From: Matt Arnold [marnold@motu.com] Sent: Friday, September 17, 1999 11:31 AM To: ntdev@atria.com Subject: Re: [ntdev] calling user mode dlls from kernel mode drivers From: Maxim S. Shatskih Date: Friday, September 17, 1999 1:31 AM >> does anybody know how to call a USER MODE APPLICATION OR A >> USER MODE DLL from a kernel mode driver. > >You can call the usermode callback directly from the kmode driver & will end >up in EIP < 0x80000000 but the CPU is still in kernel mode. ...provided of course that the kernel-mode driver is still running in the context of the target user-mode process. Otherwise, the virtual address of the callback function will be invalid. That is, you can't just call the user-mode callback "at random" from some DPC or, heaven forbid, your interrupt callback routine! (I'm sure you konw all this Maxim -- I just wanted to clarify your comments for the original poster.) >Looks like it is not a good product architecture, but maybe it is the >solution in >your case. BTW, OSR has an "NT Insider" article that descibes, somewhat in passing, how a kernel-mode driver can call a user-mode function directly. The article is titled "Understanding and Using Execution Context in NT Drivers" and is freely available at http://www.osr.com/insider/1996/context.htm. However, may I suggest that perhaps the original poster hasn't been made familiar with the *proper* methods for communicating between kernel-mode drivers and user-mode applications (calling user-mode code directly is NOT a proper method). For example, one common, *proper* technique is for the application to send an IOCTL that isn't completed until the driver has something to say to the application, upon which the driver fills the output buffer and completes the IRP for the IOCTL. The app then "wakes up" (that is, when the DeviceIoControl() call the sent the IOCTL finally returns), it can process the "callback" information returned in the output buffer, after which it sends the same IOCTL to the driver again (to receive the next callback). The app typically would use a separate, dedicated thread for all this. This technique is known as the "blocking IOCTL" technique. Regards, Matt Arnold marnold@motu.com Professional Music Products Mark of the Unicorn, Inc. http://www.motu.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntdev-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]