Reading file in Kernel Mode

Question

I am building a driver and i want to read some files. Is there any way to use "ZwReadFile()" or a similar function to read the contents of the files line by line so that i can process them in a loop.

The documentation in MSDN states that :- ZwReadFile begins reading from the given ByteOffset or the current file position into the given Buffer. It terminates the read operation under one of the following conditions:

1. The buffer is full because the number of bytes specified by the Length parameter has been read. Therefore, no more data can be placed into the buffer without an overflow.
2. The end of file is reached during the read operation, so there is no more data in the file to be transferred into the buffer.

Thanks.

Answer 1

No, there is not. You'll have to create a wrapper to achieve what you want.

However, given that kernel mode code has the potential to crash the system rather than the process it runs in, you have to make sure that problems such as those known from usermode with very long lines etc will not cause issues.

If the amount of data is (and will stay) below the threshold of what registry values can hold, you should use that instead. In particular REG_MULTI_SZ which has the properties you are looking for ("line-wise" storage of data).