Prev: Disable power button programatically in Windows XP
Next: How to set registry key permission in the code?
From: sylvain on 21 Apr 2007 15:24
Gerry Hickman wrote:
> Hi Mike,
>
> OK, I think you're saying you can't just write a program and try to make
> the calls to NtQuerySystemInformation without running into problems
> because it needs to run in kernel mode?

No, the old sample posted on ui group works perfectly in user mode.
From: David Craig on 21 Apr 2007 18:09
> Would it be possible to write a multi-threaded program, with one thread in
> kernel mode?
>
I sure hope not.

"Gerry Hickman" <gerry666uk(a)newsgroup.nospam> wrote in message
news:%23ctJsFDhHHA.960(a)TK2MSFTNGP03.phx.gbl...
> Hi Mike,
>
> OK, I think you're saying you can't just write a program and try to make
> the calls to NtQuerySystemInformation without running into problems
> because it needs to run in kernel mode?
>
> Hmm, is that why there's talk of a "driver" being used, e.g. with
> SysInternals implementation?
>
> Would it be possible to write a multi-threaded program, with one thread in
> kernel mode?
>
> Mikep wrote:
>> If you google around for information on 'NtQuerySystemInformation hangs
>> on pipes', you'll see that calling it from userland will hang the calling
>> thread if you are requesting information on a handle for a pipe. Don't
>> recall whether the pipe has to be named or not.
>>
>> Calling from kernal mode works fine.
>>
>> Mike P
>>
>> "Gerry Hickman" <gerry666uk(a)newsgroup.nospam> wrote in message
>> news:udJCD2DgHHA.284(a)TK2MSFTNGP05.phx.gbl...
>>> Thanks Jeffrey,
>>>
>>> The article from osronline is very helpful!
>>>
>>> Is there any possibility we could either have better DOCs for
>>> NtQuerySystemInformation or a proper API for this in future? A WMI
>>> Provider
>>> would be nice:)
>>>
>>> --
>>> Gerry Hickman - (London UK)
>>>
>>> ""Jeffrey Tan[MSFT]"" <jetan(a)online.microsoft.com> wrote in message
>>> news:M75GiN$fHHA.4692(a)TK2MSFTNGHUB02.phx.gbl...
>>>> Hi Gerry,
>>>>
>>>> Based on my knowledge, there is no good documented API for this task.
>>>> Handle.exe from sysinternals installs a driver in kernel mode to query
>>>> the
>>>> process handle table for this information.
>>>>
>>>> The common approach for this task is still calling
>>> NtQuerySystemInformation
>>>> API which may be altered in future version of Windows:
>>>> http://www.osronline.com/lists_archive/ntdev/thread199.html
>>>>
>>>> Your application using NtQuerySystemInformation have to modify its
>>>> implementation for each new version of Windows to keep forward
>>>> compatibility. This is the way most of the system tools doing today.
>>>>
>>>> Thanks.
>>>>
>>>> Best regards,
>>>> Jeffrey Tan
>>>> Microsoft Online Community Support
>>>> ==================================================
>>>> Get notification to my posts through email? Please refer to
>>>>
>>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
>>>> ications.
>>>>
>>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
>>>> issues
>>>> where an initial response from the community or a Microsoft Support
>>>> Engineer within 1 business day is acceptable. Please note that each
>>>> follow
>>>> up response may take approximately 2 business days as the support
>>>> professional working with you may need further investigation to reach
>>>> the
>>>> most efficient resolution. The offering is not appropriate for
>>>> situations
>>>> that require urgent, real-time or phone-based interactions or complex
>>>> project analysis and dump analysis issues. Issues of this nature are
>>>> best
>>>> handled working with a dedicated Microsoft Support Engineer by
>>>> contacting
>>>> Microsoft Customer Support Services (CSS) at
>>>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
>>>> ==================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>
>>
>
>
> --
> Gerry Hickman (London UK)


From: Adam on 22 Apr 2007 06:47
Gerry Hickman wrote:

> Would it be possible to write a multi-threaded program, with one thread
> in kernel mode?

No. Threads run in the context of processes and share a memory address
space with the rest of the process.
From: Gerry Hickman on 22 Apr 2007 10:00
Hi,

Thanks for explaining. Is there any way to write a user mode version of
the program (as Sylvain mentions above) or would it require some kind of
"driver"?

If anyone has the user mode sample from the "ui group", I'm very
interested to see it!

Adam wrote:
> Gerry Hickman wrote:
>
>> Would it be possible to write a multi-threaded program, with one
>> thread in kernel mode?
>
> No. Threads run in the context of processes and share a memory address
> space with the rest of the process.


--
Gerry Hickman (London UK)
From: "Jeffrey Tan[MSFT]" on 23 Apr 2007 23:02
Hi Gerry,

Yes, I see your concern. Based on my knowledge, I think Microsoft kernel
team has design concern of not documenting these APIs. For example, some of
the APIs prototype may be changed in next Windows and others may even will
display in next Windows. So kernel team just prevent some private APIs from
calling by ISVs. Sorry, this design choice has gone out of my decision.

Anyway, the request for handle table query makes sense, I will forward this
feature request to the kernel team. I hope they will file it in the
internal database for future consideration.

Thanks for your understanding.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Disable power button programatically in Windows XP
Next: How to set registry key permission in the code?