none
Kernel driver to user mode application to kernel driver RRS feed

  • Question

  • Hi!

    I am super new to driver development. I was hoping that someone could help me out with the following question that I have.

    I found information about the user application initiating a connection using DeviceIOControl (https://docs.microsoft.com/en-us/windows/desktop/DevIO/calling-deviceiocontrol).  I understand that the direction here is User Mode Application -> Kernel Driver -> User Mode Application.

    Is there a way to go the opposite direction? Start at the kernel driver which then would notify the user mode application and in turn have the user mode application send back to the kernel driver without first starting at the user mode application (so not do an inverted call model)?

    Thanks!

    Wednesday, April 10, 2019 2:51 PM

Answers

  • You can use a event that is created in kernel mode, but why would you want to?   The bottom line is that inverted call is a well known mechanism that works well, and can be very fast (I've done one driver where we did over 1,000,000 messages per second and that was years ago on a 4 core system.

    I do commonly wrap the interface into a DLL so that the user application doesn't need to worry about the details.

    Why do you think you want to go the other way?


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by shift_left Wednesday, April 10, 2019 7:48 PM
    Wednesday, April 10, 2019 5:57 PM
  • Hi! Thanks for your answer!

    I was thinking about going the other way mostly due to lack of Windows Driver experience. I am operating on TCP traffic and need to send it to a user mode application for inspection and modification and then send it back to the driver for re-injection. It made me wonder if I should have the KMDF driver sending the request to the user application.

    • Marked as answer by shift_left Thursday, April 11, 2019 12:11 PM
    Wednesday, April 10, 2019 7:40 PM

All replies

  • You can use a event that is created in kernel mode, but why would you want to?   The bottom line is that inverted call is a well known mechanism that works well, and can be very fast (I've done one driver where we did over 1,000,000 messages per second and that was years ago on a 4 core system.

    I do commonly wrap the interface into a DLL so that the user application doesn't need to worry about the details.

    Why do you think you want to go the other way?


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by shift_left Wednesday, April 10, 2019 7:48 PM
    Wednesday, April 10, 2019 5:57 PM
  • Hi! Thanks for your answer!

    I was thinking about going the other way mostly due to lack of Windows Driver experience. I am operating on TCP traffic and need to send it to a user mode application for inspection and modification and then send it back to the driver for re-injection. It made me wonder if I should have the KMDF driver sending the request to the user application.

    • Marked as answer by shift_left Thursday, April 11, 2019 12:11 PM
    Wednesday, April 10, 2019 7:40 PM
  • Nope, use inverted call.  The application makes a set of ioctl requests with buffers which are kept pending in the driver.  When the driver has something to say, it pops the next ioctl and completes it.  The app then process it and returns the buffer to the driver.  Well-known, well-understood, performant.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Wednesday, April 10, 2019 8:26 PM
  • Thank you! I will definitely go down the inverted call model route!!
    Thursday, April 11, 2019 12:11 PM