(IFS filter driver) Accessing user buffer from kernel thread or accessing handles within user contex

[RA]

I am using the Windows IFS kit to write a replication filter-driver.

I am currently doing the following

In open (IRP_MJ_CREATE):
Handle= ZwCreateFile(..);
.. Save Handle

Then in write (IRP_MJ_WRITE):
ZwWriteFile(Handle, .., DataFromTheBufferInIRP)

Unfortunately, the handle is only valid within the context of the process
calling the function. I have also tried to pass all these calls (including
ZwCreateFile and ZwWriteFile) to kernel worker threads using
IoAllocateWorkItem-IoQueueWorkItem sequence. This allows the handle to be
accessed independent of the user thread. However the Irp->UserBuffer is not
accessible in the kernel threads any more.

What can I do to both be able to access the user buffer and have a valid
handle during read/write. Any advice would be greatly appreciated.

Thanks in advance.

RA

 

[Carl Woodward]

One thing you can do is call KeStackAttachProcess to attach the current
thread to the process address space of your choice. Once you've finished
doing what you need to, call KeUnstackDetachProcess to restore the process
context back to what it was.

Take real care using these APIs, dont do anything complex inbetween the two
calls; dont send Irps for example, because you really can cause horrible
problems and dead locks.

Carly

 

[Vladimir Zinin]

Hi,

...
What can I do to both be able to access the user buffer

for direct io - MmGetSystemAddressForMdl
for buffered io - use the IO manager prepared buffer

and have a valid handle during read/write
...

ObReferenceObjectByHandle
ObOpenObjectByPointer

 

[RA]

Thank you. Your rsponse has been very helpful.
Best wishes,
-- RA

 

[Don Burn]

The solution here is to use OBJ_KERNEL_HANDLE in InitializeObjectAttributes.
This makes the handle valid in all contexts in the kernel, and not valid in
user space. Using the solutions offered before this are likely to cause
crashes, and are overkill.