METHOD_OUT_DIRECT is intended for use as output, OR as input AND output. This is by design.

It’s not a hack, it’s not a loophole, its not a coincidence that it works, it’s not a risk. It’s by design. As Mr. Roddy clearly said this is a “standard practice.” As Mr. Roberts said this will “NEVER change” until we’ve all switched to running on Fuchsia or something.

Peter

If you really, truly, mean just CDROM type devices, I would probably start by trying an upper filter of CDROM.SYS

And I'd write it using KMDF, not WDM as you are implying.

I'd experiment about which, specific, operations (read? write? specific IOCTLs?) that I block or allow so that I get the exact behavior I seek.

Peter

I just inserted your exact code into one of my test apps, and CheckInputType gets called several dozen times before the connection is rejected. Perhaps you should use OutputDebugString instead of relying on breakpoints.

@Scott_Noone_(OSR) , Not reliably I guess. It has been reported to happen after several hundred or even thousands of iterations of hibernate cycles.
Further, this is on a customer's setup. So, I don't think I can take the approach to keep reducing functionality until problem is found. i.e. not feasible for customer to run so many patches in worst case.

But I am also trying to replicate this in my internal setup. Not been successful so far. But will consider your approach if issue gets repro'd.

@Peter_Viscarola_(OSR) I had missed part of the initialization sequence. A command packet instructs the board (there is no manual) to change the interrupt frequency. The driver was working as expected, but the 9054 board was not properly configured. In the DOS driver it was intentionally commanded to a maximum delay to allow the initialization to complete then later changed to the desired frequency. I was seeing that maximum delay, which was why it was so consistent and not at all random.

@Tim_Roberts I did measure the granularity and got 1.0E7.
' DbgPrint("Perf Counter Ticks Per Second = %d:%d", tps.HighPart, tps.LowPart); '
returned '= 0:10000000'
- I wasn't very clear about how I got the 10Mhz / 100ns numbers

Sort of. You CAN create a DirectShow source filter that reads from a web camera, does some manipulations, and offers it as a separate video source. However, some video-consuming applications (Skype chiefly among them) will only connect to camera devices backed by a kernel driver. So, the concept works in most circumstances, but not 100%.

The same is not true of audio.

Just because Microsoft said that Directshow is obsolete...

No, Microsoft said that DirectShow is "deprecated", which is a word that has virtually no meaning. It's still alive and vibrant. Video For Windows and the waveIn and waveOut APIs have been deprecated for decades. They still work exactly like they did in 1994.

MF support more kinds of video format.

I have heard that said before. I've never found an example.

Now, let's be honest, I'm just being obstinate. I fully understand that some companies do not want to fund efforts on a technology that is not the latest, shiny model with finely polished chrome. I happen to be a huge fan of DirectShow (designed in 1994 and still alive and functional in 2021).

This post from 2016 (https://alax.info/blog/1626) says that it's not possible to build a virtual camera in MF. Apparently, the registry magic that works for DShow doesn't work with MF.