Follow the simple steps to do.
1. Create event object in user mode application
****User mode****
HANDLE SharedEvent;
SharedEvent = CreateEvent(NULL, TRUE, FALSE, "SharedEvent");
*****************
2. Open event object in kernel mode application
we use BaseNamedObjects in the event name because when user mode application creates event,
Object managet creates it under BaseNamedObjects namespace.
****Kernel mode****
HANDLE SharedEventHandle = NULL;
PKEVENT SharedEvent = NULL;
RtlInitUnicodeString(&EventName, L"\\BaseNamedObjects\\SharedEvent");
SharedEvent = IoCreateNotificationEvent(&EventName, &SharedEventHandle);
ObReferenceObject(SharedEvent);
*****************
3. Wait on the event in any user or kernel mode application
****User mode****
WaitForSingleObject(SharedEvent, INFINITE);
*****************
4. Signal event from any user or kernel mode application
****Kernel mode****
KeSetEvent(SharedEvent, 0, FALSE);
*****************
5. Close any resources in both user and kernel mode
****User mode****
CloseHandle(SharedEvent);
*****************
****Kernel mode****
ZwClose(SharedEventHandle);
ObDereferenceObject(SharedEvent);
*******************
- vikas
No comments:
Post a Comment