system service number, see below on how to do this. Below is a simple driver to demonstrate getting the exit status of a system thread, the debug prints looks like the following: ThreadTest: DriverEntry ThreadTest: threadFunc called with argument 0x1234 and terminating with exit status 0x1235 ThreadTest: waiting for thread handle = 0xb5c and got exit status = 0x1235 ThreadTest: threadFunc called with argument 0x5678 and terminating with exit status 0x5679 ThreadTest: waiting for thread pointer = 0x81b0eda8 and got exit status = 0x5679 ThreadTest: DriverEntry done */ /* * Driver to demonstrate getting the exit status of a system thread. */ #include <ntddk.h> #include <ntverp.h> /* * ObOpenObjectByPointer creates a handle to an object that one has a * pointer to. Note that for files is the handle not fully usable if * all other handles to the same file object was closed in between. */ NTKERNELAPI NTSTATUS ObOpenObjectByPointer ( IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType OPTIONAL, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle ); /* * ZwWaitForSingleObject is similar to KeWaitForSingleObject but waits * on a handle instead of a pointer. Internally it uses ObReferenceObject * ByHandle, KeWaitForSingleObject and ObDereferenceObject. */ NTSYSAPI NTSTATUS NTAPI ZwWaitForSingleObject ( IN HANDLE Handle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); /* * ZwQueryInformationThread querys different kind of information on * a thread, for example thread basic information that contains its * exit status if it has terminated. */ #if (VER_PRODUCTBUILD >= 2600) /* * ZwQueryInformationThread is exported to drivers on Windows XP and later * versions of Windows. */ NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread ( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ); #elif (VER_PRODUCTBUILD >= 2195) /* * On older versions of Windows can ZwQueryInformationThread be called * if one knows its system service number, on Windows 2000 it is 87h. * Note that it could change between service packs. */ __declspec(naked) NTSTATUS NTAPI ZwQueryInformationThread ( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ) { __asm { mov eax, 87h lea edx, [esp+4] int 2eh ret 14h } } #elif (VER_PRODUCTBUILD >= 1381) /* * On Windows NT 4.0 is the system service number for * ZwQueryInformationThread 6eh. * Note that it could change between service packs. */ __declspec(naked) NTSTATUS NTAPI ZwQueryInformationThread ( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ) { __asm { mov eax, 6eh lea edx, [esp+4] int 2eh ret 14h } } #else NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread ( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ) { return STATUS_NOT_IMPLEMENTED; } #endif typedef struct _THREAD_BASIC_INFORMATION { NTSTATUS ExitStatus; PVOID TebBaseAddress; ULONG UniqueProcessId; ULONG UniqueThreadId; KAFFINITY AffinityMask; KPRIORITY BasePriority; ULONG DiffProcessPriority; } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; /* * Creates a thread and optionally save a handle and/or a pointer to * the thread object. */ NTSTATUS createThread ( OUT HANDLE *threadHandle OPTIONAL, OUT PVOID *threadPointer OPTIONAL, IN PVOID threadFunction, IN PVOID threadArgument ) { NTSTATUS status; HANDLE hThread; ASSERT(threadFunction != NULL); status = PsCreateSystemThread( &hThread, (ACCESS_MASK) 0L, NULL, NULL, NULL, threadFunction, threadArgument ); if (!NT_SUCCESS(status)) { return status; } if (threadPointer != NULL) { status = ObReferenceObjectByHandle( hThread, THREAD_ALL_ACCESS, NULL, KernelMode, threadPointer, NULL ); if (!NT_SUCCESS(status)) { ZwClose(hThread); return status; } } if (threadHandle != NULL) { *threadHandle = hThread; } else { ZwClose(hThread); } return STATUS_SUCCESS; } /* * Wait on a thread handle for the thread to terminate and then query * the exit status. */ NTSTATUS waitForThreadHandle ( IN HANDLE threadHandle ) { NTSTATUS status; THREAD_BASIC_INFORMATION threadInfo; status = ZwWaitForSingleObject( threadHandle, FALSE, NULL ); if (!NT_SUCCESS(status)) { return status; } status = ZwQueryInformationThread( threadHandle, ThreadBasicInformation, &threadInfo, sizeof(threadInfo), NULL ); if (NT_SUCCESS(status)) { status = threadInfo.ExitStatus; } ZwClose(threadHandle); return status; } /* * Wait on a thread pointer for the thread to terminate and then query * the exit status. */ NTSTATUS waitForThreadPointer ( IN PVOID threadPointer ) { NTSTATUS status; HANDLE threadHandle; THREAD_BASIC_INFORMATION threadInfo; ASSERT(threadPointer != NULL); status = KeWaitForSingleObject( threadPointer, Executive, KernelMode, FALSE, NULL ); if (!NT_SUCCESS(status)) { return status; } status = ObOpenObjectByPointer( threadPointer, 0, NULL, (ACCESS_MASK) 0L, NULL, KernelMode, &threadHandle ); if (NT_SUCCESS(status)) { status = ZwQueryInformationThread( threadHandle, ThreadBasicInformation, &threadInfo, sizeof(threadInfo), NULL ); if (NT_SUCCESS(status)) { status = threadInfo.ExitStatus; } ZwClose(threadHandle); } ObDereferenceObject(threadPointer); return status; } void threadFunc(int threadArg) { DbgPrint("ThreadTest: threadFunc called with argument %#x and terminating with exit status %#x\n", threadArg, threadArg + 1); PsTerminateSystemThread(threadArg + 1); } PDEVICE_OBJECT devObj; VOID DriverUnload( IN PDRIVER_OBJECT DriverObject ) { DbgPrint("ThreadTest: DriverUnload\n"); IoDeleteDevice(devObj); DbgPrint("ThreadTest: DriverUnload done\n"); } NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { UNICODE_STRING devName; NTSTATUS status; HANDLE threadHandle; PVOID threadPointer; DbgPrint("ThreadTest: DriverEntry\n"); RtlInitUnicodeString(&devName, L"\\Device\\ThreadTest"); status = IoCreateDevice( DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &devObj ); if (!NT_SUCCESS(status)) { DbgPrint("ThreadTest: IoCreateDevice error: %#x\n", status); return STATUS_UNSUCCESSFUL; } DriverObject->DriverUnload = DriverUnload; createThread(&threadHandle, NULL, threadFunc, (void *) 0x1234); createThread(NULL, &threadPointer, threadFunc, (void *) 0x5678); status = waitForThreadHandle(threadHandle); DbgPrint("ThreadTest: waiting for thread handle = %#x and got exit status = %#x\n", threadHandle, status); status = waitForThreadPointer(threadPointer); DbgPrint("ThreadTest: waiting for thread pointer = %#x and got exit status = %#x\n", threadPointer, status); DbgPrint("ThreadTest: DriverEntry done\n"); return STATUS_SUCCESS; } Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62054
  - 22
    - Problem with flat structure Hi, my current project consists of a win32 application and an NDIS IM driver. The user mode application allocates a buffer, passes this buffer to the driver (DeviceIoControl) and receives the buffer again - this time filled with data of a specific format: typedef struct _FLATSTRUCT { int a; int b;//contains the length of the buffer [...] BYTE *buffer; }FLATSTRUCT,*PFLATSTRUCT; So the buffer looks like this: a,b,[...],data the pointer (buffer) originally pointed to,a,b,...... The 4 bytes of *buffer are not copied to the buffer: the whole size copied is sizeof(FLATSTRUCT) - 4 + length_of_data_in_buffer. Now, the user mode application has to unpack the whole lot like this: DWORD sec = 0;//contains the real number of values #define MAINBUFFERSIZE 100000 //size of whole buffer transfered UINT offset = 0;//current offset in the buffer BYTE *pBuffer = new BYTE[MAINBUFFERSIZE];//user mode buffer FLATSTRUCT *mystr = NULL; if(DeviceIoControl(hdriver,IOCTL_TRANSFER,pBuffer,MAINBUFFERSIZE,pBuffer,MAINBUFFERSIZE,&sec,0)) { while(offset < sec) { mystr = (PFLATSTRUCT)&pBuffer[offset]; offset = offset + sizeof(FLATSTRUCT) - 4; mystr->buffer = (BYTE*)&pBuffer[offset]; [...]//do some stuff and adjust offset for next packet } } So, the problem is that when I dump mystr->buffer the whole buffer looks completely fine - except the first 4 bytes. These 4 Bytes contain the pointers address and not the original bytes that remain in pBuffer. I'd guess that I cast anything wrong - but I really can't figure out what...can anyone help? Thanks a lot Peter Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62051
  - 23
    - MSPLOT: Pass Data from PLOTUI to PLOTTER I try to understand how PLOTUI.DLL passes data to PLOTTER.DLL Actually I have a own driver written based on the DDK plotter example. The driver works fine but now I want to pass information to the user interface DLL to the driver DLL but this all looks pretty confusing and I am pretty lost. What do I need to do to pass data from PLOTUI to PLOTTER ? Jürgen Hollfelder Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62039
  - 24
    - safemode detection How can I detect that my application is running in safemode. I guess there is nothing i can do in kernel mode because my driver will not be loaded anyway:) Thanks Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62036
  - 25
    - SERENUM I have developed a USB device which intend to present as a com port on the PC. Now that I am working on the PC to figure out how to get the com port to show up when the device is plugged into the PC, I have been looking at serenum.sys and serial.sys. I'm trying to decide on the best approach. Should I use serenum as a filter over my current usb client driver and follow the external com protocol to have the port show up, hopefully serenum will do this for me, or should I have serial as my filter over my client, this seems like overkill. In short,i'm hoping that if I can get serenum to work, then my port will show up whenever my device is plugged in and my client driver is loaded and hence by reference serenum to enumerate my device. Looking for feedback ?? --Stu Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62035
- Next
  - 1
