A
aka_jeff
Guest
to begin with am very new to driver development and its my fault that i didn't read more about windows internals nor driver development in general but am trying to learn it as i go with my learning journy right now.
so am trying to use (zwopenfile) function and i saw that it should be running at irql == PASSIVE_LEVEL with special kernel apc's enabled now i read about apc and how they actually work but from "Type of apc's page in msdn" i found out that special kernel apc's runs at irql == APC_LEVEL so my question is how does the function need to run at PASSIVE_LEVEL and it also needs special kernel apc's to run in APC_LEVEL it just confues me i also found out that [KeEnterCriticalRegion()] function disables user mode & kernel normal apc's and let special apc's to run normally and am using that in PASSIVE_LEVEL so how does that work? if anyone could explain or provide a link it would be very much appreciated thank you in advance.
Continue reading...
so am trying to use (zwopenfile) function and i saw that it should be running at irql == PASSIVE_LEVEL with special kernel apc's enabled now i read about apc and how they actually work but from "Type of apc's page in msdn" i found out that special kernel apc's runs at irql == APC_LEVEL so my question is how does the function need to run at PASSIVE_LEVEL and it also needs special kernel apc's to run in APC_LEVEL it just confues me i also found out that [KeEnterCriticalRegion()] function disables user mode & kernel normal apc's and let special apc's to run normally and am using that in PASSIVE_LEVEL so how does that work? if anyone could explain or provide a link it would be very much appreciated thank you in advance.
Continue reading...