How to map caller memory in a Windows CE device driver past the end of a call to XXX_IOControl?

Question

I'm implementing a ioctl in a Windows CE device driver that takes a pointer to a large chunk of application memory to perform asynchronous I/O initiated through an application call to DeviceIoControl.

When using MapCallerPtr(), the pointer gets unmapped when the XXX_IOControl function returns; when the pointer is used in the IST it is no longer mapped leading to a crash.

What is the best way to map the pointer beyond the end of the call to XXX_IOControl? The application guarantees that the memory will remain valid until it has received an indication from the driver that the driver has finished with it.

This is on Windows CE 5.0.

Answer 1

Answering my own question:

In XXX_IOControl, map the pointer using MapPtrToProcess() and save the thread's permissions using GetCurrentPermissions(). In the thread that will use the mapped pointer, call SetProcPermissions() with the saved return value from GetCurrentPermissions(), dereference pointers, and then restore the thread permissions when finished.

DWORD saved_perms = SetProcPermissions(caller_perms);
... Do stuff ...
SetProcPermissions(saved_perms);