如何将可变大小的数组从Windows内核驱动程序传递给用户模式进程?
[英]How to pass a variable-size array from Windows kernel driver to a user-mode process?
问题描述
I'm learning Windows kernel programming, and I'm wondering how do I pass a byte array from a kernel driver to my user-mode application, where the kernel driver initiates the call? 
我正在学习Windows内核编程,并且想知道如何将字节数组从内核驱动程序传递到用户模式应用程序,由内核驱动程序在其中发起调用?
If I were to do this among user-mode processes (say, from a service to a GUI app) I'd use a named pipe or a shared memory with a named event and a named mutex for synchronization. 如果要在用户模式进程(例如,从服务到GUI应用程序)之间执行此操作,则将使用命名管道或具有命名事件和命名互斥体的共享内存进行同步。 But I'm lost what to do on the kernel driver side. 但是我在内核驱动程序方面迷失了方向。
Here's my actual example: I have a kernel callback function that can be called any time with a STRING . 这是我的实际示例:我有一个内核回调函数,可以随时通过STRING调用它。 I then need to pass the string from within it to my currently running user-mode process and to alert it. 然后,我需要将字符串从字符串中传递给我当前正在运行的用户模式进程并发出警报。
1 个解决方案
解决方案1
2 2018-06-20 21:53:51
There are tons of ways for kernel-mode to user-mode Inter-Process Communication, and different requirements can suit different techniques. 内核模式到用户模式进程间通信的方式有很多,不同的要求可以适应不同的技术。
For starters, you have the option of named pipes (even in kernel-mode). 对于初学者,您可以选择命名管道(即使在内核模式下也可以)。 However, there's something you should know... It isn't officially documented for a normal kernel-mode device driver (although there is a documented interface for Filesystem Mini-Filter device drivers). 但是,您应该知道一些...对于正常的内核模式设备驱动程序,它没有正式记录(尽管文件系统Mini-Filter设备驱动程序有记录的接口)。
If you want to use a named pipe from a normal kernel-mode device driver, you'll have to locate the address to NtCreateNamedPipeFile or rely on IoCreateFile (which NtCreateNamedPipeFile relies on internally, using an undocumented structure). 如果要使用普通内核模式设备驱动程序中的命名管道,则必须找到NtCreateNamedPipeFile的地址或依赖IoCreateFile (NtCreateNamedPipeFile在内部依赖该文件,使用未记录的结构)。
For using a named pipe from a Filesystem Mini-Filter device driver, you have FltCreateNamedPipeFile . 要使用文件系统微型过滤器设备驱动程序中的命名管道,请使用FltCreateNamedPipeFile 。
Moving on from the named pipes idea, you have the option of Local Procedure Calls! 从命名管道的想法继续前进,您可以选择“本地过程调用”! However, once again, another dead-end in terms of documentation. 但是,在文档方面又是另一端。 It is relatively straight forward to do it as a client in kernel-mode though. 不过,将其作为内核模式的客户端来做是相对简单的。 There's a documented interface for Ports with a Filesystem Mini-Filter device driver though: FltCreateCommunicationPort . 但是,有一个针对文件的接口,该接口带有文件系统微型过滤器设备驱动程序: FltCreateCommunicationPort 。
Moving on again, you could attach to the user-mode client and write directly to its memory. 再次继续,您可以附加到用户模式客户端并直接写入其内存。
If you really wanted, you could rely on something simple like a shared event to notify the user-mode client that you've just attached to it and written into its virtual memory. 如果确实需要,您可以依靠诸如共享事件之类的简单方法来通知用户模式客户端您已将其附加并写入其虚拟内存。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.