hello,
i write a hook driver that hook the driver \Driver\Disk,and modify
the IRP_MJ_PNP below:
NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP
Irp)
{
NTSTATUS status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}
to do this i can prevent the system insert new usb disk(system can not
add disk),and this is done,but have a problem:
before the driver start,i have already inserted a usb disk,and then
start the driver,now if pull out the usb disk forcely(the system can not
unload the disk because of the func above),then bluescreen occured,what is
the matter?who can give me some introduce?
Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
It will be better if you hook the usbhub driver or disk class drive and
remove your disk device object( or objects ) from array of PDOs returned in
response to IRP_MJ_PNP - IRP_MN_QUERY_DEVICE_RELATION -BusRelation request.
“shark mouse” wrote in message news:xxxxx@ntdev…
> hello,
> i write a hook driver that hook the driver \Driver\Disk,and modify
> the IRP_MJ_PNP below:
> NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP
> Irp)
> {
> NTSTATUS status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Information = 0; IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return status; }
> to do this i can prevent the system insert new usb disk(system can not
> add disk),and this is done,but have a problem:
> before the driver start,i have already inserted a usb disk,and then
> start the driver,now if pull out the usb disk forcely(the system can not
> unload the disk because of the func above),then bluescreen occured,what is
> the matter?who can give me some introduce?
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
- I hope that by “hooking” you mean “attach a filter”.
- Bad advice, you should never remove PDOs from the QDR.
If failing only USB disks (and not other USB devices) is your purpose, I
would attach a disk filter, send IOCTL_STORAGE_QUERY_PROPERTY for
StorageAdapterProperty to the disk, and fail IRP_MN_STRT_DEVICE if it
returns BusTypeUsb.
Notice that this method probably leaves the “USB Mass Storage Device” open
for direct SCSI control, but it?s the only way I can think of that this can
be implemented without getting into a very difficult project of writing a
bus filter driver for the USB bus.
Shahar
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Slava Imameyev
Sent: Wednesday, June 29, 2005 11:04 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] about the bluescreen in my hook driver?
It will be better if you hook the usbhub driver or disk class drive and
remove your disk device object( or objects ) from array of PDOs returned in
response to IRP_MJ_PNP - IRP_MN_QUERY_DEVICE_RELATION -BusRelation request.
“shark mouse” wrote in message news:xxxxx@ntdev…
> hello,
> i write a hook driver that hook the driver \Driver\Disk,and
> modify the IRP_MJ_PNP below:
> NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN
> PIRP
> Irp)
> {
> NTSTATUS status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED; IoStatus.Information = 0;
> Irp->IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return status; }
> to do this i can prevent the system insert new usb disk(system can
> not add disk),and this is done,but have a problem:
> before the driver start,i have already inserted a usb disk,and then
> start the driver,now if pull out the usb disk forcely(the system can
> not unload the disk because of the func above),then bluescreen
> occured,what is the matter?who can give me some introduce?
>
> _________________________________________________________________
> ??? MSN Explorer: http://explorer.msn.com/lccn
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
I agree with you. You are right.
But for some drivers it is possible to delete drivers from PDOs array for
BusRelation.
Usbstor driver removes all PDOs for FDO in USBSTOR_FdoRemoveDevice when it
receives IRP_MN_REMOVE_DEVICE.
USBSTOR driver removes PDO using IoDeleteDevice if system does not send
IRP_MN_REMOVE_DEVICE for this PDO.
And in DDK you can read “According to the PnP IRP rules, such a driver can
add PDOs to the IRP on its way down the stack and/or modify the relations
list on the IRP’s way back up the stack (in IoCompletion routines).”
“Shahar Talmi” wrote in message news:xxxxx@ntdev…
1) I hope that by “hooking” you mean “attach a filter”.
2) Bad advice, you should never remove PDOs from the QDR.
If failing only USB disks (and not other USB devices) is your purpose, I
would attach a disk filter, send IOCTL_STORAGE_QUERY_PROPERTY for
StorageAdapterProperty to the disk, and fail IRP_MN_STRT_DEVICE if it
returns BusTypeUsb.
Notice that this method probably leaves the “USB Mass Storage Device” open
for direct SCSI control, but it’s the only way I can think of that this can
be implemented without getting into a very difficult project of writing a
bus filter driver for the USB bus.
