Article 2594 of microsoft.public.win32.programmer.kernel: On Mon, 6 Oct 1997 02:48:56 -0400, "Thomas E. Knowles" wrote: >Thanks, okay so let me press my luck and get a little more specific. I want >to have a rather large user-mode buffer (>512 MB). I want this buffer to be >addressable at all times by my device driver once the driver is initialized. >(The driver will have to read and write data to the buffer.) > >1.) Is there a limit to the size of the buffer that is represented by the >MDL at Irp-MdlAddress? > >2.) Say I use an initial WriteFile() to pass the user-mode address to the >device, is it true that the buffer will only be usable by the device while >the device is servicing that one WriteFile() request? Is there a way for >the device to extract the address of the user-mode buffer passed by the >initial WriteFile() (using GetSystemAddressForMdl(Irp->MdlAddress)), and >then once that WriteFile request is finished, have the device be able to use >the user-mode buffer for any subsequent Read/Write requests to the device? > >Thanks again. > >-- >Thomas Knowles >Princeton University >nike@cs.princeton.edu >Georgy Malyshev wrote in message <01bcd221$d76cb270$0eb95ac2@gosha>... >>Thomas E. Knowles wrote in article >>... >>| Can anyone tell me if a kernel mode driver can read and write directly to >>| user-mode memory? >>Yes. >> >>|And if so, how? Only answer the second question if you >>| feel like it. >> >>Calling MmGetSystemAddressForMdl(pIrp->MdlAddress) you have >>a virtual address of the user-mode buffer in the system address space. >> >>| (I assume the kernel device has to be set up with >>| DO_DIRECT_IO flag set.) >>This flag has to be set if you are using ReadFile() / WriteFile Win32 >>calls. >>If you are using DeviceIoControl() calls, you have to define your IOCTL >>with >>METHOD_OUT_DIRECT or METHOD_IN_DIRECT flag. User-mode buffer should >>be transferred to driver as output buffer (no matter you're performing read >>or write). >> >>Hope it helps. >>-- >>Georgy Malyshev, software group manager >>CMT Medical Technologies, MATAM, Haifa, Israel >>Tel ++972-4-8566240 Fax ++972-4-8550249 >> > > It is possible, but it will require a bit of work. There are several options that I can see. 1) Create a memory mapped file to share between the WIn32 application and the driver. In this situation, the driver must process IRPs running greater than PASSIVE_LEVEL in a driver thread. You simply map the section to the systems process address space. 2) You could use the undocumented functions KeAttachProcess() and KeDetachProcess() to force a driver created thread to run in the context of a specified process. This would give you access to the address space of the process and you will be at PASSIVE_LEVEL. In either case, you will be required to force a context switch so that your driver thread will be running at PASSIVE_LEVEL. This will allow the driver to generate a page fault when addressing the large chunk of memory or the memory mapped file. Have fun. Jamey Kirby Senior Partner Magnuson, Kirby & Associates, LLC. jkirby@gloryroad.net Jamey Kirby Senior Partner Magnuson, Kirby & Associates, LLC. jkirby@gloryroad.netX