Reputation: 584
Minifilter: how to run application from kernel mode
Now, I'm working with minifilter in kernel-mode. I want to run an application ( system application such as: notepad.exe, mspaint.exe or an application which is made by user such as: C# application ...).
My questions are:
- Can I run application from kernel?
- If can, how should I do?
Happy new year !
Thanks all
[EDIT]
I create a windows service (C#) to communicate between them (Minifilter (C) and Application (C#, C/C++))
Windows service will start app ==> Done. It will execute after get and check message from minifilter.
Minifilter send message to service
[Minifilter] Create communication port
[Minifilter] Send message to service after check conditions
[Service] Get message from this port by FilterGetMessage
==> How using FilterGetMessage in C#?
UPDATE: I used
FltSendMessage at driver to send message to service
FilterGetMessage at service to get message from driver
==> But the message buffer is null although the status is success (status = 0)
What is not correct?
P/S: The message content is a file name.
Upvotes: 0
Views: 1672
Answers (1)
Reputation: 1377
Windows Minifilter has framework to send & receive message from a usermode application. Check this api: FilterSendMessage for more information on the communication mechanism. Using this, you can send notification to a user mode app to start an application.
Upvotes: 0
Related Questions
- minifilter driver append to user buffer in post operation
- How to block an dll injection via Minifilter
- How to pend IRP in minifilter driver?
- Intercept Process Access using a Windows MiniFilter Driver
- Is there a way to pass an entire file from file system mini filter driver (kernel mode) up to a user mode application?
- Minifilter: Block applications with notification
- Minifilter redirect file creation in pre operation?
- how to : do 2 way communication between user mode and kernel mode
- how to install and run a driver
- debugging minifilters