Shahar
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Slava Imameyev
Sent: Wednesday, June 29, 2005 11:04 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] about the bluescreen in my hook driver?
It will be better if you hook the usbhub driver or disk class drive and
remove your disk device object( or objects ) from array of PDOs returned in
response to IRP_MJ_PNP - IRP_MN_QUERY_DEVICE_RELATION -BusRelation request.
“shark mouse” wrote in message news:xxxxx@ntdev…
> hello,
> i write a hook driver that hook the driver \Driver\Disk,and
> modify the IRP_MJ_PNP below:
> NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN
> PIRP
> Irp)
> {
> NTSTATUS status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED; IoStatus.Information = 0;
> Irp->IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return status; }
> to do this i can prevent the system insert new usb disk(system can
> not add disk),and this is done,but have a problem:
> before the driver start,i have already inserted a usb disk,and then
> start the driver,now if pull out the usb disk forcely(the system can
> not unload the disk because of the func above),then bluescreen
> occured,what is the matter?who can give me some introduce?
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
It would be better if he did not hook anything. There is no good reason to
‘hook’ pnp device stacks.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Slava Imameyev
Sent: Wednesday, June 29, 2005 5:04 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] about the bluescreen in my hook driver?
It will be better if you hook the usbhub driver or disk
class drive and remove your disk device object( or objects )
from array of PDOs returned in response to IRP_MJ_PNP -
IRP_MN_QUERY_DEVICE_RELATION -BusRelation request.
“shark mouse” wrote in message
> news:xxxxx@ntdev…
> > hello,
> > i write a hook driver that hook the driver \Driver\Disk,and
> > modify the IRP_MJ_PNP below:
> > NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN
> > PIRP
> > Irp)
> > {
> > NTSTATUS status = STATUS_ACCESS_DENIED;
> > Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
> IoStatus.Information = 0;
> > Irp->IoCompleteRequest( Irp, IO_NO_INCREMENT );
> >
> > return status; }
> > to do this i can prevent the system insert new usb
> disk(system can
> > not add disk),and this is done,but have a problem:
> > before the driver start,i have already inserted a usb
> disk,and then
> > start the driver,now if pull out the usb disk forcely(the
> system can
> > not unload the disk because of the func above),then bluescreen
> > occured,what is the matter?who can give me some introduce?
> >
> > _________________________________________________________________
> > ??? MSN Explorer: http://explorer.msn.com/lccn
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@hollistech.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
The matter is ultimately that you are hooking dispatch routines rather than filtering devices. You have violated various rules for PnP filter/function drivers. Your approach is not going to work.
If you want specific help on a system crash (BSOD) posting the output from windbg ‘!analyze -v’ is required.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of shark mouse
Sent: Wednesday, June 29, 2005 1:06 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] about the bluescreen in my hook driver?
hello,
i write a hook driver that hook the driver
\Driver\Disk,and modify the IRP_MJ_PNP below:
NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT
DeviceObject, IN PIRP
Irp)
{
NTSTATUS status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}
to do this i can prevent the system insert new usb
disk(system can not add disk),and this is done,but have a problem:
before the driver start,i have already inserted a usb
disk,and then start the driver,now if pull out the usb disk
forcely(the system can not unload the disk because of the
func above),then bluescreen occured,what is the matter?who
can give me some introduce?
免费下载 MSN Explorer: http://explorer.msn.com/lccn
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
yes,i just want to hook irp dispatch,and not a filter driver.
but now i can hook the driver usbhub and only deal with the
IRP_MJ_PNP,and i success,usb disk can not added by system,and not occur
blue screen.
but still have a problem,that is if a usb disk is added before and then
i hook the usbhub ,now i pull out the disk then i insert the disk next time
,the system can not added the disk?
in order to resolve this problem,i use the following way:
NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP
Irp)
{
NTSTATUS status = STATUS_ACCESS_DENIED;
if (DeviceObject->DeviceType == 0x22)
{
//going to its normal dispatch //important ***
}
else
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
}
return status;
}
but i do not know why ?who can tell me?and the DeviceType means what?
thanks.
ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£ http://www.hotmail.com
While the docs say that you can modify the relations on the way back up, it means that you can add new PDOs to the list. Removing existing ones is a real bad idea ™. Once a driver thinks that a PDO has been reported to the OS, a whole new PNP state machine must take over the lifetime of the PDO and there are many new rules that govern when it can be deleted. Removing the PDO from the list blows those assumptions away. Yes, usbstor deletes the PDO during FDO removal, but that is b/c it is allowed by the pnp state machine for a PDO. You will break other behaviors though.
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Slava Imameyev
Sent: Wednesday, June 29, 2005 4:46 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] about the bluescreen in my hook driver?
I agree with you. You are right.
But for some drivers it is possible to delete drivers from PDOs array for
BusRelation.
Usbstor driver removes all PDOs for FDO in USBSTOR_FdoRemoveDevice when it
receives IRP_MN_REMOVE_DEVICE.
USBSTOR driver removes PDO using IoDeleteDevice if system does not send
IRP_MN_REMOVE_DEVICE for this PDO.
And in DDK you can read “According to the PnP IRP rules, such a driver can
add PDOs to the IRP on its way down the stack and/or modify the relations
list on the IRP’s way back up the stack (in IoCompletion routines).”
“Shahar Talmi” wrote in message news:xxxxx@ntdev…
1) I hope that by “hooking” you mean “attach a filter”.
2) Bad advice, you should never remove PDOs from the QDR.
If failing only USB disks (and not other USB devices) is your purpose, I
would attach a disk filter, send IOCTL_STORAGE_QUERY_PROPERTY for
StorageAdapterProperty to the disk, and fail IRP_MN_STRT_DEVICE if it
returns BusTypeUsb.
Notice that this method probably leaves the “USB Mass Storage Device” open
for direct SCSI control, but it’s the only way I can think of that this can
be implemented without getting into a very difficult project of writing a
bus filter driver for the USB bus.
Shahar
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Slava Imameyev
Sent: Wednesday, June 29, 2005 11:04 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] about the bluescreen in my hook driver?
It will be better if you hook the usbhub driver or disk class drive and
remove your disk device object( or objects ) from array of PDOs returned in
response to IRP_MJ_PNP - IRP_MN_QUERY_DEVICE_RELATION -BusRelation request.
“shark mouse” wrote in message news:xxxxx@ntdev…
> hello,
> i write a hook driver that hook the driver \Driver\Disk,and
> modify the IRP_MJ_PNP below:
> NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN
> PIRP
> Irp)
> {
> NTSTATUS status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED; IoStatus.Information = 0;
> Irp->IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return status; }
> to do this i can prevent the system insert new usb disk(system can
> not add disk),and this is done,but have a problem:
> before the driver start,i have already inserted a usb disk,and then
> start the driver,now if pull out the usb disk forcely(the system can
> not unload the disk because of the func above),then bluescreen
> occured,what is the matter?who can give me some introduce?
>
> _________________________________________________________________
> ??? MSN Explorer: http://explorer.msn.com/lccn
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
shark mouse wrote:
but i do not know why ?who can tell me?and the DeviceType means what?
thanks.
Mr. Mouse,
I am increasingly uncomfortable with your questions on this forum, and
with your lack of answers to specific questions from other forum members.
Please do not post any more questions to NTDEV or NTFSD.
If you have questions, please post them to one of the OTHER Windows
driver newsgroups… not a group sponsored by OSR.
This is not a hackers forum. It is a forum for professional Windows
system software developers.
Let’s not make this unpleasant. Please delete your membership from this
list and do not rejoin. Thank you for your cooperation.
Peter
Semi-Retired Senior Distinguished List Slave
Stupid idea. Use the DiskPerf-based filter instead.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “shark mouse”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, June 29, 2005 9:05 AM
Subject: [ntdev] about the bluescreen in my hook driver?
> hello,
> i write a hook driver that hook the driver \Driver\Disk,and modify
> the IRP_MJ_PNP below:
> NTSTATUS DriverObjectDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP
> Irp)
> {
> NTSTATUS status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
> Irp->IoStatus.Information = 0;
> IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return status;
> }
> to do this i can prevent the system insert new usb disk(system can not
> add disk),and this is done,but have a problem:
> before the driver start,i have already inserted a usb disk,and then
> start the driver,now if pull out the usb disk forcely(the system can not
> unload the disk because of the func above),then bluescreen occured,what is
> the matter?who can give me some introduce?
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com