    - Touchpad (mouse) driver with adjustable pointer speed (not acceleration)??? Synaptics laptop touchpad Windows 98SE I'll define two terms so we're talking about the same thing. Pointer speed is the multiplier that defines how far the mouse pointer moves per unit of movement of finger on the touchpad. This relationship is independent of how fast the finger moves. Acceleration is a dynamic parameter that defines a nonlinear relationship that depends on how fast the finger moves. Faster finger movement means that the mouse pointer moves farther per unit of finger movement. What I want is a touchpad driver that has adjustable pointer speed and ZERO aceleration. The Alps drivers do this, but are keyed to alps touchpads. Won't work on the Synaptics pad on my laptop. Logitech drivers do the pointer speed properly, but their scrolling and gesture functions suck. Synaptics drivers have no pointer speed adjustment. The label says pointer speed, but they only adjust the acceleration. All my other touchpads have zero acceleration and I just can't get used to that nonlinear motion. But their scrolling and gesture functions are very nice. I remember seeing mouse driver documentation that mentioned registry keys to control pointer speed. But I searched the registry and didn't find anything I recognized as such. Is there a secret mouse registry key that I can add to change the pointer speed on the synaptics drivers? Is there a more generic driver? FWIW, I searched high and low for LINUX touchpad drivers. They have pointer speed adjustments, but they do it by skipping pixels. IF you don't want acceleration, you can't even reach all the pixels with the mouse pointer. I'm also looking for a LINUX touchpad driver that has pointer speed adjustment that lets you access all the pixels WITHOUT ACCELERATION. This shouldn't be that hard... And yes, I've tried laptop vendor touchpad drivers without success. Thanks, mike -- Return address is VALID but some sites block emails with links. Delete this sig when replying. . Wanted, PCMCIA SCSI Card for HP m820 CDRW. FS 500MHz Tek DSOscilloscope TDS540 Make Offer Wanted, 12.1" LCD for Gateway Solo 5300. Samsung LT121SU-121 Wanted 12" LCD for Compaq Armada 7770MT. Bunch of stuff For Sale and Wanted at the link below. MAKE THE OBVIOUS CHANGES TO THE LINK ht<removethis>tp://www.geocities.com/SiliconValley/Monitor/4710/ Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62034
  - 2
    - WHQL signed driver distibuted by multiple manufacturers My company is developing a Cardbus wireless LAN card. The card's NDIS miniport driver is passing most of the HCT and we are getting ready to submit it for WHQL certification. After we get the driver and INF file signed, we will be distributing it and the card to several "manufacturers" that will then sell the device to the public. Each of these manufacturers needs to see their compay name and model description when the device is displayed in Device Manager, for example. Once the driver is signed, the INF file can't be changed without invalidating the signature. I was wondering, however, if it might be possible to use a second .INF file to provide just this descriptive text in a way that wouldn't invalidate the driver signature. Any ideas out there? -- Andy Cappon Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62030
  - 3
    - System wide filter to change capture buffer Does anyone know of a way to modify the audio captured from a microphone so that the effect is transparently applied to all wmaud and directsound listening applications transparently? I suspect it has something to do with sysaudio level but am unsure how I force the effect filter to be applied to all applications in the system without there knowledge. Any help would be greatly appreciated. Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62026
  - 4
    - Scsi upper filter driver + windows 2003 sp1 Hi All, I have a scsiport upper filter that filters BREAK_RESERVATION (RESET) in windows ent. server 2003. Yesterday, I just upgraded to service pack 1 and now my filter is not seeing any BR (or RESETs). I have verified that my filter has been loaded and is filtering (via Windbg) but no RESETs are seen. Once I back out of sp1, everything is fine, and I am able to see RESETs. It's as if the upgrade to sp1 now bypasses my filter. Does anyone know what could have caused this? Thanks in Advance, Alex Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62024
  - 5
    - configuring audio driver Does anyone knows if an audio driver knows the source of the audio data it "receives"? If we consider the case where 2 processes (2 Windows Media Player for example) play sound at the same time, does the audio driver have information concerning from where the audio data comes from (the first or the second WMP)? Of course, the driver then muxes the audio data but I don't want that. I would like to pick the audio data coming from only one of the processes. To do that, it means that I must identify from where the audio data came from. How can I do that? Thanks a lot, Giuseppe Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62022
  - 6
