16.4.1.1 NT Driver Access to User-Space Memory
NT drivers cannot allocate user-space virtual memory because they run in kernel mode. An NT driver also cannot access memory through user-mode virtual addresses unless it is running in the context of the user-mode thread that caused the driver's current I/O operation and it is using that thread's virtual addresses.
Only highest-level NT drivers, such as FSDs, can be sure their Dispatch routines will be called in the context of such a user-mode thread. A highest-level driver can call MmProbeAndLockPages to lock down a user buffer before setting up an IRP for lower drivers.
NT device and intermediate drivers that set up their device objects for buffered or direct I/O, as described in the section on device objects in Chapter 3, can rely on the I/O Manager or a highest-level driver to pass valid access to locked-down user buffers or to system-space buffers in IRPs.