xxxxx@HOTMAIL.COM wrote:
in “portmon” There is a system file. but that does not seems to be an Filter Driver as far as i have reverse engineered the driver.
The word “filter driver” is overloaded (multiple times) in the kernel
environment. It is not a PnP filter driver, in that it is not installed
using the UpperFilters register key, but it certainly IS a “filter
driver” in the purest sense. It attaches itself manually. Portmon goes
back a very, very, very long time.
I wanna develop something from scratch. i wanna monitor serial port and modify traffic.
That’s not hard, but you need to stop thinking about it as a “serial
port driver”. Your task is to write a filter driver to capture and
modify IRP_MJ_READ and IRP_MJ_WRITE requests. With KMDF, that’s a piece
of cake – a few hundred lines of code at most. You won’t be working
with anything serial-related at all. You can start from virtually ANY
filter driver – the “toaster” sample in the WDK is a good start.
You’ll need DriverEntry, DeviceAdd, EvtIoRead and EvtIoWrite, and that’s
probably the total extent of your driver.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.