    - Stop 0x000000D1 IRQ_NOT_LESS_OR_EQUAL Usbehci.sys Bsod Hello, i have problems with blue screen caused by Usbehci.sys. We are a company that develope a digital picture recording system at usb-technology. Maybee we got problems because of high-speed using of the usb-bus. My quastion: Where i can best place my quastions at the newsgroups? Is there a extra group for usb-problems or stop-screens? Thank you much.. Thomas Oetzel Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62010
  - 7
    - How do i installing a kernel mode driver - a *.sys file? This must oblivious be a very simple task, which I - not being familiar with driver development - just don't know where to look for help on. So I'm sorry for making such a question on the forum. The question is: How do I installing a kernel mode driver nt after building a project giving me a *.sys that is suppose to be a kernel mode driver and a *.dll that is suppose to be user mode driver? How do I get those into the system? Do I need to do it through a *.inf? Stefan Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62008
  - 8
    - get I/O control code constants of NDIS IM using C# Hi all, I'm trying to access the extended Passthru from http://www.wd-3.com/031504/PTEx3_index.htm using C#. Anybody knows how to get the correct iocontrol codes of : IOCTL_PTUSERIO_ENUMERATE = ?; IOCTL_NDISPROT_OPEN_DEVICE = ?; .... There is an example using with ndisprot protocol driver: http://www.codeproject.com/csharp/SendRawPacket.asp?df=100&forumid=25245&select=1082543 with // iocontrol code constants private const uint IOCTL_NDISPROT_QUERY_BINDING = 0x12C80C; private const uint IOCTL_NDISPROT_OPEN_DEVICE = 0x12C800; however i dont know this codes are taking from where ? Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 62005
  - 9
    - Desktop streaming Hello, I'm on a project that requires me to write a method to stream the desktop from a client to other users in a video conference app. It has to act as some sort of camera source because the app is build in Flash and so the only thing Flash recognizes are WDM drivers such as Webcams to grab. First I tried to develop a WDM screen capture driver. After a lot of research I figured out that that would be nearly impossible to do the trick (Refer to the reply of Eugene Sukhodolin on WDM screen capture driver). Now there are some apps like Camtasia and Screenjax that already do the trick but I don't want the clients to install a thirth party software form another vendor. None of these apps use a .sys driver. They all work with .dll files. They also work with a client app and that is something I don't want or not always want on top if the driver is capturing the screen. A possible sollution for this problem would be to develop my own app like Camtasia or Screenjax but then build it in a way that the settings are configured automaticly so the user do not have to do it in an app. They would only install it as a plugin for my app. My problem now is that I don't have a clue how to start writing a screen share app with .dll. If anyone could give me some advise on this? Regards Tom Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61996
  - 10
    - Help with ddkbuild Does anybody know, is it possible to build for XP target with the highly appraised DDKBUILD ? I build the DDK sample netvmini with DDK 3790.1218. Running build from the DDK command prompt for XP works fine. Now am trying to do same with DDKBUILD 3.12. But... no matter what I do, it insists on building for WNET. In the ddkbuild.bat file there is a comment: "XP DDK Support (Obsolete)" So, is it supposed to work or not? Details: Created the makefile project in VS 2003 as explained on DDKBUILD page, but used switch -XP instead of -WNET. The VS project files and DDKBUILD.BAT are in the netvmini directory. Added to user environment: XPBASE=C:\Tools\WINDDK\3790.1218 No spaces in paths anywhere (I know, you'll ask... ;) except of VS.2003 install path. Before playing with DDKBUILD, build on this machine several DDK samples for various configurations (incl. XP and WNET) from command prompt. Any ideas? Have I missed any small print somewhere? --PA Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61989
  - 11
    - A bug check build don't appear but free build does Dear all: My driver is an atapi driver. Using HCT 12.1 , free build Selected System -> Mother Board After gathing all infomation ready to test then Stand by (S3) Click test buttom will reboot within 5 seconds. But when I use check build, there's no reboot. Senior Enginner told me it may be timing issue. The problem is I couldn't see any message using check build. What else I can do ? Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61988
  - 12
