Hi, I am working on a windows keyboard filter driver and I need to write to a file. I tried using zwcreate,zwwrite, and zwclose but the driver is not running at PASSIVE_LEVEL and I got the BSOD. I have never written a windows driver before. Thanks for the help!
EDIT: Thanks J. Passing!
Schedule workitems (IoAllocateWorkItem/IoQueueWorkItem) and handle all file I/O from within the workitem callback routines.
I'm not sure if it is a good idea to let the kernel driver write to a file in the first place. The best way to do that IMHO is to provide a user space program that communicates with the driver, gets the data and then writes it to disk.
This is true for Unix, but not for Windows.
A wonderful example for using Zw-Tools to write files from a device driver is Clandestiny's Klog found at rootkit.com. It is currently helping me a lot.
And well, I kinda agree with Johannes that it is not advisable to do classical userland-work (file/net/...-access) directly from a driver. Not only is it errorprone, it is also might break unforseeable in the future. User interfaces normally are much more steady and resilient.