What network library on what IRQL?

Question

I somewhat confused because I've read that "everything" should be possible at IRQL_PASSIVE, but I am not so sure whether this includes winsock2 or other userland libraries. My normal understanding would be to use the WSK interface. But it would be much more comfortable if I could use normal sockets.

As I am running into builder errors a lot while trying to include winsock I am a little unsure. And as searching documentation provides no authoritative answer, I'd like to state this as a question: What kind of libraries can I really access at IRQL_PASSIVE? Is the IRQL the only limiting parameter?

Answer 1

You cannot access (most) user land libraries from kernel mode. Either you get an kernel mode interface for that library, or you have to use a user mode service (inverted calls).

Winsock has a kernel interface, See this MSDN article.

The IRQL level determines which 'kernel-services' you can use. So for KeGetCurrentIrql() >= IRQL_DISPATCH you cannot depend on paging (This produces the IRQL_NOT_LESS_OR_EQUAL bugcheck) and cannot (should not?) call functions which use paging.

It does not prevent usage of libraries.