May 28, 2010

access user task stack from kernel control path


for a research project I need to access the kernel stack of a suspended process from the kernel control path. Furthermore I need to search the user stack of that process. I know that through the SAVE_ALL macro all register values (ss, esp, eflags ... ecx and ebx) are saved on the kernel task stack. Now I need to know how to access the user stack of a process with the combination of ss and esp values if the task is suspended or maybe paged. Can anybody tell me how the address translation is performed using ss and esp? I will appreciate it if anybody can help me.

Best regards

Click Here!