    - Microsoft Mirror Display Driver Sample I installed Windows DDK, build, and installed the Mirror.inf (Microsoft Mirror Display Driver sample). After installed, I reboot the computer, and some problems are occuring in combo boxes. It seems that I need to force the repaint moving the mouse over the combo box window. Other problem is that I can't run DirectX Applications. Does anybody have this kind of problem? Is it because the source is incomplete? I didn't change anything on source that comes with Windows DDK, I am just testing to start my project and I'd like to understand why this error is occuring. Thanks for any help and sorry about my english mistakes, cox Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61985
  - 13
    - kernel dump file layout? Is there any documentation available on the layout of kernel dump files? I've noticed they start "PAGEDUMP"...but what's the layout of the rest of the file? Thanks, / Hannes. Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61967
  - 14
    - .INF and .CAT file confusion We are trying to get our driver signed by Microsoft and having some successwith the HCT tests, but I am more than a little confused by the whole business of .inf files and .cat files. I have noticed that if I go to the Device Manager and uninstall my device, I can have problems later. If I subsequently unplug and then replug my device, I will get the Device Wizard again. Typically, the Device Wizard finds and uses the .inf file that the system has copied to the \windows\inf folder. This causes the system to put up a dialog asking for where it can find the abc.sys file that it is supposed to copy from the source media. Normally abc.sys can be found in the same folder as the .inf file. However, this does not work very well after the .inf file has been copied to the \windows\inf folder. This seems to be a basic problem with the way that .inf files are used. How do people get around this problem? How does the .cat file work? Logically, it seems that every file referenced by my device .inf file should be tied somehow to the .cat file. This means that my abc.sys file, and my coinstaller dll, and the data file that my coinstaller references should also be tied to the .cat file. Ideally, if the system decides to reuse a .inf file that resides in the \windows\inf folder, it should use the associated .cat file to find local copies of all the files referenced by the .inf file. Any info that you can give will be much appreciated. --Elliot Leonard Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61965
  - 15
    - WMIREG_FLAG_CALLBACK Hi, Is it correct, that in case of IoWMIRegistrationControl(DeviceObject, WMIREG_ACTION_REGISTER) the IRP_MJ_SYSTEM_CONTROL handler is used to deliver WMI minor irps and in case of IoWMIRegistrationControl((PDEVICE_OBJECT)Callback, WMIREG_ACTION_REGISTER | WMIREG_FLAG_CALLBACK) the specified callback is used for it? TIA Andrew Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61963
  - 16
    - SER2PL.SYS Hello all.. I am developing a USB device and now I am working on the Windows USB client drivers to expose that device, I have already finished the firmware, as a com port on the PC. I just discovered that a driver has already been developed that will do this for me provided I expose 1 interrupt IN endpt, presumably for status, and two bulk endpts for the read and write data. This driver appears to be very popular and developed by a company called prolific technologies. I have found it on 2000 and XP systems. Can I freely use this driver ? I'm doing work for a fairly large company. I can't find any info on the Microsoft site referencing this file, yet it seems to be everywhere. Anyone have the goods on this driver ? -- --Stu Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61961
  - 17
    - HCT12.1 test for one USB device always failed Hello Sir In our company , We are doing the HCT12.1 test for one USB device. In the test process for "USB adress description test" "USB description test" "USBdevice control request test" "USB enuneration stress test" We all meet the same problem. When we start the test operation and view the debug message output from driver , It shows: after normal initialize . the driver calls IRP_MJ_PNP ,minor IRP_MN_QUERY_CAPABILITIES IRP_MJ_PNP ,minor IRP_MN_QUERY_BUS_INFORMATION IRP_MJ_PNP ,minor IRP_MN_QUERY_DEVICE_RELATION then following with: IRP_MJ_PNP ,minor IRP_MN_QUERY_REMOVE_DEVICE IRP_MJ_PNP ,minor IRP_MN_REMOVE_DEVICE BulkUsb_StopDevice BulkUsb_RemoveDevice BulkUsb_Unload then HCT start doing device descriptor enumeration many times but stops at some point. waiting forever . the HCT test process can not be finished. What is the reason for this issue ? Why HCT unload the driver before it performe device descriptor enumeration . If it is our driver 's problem or it is the device firmware 's problem Thanks a lot Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61958
  - 18
