Minifilter: how to run application from kernel mode

0
votes

Now, I'm working with minifilter in kernel-mode. I want to run an application ( system application such as: notepad.exe, mspaint.exe or an application which is made by user such as: C# application ...).

My questions are:

  1. Can I run application from kernel?
  2. If can, how should I do?

Happy new year !

Thanks all

[EDIT]

I create a windows service (C#) to communicate between them (Minifilter (C) and Application (C#, C/C++))

  1. Windows service will start app ==> Done. It will execute after get and check message from minifilter.

  2. Minifilter send message to service

  3. [Minifilter] Create communication port

  4. [Minifilter] Send message to service after check conditions

  5. [Service] Get message from this port by FilterGetMessage

    ==> How using FilterGetMessage in C#?

UPDATE: I used

  1. FltSendMessage at driver to send message to service

  2. FilterGetMessage at service to get message from driver

==> But the message buffer is null although the status is success (status = 0)

What is not correct?

P/S: The message content is a file name.

1
kerneldriverminifilter
it is impossible to run directly application from kernel. you should make a thread or service as doing run application, and then the thread request a kernel driver, and wait until kernel driver fire the shared event, or complete pending IRP - reinhard v.z.
@reinhardv.z. Following you: I must make a service standing between minifilter driver and application. When some conditions is right, minifilter share event to service, then service start application. Is it right? <br/> Can you give more information about minifilter driver shared event or complete pending IRP? (I'm just a newbie). <br/><br/>Thank you very much. - GSP
maybe this article will help you .... inverted call model osronline.com/article.cfm?id=94 good luck - reinhard v.z.
@reinhardv.z. I'm using windows service to communicate between them. I could call application from windows service. How about communication between minifilter vs windows service? Thanks. - GSP

1 Answers

0
votes

Windows Minifilter has framework to send & receive message from a usermode application. Check this api: FilterSendMessage for more information on the communication mechanism. Using this, you can send notification to a user mode app to start an application.