I read here that the inverse is possible, but how does one achieve such a thing? I'd hope there's a simple way, similar to calling from a loaded DLL, but my google research comes up with nothing. My only other thought is that one could pass some predefined constants through WriteFile or DeviceIoControl that the driver parses like a switch statement to execute the relevant function; does a more direct method exist?
Asked
Active
Viewed 1,328 times
1
FShrike
- 323
- 1
- 10
-
no any simply way. and kernel mode can not execute code in user space – RbMm Feb 22 '21 at 18:13
-
@RbMm is the method I detailed at all practical – FShrike Feb 22 '21 at 18:19
1 Answers
1
The question is why would you want to do it? Generally if you have to rely on some mechanism like this, you need to revisit the design of the application/driver that you are writing.
The correct way to do something in context of your user mode application is exactly what you described. You can do a DeviceIoControl call to your driver and the driver validates all the parameters that you have passed, then carries out the operation on behalf of the user mode call.
If for some reason, you need to call into kernel directly, you will have to resort to undocumented methods. There are ways to hook into kernel dispatch table and overwrite one of the dispatch handler to redirect the call to your function. But I hope you never ever ship anything like this to your customer. This is good for learning how the dispatch table works, etc but introduces several security nightmares. Ultimately your software should not be responsible for someone's machine getting hacked.
Security Guard
- 414
- 2
- 7
-
Good response thanks -> is device io control the only way to perform this? – FShrike Feb 23 '21 at 21:56
-
1Device IoCtrl is the preferred way. Read/Write file comes after that. You can also set up a named pipe communication between your application and the driver. – Security Guard Feb 23 '21 at 21:59
-
Is there a quick api name or reference you could give for that? You may have just answered a previous question of mine that's been dismissed! I was looking for a guide to alternatives for DeviceIoControl – FShrike Feb 23 '21 at 22:00
-
here is a communication between user and kernel using named pipe. https://community.osr.com/discussion/71108/named-pipes-kernel-mode-help-needed-newbie – Security Guard Feb 23 '21 at 22:18