Hi
I need to pass the large data in kernel mode to user mode. So, i created a file from kernel mode and write request data to new file.
Do you can show other method for me, please?.Thanz u to help me.
This is my source in kernel mode:
Code:
Status = ZwQuerySystemInformation(
_SystemProcessesAndThreadsInformation, pBuffer,0, &cb_x);
_snprintf(buffer,255,"ROOTKIT: Get var cb_x 1: %4X \n",cb_x);
DbgPrint(buffer);
if (cb_x!=0)
{
pBuffer = ExAllocatePool (NonPagedPool, cb_x);
if (pBuffer == NULL) // if memory allocation failed, exit
{
DbgPrint("ROOTKIT: ExAllocatePool failed");
}
else
{
DbgPrint("ROOTKIT: ExAllocatePool OK");
Status = ZwQuerySystemInformation(
_SystemProcessesAndThreadsInformation, pBuffer, cb_x, &cb_x);
_snprintf(buffer,255,"ROOTKIT: Get var cb_x 2: %4X \n",cb_x);
DbgPrint(buffer);
};
RtlInitUnicodeString(&g_usFileName,FILE_NAME_TXT);
InitializeObjectAttributes(&oa, &g_usFileName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
Status_f=ZwCreateFile(&hFile,FILE_WRITE_DATA|SYNCHRONIZE,&oa,&iosb, 0, FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,FILE_OPEN|FILE_CREATE, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if (Status_f == STATUS_SUCCESS)
{
DbgPrint("ROOTKIT: File created\n");
Status_f=ZwWriteFile(hFile, 0, NULL, NULL,&iosb,
pBuffer,cb_x, NULL, NULL);
ZwClose(hFile);
}
else
{
_snprintf(buffer,255,"ROOTKIT: Can't create file. Status: %08X\n",(ULONG)Status_f );
DbgPrint(buffer);
};
ExFreePool(pBuffer); // free the memory associated with the buffer
};