create named pipe in kernel driver?
varname
In relation to a previous question I asked about two weeks ago (cos / sin in
kernel driver)', I'm now at a point where I want to create a named pipe to
'stream' the data coming from my hardware device (modified ps/2 mouse).
Creating named pipes from userland applications is straightforward enough,
but in kerneldrivers I'm getting a bit confused. Reading several websites
I've seen people saying to use 'IoCreateFile' directly (as that is what
NtCreateNamedPipeFile uses), using ZwCreateNamedPipeFile (which isn't
exported it seems) and a sort of wrapper
(http://www.ntkernel.com/w&p.php?id=17 last part of page).
Could someone please shed some light on this? What is the (accepted) way to
create a named pipe from a kernel driver (in DriverEntry for instance)?
again, thanks for any assistance you can give.
Don Burn
outside of the normal approaches to communicate from a driver to user space.
Yes people do it, with a lot of undocumented calls that can change
tommorrow. People also drive down one way streets the wrong way, ignoring
convention in either case is at least stupid, if not worse.
There are a heck of a lot of normal ways to get this data out, don't do
things in an unconventional and stupid way.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"varname" <v@j.b> wrote in message news:d6lerj$rlf$1...@news.cistron.nl...
varname
somehow I think that with a less explicit post I would've gotten the main
idea of your.
second: it is my understanding that by using a pipe I can use the output of
my driver (actually really a filter driver) on a remote machine aswell,
without any extra code for sending it over the network.
In my case, that would be a nice feature.
One of the consequences of using a ps2 mouse is (as I understand it) that
windows has exclusive control over the port, i.e. I can't just CreateFile on
it. So then I would have to create a second deviceobject to interact with
and use IOCTLs?
"Don Burn" <bu...@stopspam.acm.org> wrote in message
news:pcrje.231$NL1...@fe02.lga...
Paul Yaroshenko
it won't help you with remoting. In kernel pipe name has different
naming convention that prevents from using "remote pipes".
RtlInitUnicodeString(
&pipe_name,
L"\\??\\pipe\\YourPipeName"
);
InitializeObjectAttributes(
&attr,
&pipe_name,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
ret = ZwCreateFile(
&pipe_handle,
SYNCHRONIZE | FILE_WRITE_DATA , // or FILE_READ_DATA
&attr,
&iostat,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE,
NULL,
0);
Thus whereas in user-mode formar of pipe is "\\server\pipe\pipename" in
kernel it is "\??\pipe\pipename".
In addition, in kerenel default security context is LocalSystem which is
not allowed to access network.
Don Burn
"varname" <v@j.b> wrote in message news:d6mtid$ghg$1...@news.cistron.nl...
> second: it is my understanding that by using a pipe I can use the output
> of
> my driver (actually really a filter driver) on a remote machine aswell,
> without any extra code for sending it over the network.
> In my case, that would be a nice feature.
I've never heard of anyone getting this to work. Not saying that someone
hasn't but I've seen this argument and after doing everything non-standard
they turn around and still need another mechansim to send the data over the
network.
varname
with '\\??\' which precludes them from being accessed over the network (see
post from Paul Yaroshenko aswell).
I'll have to investigate other ways then.
varname
that pipes with '\\??\' prefix are inaccessable remotely.
Doron Holan [MS]
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q262305
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
"varname" <v@j.b> wrote in message news:d6mtid$ghg$1...@news.cistron.nl...
Pavel A.
> second: it is my understanding that by using a pipe I can use the output of
> my driver (actually really a filter driver) on a remote machine aswell,
> without any extra code for sending it over the network.
> In my case, that would be a nice feature.
Will ETW (aka WMI trace) work for you?
--PA
Slava M. Usov
news:OzZWNQfX...@TK2MSFTNGP10.phx.gbl...
[...]
> Thus whereas in user-mode formar of pipe is "\\server\pipe\pipename" in
> kernel it is "\??\pipe\pipename".
This is just a sym. link. The actual device is \Device\NamedPipe.
The original question was not really well formed. Are we talking about a
pipe client or a pipe server in a driver? If it is a client, then nothing
should prevent the driver from being able to call an equivalent of
CreateFile(\\Server\pipe\name).
Running a pipe server in a KM driver is another story.
I would not recommend either way, though. If some remotable mechanism is
desired, think WMI.
S
Paul Yaroshenko
form "\\server\pipe\name"? When I wrote my OS project I wasn't succeeded
to open client pipe to remote server.
About WMI I have nothing to say. Just haven't used it in kernel mode.
Slava M. Usov
>I know that this is a symlink, but nevertheless, how can you write in form
>"\\server\pipe\name"?
If you have a UNC name like \\server\something, you should translate that to
\Device\Mup\server\something. \Device\Mup is the "Multiple UNC Provider",
which is responsible for discovering and using the right redirector to talk
to \\server\something.
S