22 Jan
2005
22 Jan
'05
12:16 a.m.
Casper Hornstrup wrote:
According to "Native Api Reference", call NtXxx from kernel mode
calls the implementation directly, with no control over
the previous mode.
Calling the ZwXxx entry goes back through the system service
dispatch, which sets previous mode to kernel mode.
When previous mode is kernel, all buffer checks and
ACLs are bypassed (perhaps among other things, I'm
not sure.)
So if you call the NtXxx version, you may not know whether
the previous mode is user or kernel, and therefore whether
or not you'll get checks. (I.e., you don't know if someone
in your call stack already went through a ZwXXX and got
previous mode set to kernel, or whether your coming in from
a device driver in kernel mode, or whether previous mode
is still user.)
Thanks,
Joseph
-----Original Message-----
From: ros-dev-bounces(a)reactos.com
[mailto:ros-dev-bounces@reactos.com] On Behalf Of Alex Ionescu
Sent: 22. januar 2005 00:45
To: ReactOS Development List
Subject: Re: [ros-dev] SVN Trunk Dead
1) We call Nt* from inside the kernel. NEVER DO THIS!!! (If
you don't know why, you better not commit a single line in
ROS until you find out...)
It would be much better for the project if you shared that
knowledge instead of keeping it a secret. Not every community
member is experienced in kernel-mode programming and many are
trying to learn.