Casper Hornstrup wrote:
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of Alex Ionescu Sent: 22. januar 2005 00:45 To: ReactOS Development List Subject: Re: [ros-dev] SVN Trunk Dead
- We call Nt* from inside the kernel. NEVER DO THIS!!! (If
you don't know why, you better not commit a single line in ROS until you find out...)
It would be much better for the project if you shared that knowledge instead of keeping it a secret. Not every community member is experienced in kernel-mode programming and many are trying to learn.
According to "Native Api Reference", call NtXxx from kernel mode calls the implementation directly, with no control over the previous mode.
Calling the ZwXxx entry goes back through the system service dispatch, which sets previous mode to kernel mode.
When previous mode is kernel, all buffer checks and ACLs are bypassed (perhaps among other things, I'm not sure.)
So if you call the NtXxx version, you may not know whether the previous mode is user or kernel, and therefore whether or not you'll get checks. (I.e., you don't know if someone in your call stack already went through a ZwXXX and got previous mode set to kernel, or whether your coming in from a device driver in kernel mode, or whether previous mode is still user.)
Thanks,
Joseph