A forum for reverse engineering, OS internals and malware analysis 

How to force wake up thread (cannot use KeSetEvent)?

Forum for discussion about kernel-mode development.

How to force wake up thread (cannot use KeSetEvent)?

 #23610  by myid
 Wed Aug 13, 2014 5:30 pm
Hi, everyone. I have a stupid question.

Thread 1 in driver A call KeWaitForSingleObject to wait for something, and it is still waiting now, KeWaitForSingleObject does not return.
Thread 2 in driver B want to wake up Thread 1, it means that Thread 2 want KeWaitForSingleObject in Thread 1 return Immediately.
How to do that?

Re: How to force wake up thread (cannot use KeSetEvent)?

 #23631  by Vrtule
 Sun Aug 17, 2014 3:35 pm
Hello,

if you wrote the code for the thread 1 and want to wake it without singaling the "main" dispatcher object it is waiting for, you can create a special event object in order to "send" the wakeup request to the thread 1. The thread 1 then uses KewaitForMultipleObjects instead of KeWaitForSingleObject (it waits for the "main" object and for the special event object, in the WaitAny mode).

If you want to wakeup a thread that is waiting for a dispatcher object (it uses KeWaitForSingleObject/KeWaitForMultipleObject etc.) and that does not belong to you (you did not write its code), you can try to schedule a kernel APC to it. The target thread (thread 1 in your terminology) may execute the APC routines and than continues its waiting (the KeWaitForXXX call does not return). However, the thread 1 may have kernel APC delivery disabled so this approach might not work.

Try to describe your problem in more detail so we can come with a less general solution.

Re: How to force wake up thread (cannot use KeSetEvent)?

 #23632  by myid
 Mon Aug 18, 2014 1:15 am
Vrtule wrote:Hello,

if you wrote the code for the thread 1 and want to wake it without singaling the "main" dispatcher object it is waiting for, you can create a special event object in order to "send" the wakeup request to the thread 1. The thread 1 then uses KewaitForMultipleObjects instead of KeWaitForSingleObject (it waits for the "main" object and for the special event object, in the WaitAny mode).

If you want to wakeup a thread that is waiting for a dispatcher object (it uses KeWaitForSingleObject/KeWaitForMultipleObject etc.) and that does not belong to you (you did not write its code), you can try to schedule a kernel APC to it. The target thread (thread 1 in your terminology) may execute the APC routines and than continues its waiting (the KeWaitForXXX call does not return). However, the thread 1 may have kernel APC delivery disabled so this approach might not work.

Try to describe your problem in more detail so we can come with a less general solution.
Thanks! I will try to do it according to your word.
 Return to “Kernel-Mode Development”