Communication between kernel-mode and user-mode application

Question

I have built a WFP callout driver which runs in kernel mode. Now, I'm trying to figure out how to communicate between this driver and my GUI application which runs in user-mode. Any ideas?

Exactly what I want is something like this:

1. The callout driver detects an incomming connection on port 4444 (This is not part of my question)
2. The drivers send a message to the user-mode app.
3. The app shows a notification to the user and asks it if we should accept/block the connection.
4. The user-mode app sends back the user's response to the callout driver.

Thanks!

Answer 1

I agree with LordDoskias. You need to create a device object and make it available to the Win32 realm. Then you can use CreateFile, ReadFile, WriteFile and the already mentioned DeviceIoControl to send requests.

In order to get notifications from the driver to the application, you can use the so-called inverted call model. You send down some IRPs (via one of the mentioned mechanisms) and do that in an asynchronous manner (or in separate threads). Then, the driver keeps them dangling until it has to notify the user mode component about something and then returns the completed IRP. Alternative methods are to set some event and have the UM request whatever the driver keeps in some kind of queue...

The gist is, there is no direct way that the driver can send some message to the user mode application.