NtLockVirtualMemory is not exported in kernel mode, you cannot link to it.
By specifying ntdll as your target lib, you are asking your driver to
resolve an import from ntdll.dll, not the kernel image. So yes, your driver
will never load. If you are looking to lock a particular page, check out
MmProbeAndLockPages. This will do exactly what you need. Make sure you
unlock before the process terminates though, or you will be the recipient of
bugcheck 0x76.
Hope that helps,
Carly
> I couldnt find the solution to this anywhere. I am writing a kernel
> mode driver that needs to lock a particular page of an user-mode
> process (since I dont have the source for this, I can't use API calls
> from within the user-space process) so that it doesn't get paged out.
> I am using ZwLockVirtualMemory on WinXP SP2 this way:
> ntStatus = ZwLockVirtualMemory((HANDLE)-1, &tmp_base, &tmp_size,
> LOCK_VM_IN_WSL | LOCK_VM_IN_RAM);
> and declared as:
> NTSYSAPI
> NTSTATUS
> NTAPI
> ZwLockVirtualMemory(
> IN HANDLE,
> IN OUT PVOID,
> IN OUT PULONG,
> IN ULONG);
> My SOURCES file is:
> TARGETNAME=mydriver
> TARGETPATH=BIN
> TARGETTYPE=DRIVER
> TARGETLIBS=$(DDK_LIB_PATH)\ntdll.lib
> SOURCES= driver.c
> Initially, I was getting linker unresolved symbol errors for the
> _ZwLockVirtualMemory symbol, so I had to add ntdll.lib to the
> TARGETLIBS variable. Then when I do a "build" (without any parameters),
> it doesn't complain at link time anymore.
> However, the driver doesnt even *load* if the ZwLockVirtualMemory
> function is compiled it. If I comment it out, and then load the driver
> with the rest of the symbols (including ones like
> ZwAllocateVirtualMemory etc), it loads just fine. The load fails at
> "StartServiceA()" call.. it returns with (from GetLastError):
> "ERROR_PROC_NOT_FOUND 127 The specified procedure could not be found."
> Could someone please let me know how to declare, define, compile, link,
> load ZwLockVirtualMemory() on WinXP SP2 so that I dont have this issue
> anymore?
> Thanks!
>