    - CreateProcess from Printer Driver I have a printer driver that at one point goes into interaction with the user. This is because it is a "Virtual Printer" that does capture the print output and further processes it. Just alike various PDF Creators that are on the market. I use CreateProcess to start enother EXE that is doing all that interaction. Actually I have written the driver and my partner did the rest. But the trouble is: When the a second user session is started by using "change user" in XP the second session never sees the EXE. Instead this EXE is visible only for the first user. When one switches back to the other user the EXE appeared. As the EXE makes a ping you now "aha it was started on the other users desktop!". I suspect this is because I do the CreateProcess from the driver DLL under SPOOLSV.EXE and SPOOLSV.EXE is started under "SYSTEM" and so it seems that whoever logged in first is the one SPOOLSV.EXE links the Desktop to. What is the way to make the Create Process to simply uses the Desktop for the user currently logged in? Any helpful comments to it are appreciated. Regards, Jürgen Hollfelder Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61956
  - 19
    - how many win64? Hello, I searched around to find information about windows 64 and came across some definitions which struck me that there is more than one window 64. Am I correct? Here is a section that I found in a web site: Win64 AMD64/EM64T Unicode (Windows XP/2003 x64 Edition) Win64 IA64 Unicode (Windows XP/2003 64-bit Edition) Best regards Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61927
  - 20
    - Ndis Installation Hi All, I am trying to install vitual miniport driver(not intermediate) using INetCfgClassSetup. Can anyone let me know what should i pass for the first parameter(Component ID) of install function? Thanks, Senthil Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61923
  - 21
    - registry at driver Hi, I'm developing storage driver. Problem is: In XxxAddDevice() handler function. ZwOpenKey() returns error STATUS_OBJECT_NAME_NOT_FOUND it registry location was output from IoOpenDeviceRegistryKey() IoOpenDeviceRegistryKey() inputs PhysicalDeviceObject. it is XxxAddDevice() parameter. I'm going to check registry, What part of registry for PhysicalDeviceObject ? Anyone have any help ? -- ishikawa Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61914
  - 22
    - TraceView does not work anymore Traceview 2.0.14 and 2.0.15 from 2003 DDK RTM/SP1 fail to load my PDB files with "PDB file not found" message. Traceview 1.9.1 works just fine. There was some email address for traceview feedback, could someone remind me please? I tried tvfb @ microsoft.com, but my message bounced back. -- http://www.cristalink.com Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61893
  - 23
    - Load USB firmware from file. Hello all, We have a usb driver (a camera) that currently is loading firmware into the usb device by reading from a large (!) static buffer within the driver. It would be beneficial from a number of standpoints to read this data from a separate file. The current plan is to store the filename in the device instance's registry key (initialized via the INF file at install and possibly changed later for whatever need). The only fear I have about this is that I have seen on this group and others that there are periods early in the system boot sequence when the file system is not available and thus attempts to open files will fail. My understanding is that since this is a usb driver that is started on demand, it is guaranteed that it will always start late enough in the boot sequence to avoid this issue (our current attempts certainly seem to indicate that this is the case). However, I would feel better knowing that this is both unconditionally true now and will remain true for the plausible future of the Windows OS (i.e. I will not get burned by the next release). Regards, Tom Udale Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61888
  - 24
    - UVCView bug? Hi, I'm getting an error from the Microsoft USB Video Class viewer during enumeration: ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x05 -> Isochronous Transfer Type Synchronization Type = Asynchronous Usage Type = Data Endpoint wMaxPacketSize: 0x1400 = 1025 transactions per microframe, 0x00 max bytes *!*ERROR: bmAttributes bits 13 - 15 are reserved (should be 0) bInterval: 0x01 According to the USB 2.0 specification, wMaxPacketSize is defined as: b0 - b10: max packet size (bytes) b11 - b12: additional transactions per microframe b13 - b15: reserved (must be zero) My descriptor value of 0x1400 should be: 1024 max bytes (0x400) three transactions per microframe (0x10) Is this a bug, or am I misunderstanding something? Thanks and regards, Paul Thacker Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61886
  - 25
    - Win XP 64 Hello, I wanted to start and look at how I can develop a driver for winXP 64. Where is the best place to look? Is there any DDK for winXP 64? Is there any documentation on this subject? As I found, 32 bit drivers couldn't be used in WinXP64 so there should be a way to develop 64 bit driver now. Best regards Tag: Is there any way to suspend/resume a process from kernel mode? Tag: 61881

