Developer Forum

Hi

I whant to use a driver from another driver. But whats the diffrence between
Zw- or Io-Createfile ??

Any sample on using a driver from within another one ?

Thomas

ZwCreateFile is the equivalent of the system call NtCreateFile - but it
bypasses some parameter validation and security checks because it can only
be called by a kernel component who is expected to call it correctly. It
creates a handle to the file object in the handle table of the current
process (unless you set the OBJ_KERNEL_HANDLE bit).

In any event, if you want to talk to another driver, you should probably use
IoGetDeviceObjectPointer, which skips handle creation and gets you the file
and device objects for the connection you've established.

-p

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Minor additional information:


ZwCreateFile is a syscall. It reenters the kernel via INT 2Eh or SYSENTER. This
forms the new trap frame on the stack, and so the ExGetPreviousMode call inside
NtCreateFile (which is just function, registered in a system service table as a
syscall body) will always return KernelMode. In the MJ_CREATE IRP,
the ->RequestorMode field will also be KernelMode.

This relaxes the buffer validity checks in the IO manager and drivers,
including FSDs.

Calling NtCreateFile itself (the syscall implementation) will not make a new
trap frame on the stack, and so the requestor mode will be the same as the
ExGetPreviousMode result of the caller. In some cases, this result can be
UserMode, depends on from where the driver wants to open a file.

This will lead to full-scale buffer validity checks, which fill nearly surely
fail if the kernel-space buffers are used for object attributes etc.

Resume: do not use Ntxxx routines in the driver, use ZwXxx.


IoGetDeviceObjectPointer is a sequence of:
ZwCreateFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject
ZwClose

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
XXXX@XXXXX.COM
http://www.yqcomputer.com/