Two-way communication between kernel-mode callout and user-mode application? RRS feed

  • Question

  • I need a two-way communication between a kernel-mode WFP callout driver and a user-mode application. The driver initiates the communication by passing a URL to the application which then does a lookup on that URL passes that information back to the driver. The driver needs to know the information in the filter function because it may block certain web pages based on that. I had a thread in the application that was making an I/O request that the driver would complete with the URL and a GUID, and then the application would write the category into the registry under that GUID where the driver would pick it up. Unfortunately, the driver verifier says this is not allowed because the Zw registry functions have to run at PASSIVE_LEVEL. I was thinking about trying the same thing with mapped memory buffers, but I’m not sure what the interrupt requirements are for that. Also, I thought about lowering the interrupt level before the registry function calls, but I don't know what the side effects of that are.
    Sunday, December 30, 2012 2:20 AM


  • why are you at elevated IRQL above passive? if you were the one who raised IRQL, you can lower it. for instance, by releasing the spinlock that might have raised IRQL. if you didn't raise IRQL and your callout was called at IRQL > PASSIVE, you CANNOT lower irql, you will cause weird and strange deadlocks if you do so.  instead of using an intermediary like shared buffers or the registry, just have the app send a new io down with the identifier (sounds like a GUID) and the result of the operation.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Sunday, December 30, 2012 6:53 AM