Re: Is there any way to suspend/resume a process from kernel mode? by Maxim

Maxim
Tue Apr 19 20:48:14 CDT 2005

You can only suspend threads, not processes.

SuspendThread is an unsafe API. If the thread holds some locks in user
mode - you can cause a deadlock.

Why do you need this?

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

"Marius Negrutiu" <negrutiu@as.ro> wrote in message
news:OoRQR9MRFHA.3584@TK2MSFTNGP10.phx.gbl...
> .

Top

Re: Is there any way to suspend/resume a process from kernel mode? by Marius

Marius
Wed Apr 20 06:34:09 CDT 2005

I've used PsSetCreateProcessNotifyRoutine() to register a callback that
is triggered every time a process is created.
Within that callback I need to immediately suspend certain processes,
wait for some user-mode events, and then resume them.

The DDK says that the callback routine is called "just after the initial
thread is created within the newly created process".
I'm wondering if at that moment that initial thread has ever been in a
running state (scheduled by the dispatcher) or is a "virgin" thread. In
that case it would be safe to suspend it.

Do you think it'll work? (cause I'll try it anyway ;)

Thanx for answering!
Marius.

Top

Re: Is there any way to suspend/resume a process from kernel mode? by GianLuca

GianLuca
Sun Jun 12 03:35:02 CDT 2005

Hi Marius,

I've to do the same thinghs, PsSetCreateProcessNotifyRoutine() -> Suspend
all process's threads -> resume them
but when I attempt to open the process threads, I've got a
STATUS_INVALID_PARAMETER, but if I try to do the same thinghs when the
process is full running, the code works fine.
I thinghs that the thread is locked or in a startup state and the system
isn't able to view it through the SuspendThread an so on.
You have found a solution or a workaround?
I've search'ed in Internet but with no answer :((

Thank's

"Marius Negrutiu" wrote:

> I've used PsSetCreateProcessNotifyRoutine() to register a callback that
> is triggered every time a process is created.
> Within that callback I need to immediately suspend certain processes,
> wait for some user-mode events, and then resume them.
>
> The DDK says that the callback routine is called "just after the initial
> thread is created within the newly created process".
> I'm wondering if at that moment that initial thread has ever been in a
> running state (scheduled by the dispatcher) or is a "virgin" thread. In
> that case it would be safe to suspend it.
>
> Do you think it'll work? (cause I'll try it anyway ;)
>
> Thanx for answering!
> Marius.
>

Top