Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Disabling ( By disrupting it this way ) device

bdemirkolbdemirkol Member Posts: 12
edited February 4 in NTDEV

I want to disable some devices by using driver. I know this can be in user mode but i dont want discuss this case right now. Just i can say you user mode disabling is not safe enought. Users can abuse this approach. I attached some links. I realized a dlp application can disable as in screenshot. I think this is disrupting. Do you have any idea how can I do this as shown in screenshot?

https://imageupload.io/1txEEOUwdu.g

· Share on Facebook

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,301

    Sure. You write a filter driver that filters the device(s) you want to disable.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

    · Share on Facebook
  • bdemirkolbdemirkol Member Posts: 12

    If you send the code, I want to write it by looking at the code.

    Regards.

    · Share on Facebook
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,818

    If you send the code, I want to write it by looking at the code.

    That's not how this works. We don't write the code, YOU write the code. There are lots of examples of filter drivers in the WDK samples.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
  • MBond2MBond2 Member Posts: 276

    note that when Peter says 'disable by filtering' he does not mean that it will appear disabled in device manager. what he means is that you will render the device inoperable by failing the various IRPs before they get to the real device driver and the real hardware. In order to do this, you need to understand about the device stack(s) that you plan to attach to and how to identify the device instance(s) that you intend to cripple in this way. Be careful that you don't cripple too much as it is very easy to render the whole system inoperable in this way

    · Share on Facebook
  • bdemirkolbdemirkol Member Posts: 12

    @MBond2 said:
    note that when Peter says 'disable by filtering' he does not mean that it will appear disabled in device manager. what he means is that you will render the device inoperable by failing the various IRPs before they get to the real device driver and the real hardware. In order to do this, you need to understand about the device stack(s) that you plan to attach to and how to identify the device instance(s) that you intend to cripple in this way. Be careful that you don't cripple too much as it is very easy to render the whole system inoperable in this way

    Thank you for your detailed answer and suggestions. I will consider them.

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE

Categories