Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Executing a user-mode executable from kernel-mode

I'm building a HW-simulator for our driver team. Now, the simulator is devided in to 2 modules: First module runs inside the driver, in kernel mode and that's where the main interface between the driver and the HW-Simulator. Second module is an executable user-mode code which generates data for the simulator and transports it to the simulator via calls to DeviceIOControl (under windows API)

My need is this: I want to be able to execute the user-mode executable from within the kernel-mode. And I need to be able to do this in a relatively portable way. Currently I'm only running on Windows, but that should change soon. Further more, I need to be able to communicate with the user-mode code via it'sstdin pipe, in order to reconfigure it and eventually close it.

I found this: Executing a user-space function from the kernel space

but it's only relevant for the linux-kernel. Is there a more portable alternative? Or a windows alternative?

Can I do this in Windows by simply using the ShellExecute/RunAs API functions?

Note: We are aware of the security risks involved in invoking user-mode code from the kernel-space. But as this is only meant to be used as a test-environment and will not ever reach our release code, then we are not concerned.

like image 889
eladidan Avatar asked May 25 '11 15:05

eladidan


1 Answers

There isn't a clean way to do this in the Windows kernel. The user-mode API CreateProcess to create processes use undocumented APIs (NtCreateProcess/NtCreateThread) to create a process.

The recommended thing to do would be to have a "partner service", a user-mode service that communicates with your driver using IOCTL. You can use the inverted call model to have your driver call your service to have it create a process.

like image 94
munin Avatar answered Sep 29 '22 12:09

munin