Ge van Geldorp wrote:
From: Alex
Ionescu
This is incorrect; other kernel-mode components should NOT
use these macros. They should do it the "long way" and go
through ProbeForRead.
Why?
Note that my comment doesn't apply to win32k... it's an internal
subsystem and as such depends on ntoskrnl and should use those macros,
but my comments was for drivers. Mostly for two reasons:
1) Drivers shouldn't be getting unsafe parameters from user mode. They
usually get an entire buffer, which they then ProbeForRead/Write. I've
never seen a driver have to probe only a handle or large_integer...this
kind of stuff is simply not done.
2) The macros depend on an undocumented function, RtlRaiseStatus, which
is not exported in the DDK. Thus this would make every driver use an
undocumented feature and force them to use the NDK. Addtionally, it uses
MmUserProbAddress, which is undocumented and its presence in the DDK
might not be guaranteed (between 2K and XP a lot of similar variables
disappared in the DDK, since they are not meant to be used).
Note that, again, for win32k, it's perfectly reasonable to use the macros.
Best regards,
Alex Ionescu