Results 1 to 8 of 8

Thread: PM Question

  1. #1
    Newbie
    Guest

    PM Question

    Is it possible to have ring 0 code call ring 3 code?!? What about having ring 0 code call ring 3 code conditionally... can it be done? In other words is it possbile to create some kind of callback functionality in ring 3 that ring 0 code can call?!? If this is possible can someone show me an example??

    Thanks,
    Newbie
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Solomon
    Guest
    Here is some source code written in Delphi(Chinese characters):
    http://www.driverdevelop.com/read.php?t=A&id=21
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Newbie
    Guest
    Solomon (01-15-2001 15:21):
    Here is some source code written in Delphi(Chinese characters):
    http://www.driverdevelop.com/read.php?t=A&id=21
    Thanks for the tip. Do you know if there is any engine that will translate the web page to english?!? I can kinda make sense out of it, but I would like to learn the concept. It looks like GetProcAddress has something to do with it.
    Well, thanks for the help.

    Newbie
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Spath.
    Guest
    > Is it possible to have ring 0 code call ring 3
    > code?!?

    Yes, however this require some setup to go to
    ring3 and come back to ring0. Therefore,
    before you start messing with such tricks,
    make sure that your OS does not provide
    what you want (with for instance _SHELL_CallAtAppyTime). In case you want
    the raw protected mode theory, you will first
    need a good understanding of pmode and
    ring transitions, or the explanations will not
    make much sense to you.

    > What about having ring 0 code call ring 3
    > code conditionally...

    conditionally like what ? You can go to ring3
    and come back to ring0, so if your 'condition'
    can be detected in ring0, then yes.

    Regards,
    Spath.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Solomon
    Guest
    Here is the part of translation(not exact translation and without the permission of the original author, sorry):

    The Virtual Shell Device of Win95/98 provides services for VxDs to call Win16 applications directly, while it doesn't provides services for VxDs to directly?@call Win32 applications. But Win95/98 still provides 2 ways for VxDs to call Win32 applications.

    One is using the APC(Asynchronous Procedure Call) function of VWIN32.VxD. First the Win32 application dynamically loads the VxD, and passes the address of its callback procedure to VxD with DeviceIoControl( ), then it calls SleepEx/WaitForMultipleObjectsEx/WaitForSingleObjectEx to suspend itself. Thus the VxD can call the Win32 callback procedure with _VWIN32_QueueUserApc of VWIN32.VxD. There is a sample program named IFSMONITOR using this method which can be found in the companion CD of "Windows 95 System Programming 4" .

    The other way is more flexible. It employs the multi-threading feature of Win32 and the event mechanism of inter-thread communication. The Win32 application creates 2 threads and defines an event. The main thread is responsible for dynamically loading/unloading the VxD and communicating with it using DeviceIoControl( ), while the secondary thread calls ResetEvent( ) and WaitForSingleObject/WaitForSingleObjectEx to suspend itself. The VxD calls _VWIN32_SetWin32Event of VWIN32.VxD to wake up the secondary thread, thus you get an indirect implementation of calling Win32 procedure from VxD. This method is very flexible because VWIN32.VxD provides lots of Win32 event services just corresponding to the Win32 event API. By defining 2 events you can even completely synchronize the VxD and Win32 application when calling the Win32 application from VxD.

    I wrote a Win32 prog in Delphi 5 and a VxD in VToolsD v2.03 to illustrate the 2nd way. The VxD hooks the clock interrupt, just like the CHIME sample of VToolsD v2.03.

    ............. // source code omitted here

    The Win32 prog calls the OpenVxDHandle( ) API of KERNEL32.DLL to convert the Win32 event handle to VxD event handle. The OpenVxDHandle( ) API is only documented in DDK. The VxD will wake up the secondary thread every 2000 clock interrupts. With little modification we can get a high precision timer.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Spath.
    Guest
    > But Win95/98 still provides 2 ways for VxDs
    > to call Win32 applications.
    > ...

    Unfortunately these two methods are not
    doing that, because they both require part of
    ring3 code to be executed before the vxd can
    call it (and therefore you cannot use them from
    static vxds or raw ring0). This is not calling
    ring3 code or win32 applications from ring0,
    this is a thread synchronization exercice.

    Spath.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Solomon
    Guest
    Spath. (01-16-2001 23:14):
    Unfortunately these two methods are not
    doing that, because they both require part of
    ring3 code to be executed before the vxd can
    call it (and therefore you cannot use them from
    static vxds or raw ring0). This is not calling
    ring3 code or win32 applications from ring0,
    this is a thread synchronization exercice.

    Spath.
    OK, I will forward your opinion to the original author. Thx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Newbie
    Guest
    WOW! Well I think I asked a question more complicated then I thought. I will need to study more about PM. I hope then when I do learn more, I can ask you people more directed questions. Thanks for your notes
    I think I overdid myself with this question.

    Newbie
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Question about IDA
    By callan300 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: July 16th, 2007, 01:25
  2. How To Ask A Question
    By LLXX in forum Off Topic
    Replies: 7
    Last Post: September 11th, 2006, 22:52
  3. Question about Nag's
    By dmx in forum Mini Project Area
    Replies: 3
    Last Post: April 3rd, 2005, 09:15
  4. Question/Bug?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 1
    Last Post: July 21st, 2003, 22:01
  5. Question
    By Dya-Blo in forum Advanced Reversing and Programming
    Replies: 8
    Last Post: December 17th, 2000, 16:11

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •