NtCreateProcess

[Nicolas Collignon]

Has anyone any sample code creating a user process from kernel mode ?
If not any idea how i can do that as NtCreateProcess is not exported
by ntoskrnl.exe

bye

[Don Burn]

"Nicolas Collignon" <coll...@ece.fr> wrote in message
news:slrnahjdqk....@gandalf.ece.fr...

> Has anyone any sample code creating a user process from kernel mode ?
> If not any idea how i can do that as NtCreateProcess is not exported
> by ntoskrnl.exe
>

Bottom line is you cannot create a user process from kernel mode, there
are a heck of a lot of calls not just NtCreateProcess that take place to
create a process, such as loading the executable etc, so don't try this.

Is there any reason not just to use a helper application, or service to
perform the CreateProcess on behalf of the driver?

Don Burn
Egenera, Inc.

[Nicolas Collignon]

No in fact i was just interested in doing that for learning purpose.
Yeah but i know there are a lot of calls being done for loading a process like:
- memory mapping
- thread creation
- thread starting
- informing crcss.

So between, if i want to launch a user-mode process when a special event
occurs in
kernel, i have to use a device and make a user-mode program read information
from the device link so it can be informed when to start the process.
Any other way ?

---
nicolas

[Markus]

Hi!

I've an application/driver which does this in the following way:

-application starts some proceses
-process send an object handle to the driver and makes
WaitForSingleObject
-driver takes object handle and whenever the process in the
application should be triggered the object handle will be set.

Hope this helps,
Markus