Allowed/forbidden library calls

OSR_Community_User · September 27, 2010, 9:21pm

Is there somewhere a nice explanation of the kind of API calls that may be used by a KMDF Filter driver, a minifilter, a UMDF driver?

For instance, may a KMDF driver call fprintf() on a file? (I think not)

What to use instead?

Gary_Little-3 · September 27, 2010, 10:42pm

If you are at PASSIVE_LEVEL you use you can use RtlStringCchPrintf. Look at
the RtlStringXxxx API for others. If you are above PASSIVE_LEVEL then your
best bet is to queue the data and schedule a worker thread. If you can’t do
that then you have to write your own functions.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hapax.qc.ca
Sent: Monday, September 27, 2010 7:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Allowed/forbidden library calls

Is there somewhere a nice explanation of the kind of API calls that may be
used by a KMDF Filter driver, a minifilter, a UMDF driver?

For instance, may a KMDF driver call fprintf() on a file? (I think not)

What to use instead?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

mm1 · September 27, 2010, 10:48pm

fprintf() - negative.

No FILE * operations of any kind in the kernel.

A KMDF driver may call any documented kmdf api(), as well as any documented kernel API that is documented valid for the particular driver type.

I really don’t know much about UMDF, but here’s my best guess. A UMDF driver may call any documented umdf api(). It may be allowed to call out to the Win32 API; I really don’t know, but because the umdf host process runs in the services desktop, there are minimally serious implications to this.

In practice, there’s a very simple way to determine whether it’s POSSIBLE (not necessarily the same thing as ALLOWED) to call any given API (assuming the headers are correct) - make sure that you are including the correct
header(s) and try to build it.

That being said, based on the fprintf() question, you appear to be new to this stuff, and I would recommend that you drop back and start with a sample appropriate for your type of driver, rather than worrying about what limits might be out there.

What type of driver - that is, type of hardware, software only, et. c. - are you considering writing?

Good luck,

mm

OSR_Community_User · September 27, 2010, 11:13pm

Mm,

I want to do a simple thing (well, in my mind) :

Disable all USB ports … [I know there are general setting, but…]
Except for flash drives having an appropriate serial number (appropriate as in those defined in a file supplied, hence my question about what is permissible).
This has to work on XP machine.

I’ve been told this is not possible at the UMDF level and that a filter is the way (I’m not sure it that meant minifilter or KMDF filter like the Toaster sample). Personally, I would prefer something at the UMDF level.

I have built a few samples (UMDF, minifilter, KMDF) and got them to install. That’s okay. But then I wondered what was available to me in KMDF and I noticed printf was undefined.

(I’m not really interested in printf in fact, but much more by reading a file and the USB device descriptor, I know some USB devices may not have a serial number apparently, this is not an issue).

mm1 · September 27, 2010, 11:25pm

Well, this is not really my thing, but as it is late, here’s what I feel
comfortable saying.

Lots of people want to do this. I don’t know what their respective
outcomes/paths have been, but I’d start by searching the archives for
something involving ‘disable usb serial number.’
I can say that a minifilter is not the answer. Minifilters are for file
systems; this has nothing to do with filesystems.
I don’t know whether you can do this with UMDF or not, but I seriously
doubt it…

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hapax.qc.ca
Sent: Monday, September 27, 2010 11:16 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Allowed/forbidden library calls

Mm,

I want to do a simple thing (well, in my mind) :

Disable all USB ports … [I know there are general setting, but…]
Except for flash drives having an appropriate serial number (appropriate
as in those defined in a file supplied, hence my question about what is
permissible).
This has to work on XP machine.

I’ve been told this is not possible at the UMDF level and that a filter is
the way (I’m not sure it that meant minifilter or KMDF filter like the
Toaster sample). Personally, I would prefer something at the UMDF level.

I have built a few samples (UMDF, minifilter, KMDF) and got them to install.
That’s okay. But then I wondered what was available to me in KMDF and I
noticed printf was undefined.

(I’m not really interested in printf in fact, but much more by reading a
file and the USB device descriptor, I know some USB devices may not have a
serial number apparently, this is not an issue).

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · September 27, 2010, 11:30pm

You can refer to <dontuse.h> file to find all supported CRL functions. You
can find the file in WDK.

2010/9/28

> Is there somewhere a nice explanation of the kind of API calls that may be
> used by a KMDF Filter driver, a minifilter, a UMDF driver?
>
> For instance, may a KMDF driver call fprintf() on a file? (I think not)
>
> What to use instead?
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></dontuse.h>

Tim_Roberts · September 28, 2010, 2:01pm

xxxxx@hapax.qc.ca wrote:

Is there somewhere a nice explanation of the kind of API calls that may be used by a KMDF Filter driver, a minifilter, a UMDF driver?

For instance, may a KMDF driver call fprintf() on a file? (I think not)

What to use instead?

Well, the question is a little awkward. The Windows kernel environment
is, in some ways (and by design), an entirely different operating system
from the Windows user environment. The familiar Win32 API, for example,
is a user-mode concept.

Kernel drivers rarely work with files (as a consumer). When they do,
they don’t use the C run-time library. There are specific tools in the
kernel API for that (ZwCreateFile and friends). There is an
implementation of the C run-time library for kernel drivers, but it
doesn’t include file I/O.

UMDF is a more relaxed environment. It has its own API, provided by
UMDF, but it also has access to much of the Win32 API.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Alex_Grig · September 28, 2010, 2:09pm

There are simple ways to prevent non-administrative installation of USB flash devices. They are documented in MS KludgeBase. They work on XP, too.

They require that the users don’t have administrative privileges.

Yes, if you want security, the users should not have administrative privileges. Period.