Hello people,
I have an NtReadFile hook sample program for my learning purposes and already tested it and works fine. I just have a wierd problem when Apple iTunes application is executed. In my driver program, the iTunes application just terminates when my hook NtReadFile hook driver executes the ApcRoutine on my code. The prototype of the NtReadFile API is this:
NtReadFile( IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL );
In my hook driver program, if ApcRoutine and ApcContext is not Null and also the Event is NULL, I just executed the ApcRoutine like this:
ApcRoutine(ApcContext, IoStatusBlock, 0);
And now, when playing mp3 file on my iTunes, I just skip the execution of ApcRoutine 3 times just to cover the error but I know it’s not the best solution. I also observed that Executing ApcRoutine while playing mp3 on iTunes after 3 times will not cause the iTunes application to terminate.
Did I missed something on my code that causes the iTunes to abnormally terminate when ApcRoutine is executed? I really have no idea on what ApcRoutine is all about. Please enlighten me about this.
Thanks,
xyberblue
Call Apple and ask them how to bypass their copy protection and DRM.
wrote in message news:xxxxx@ntdev…
> Hello people,
>
> I have an NtReadFile hook sample program for my learning purposes and
> already tested it and works fine. I just have a wierd problem when Apple
> iTunes application is executed. In my driver program, the iTunes
> application just terminates when my hook NtReadFile hook driver executes
> the ApcRoutine on my code. The prototype of the NtReadFile API is this:
>
> NtReadFile( IN HANDLE FileHandle,
> IN HANDLE Event OPTIONAL,
> IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
> IN PVOID ApcContext OPTIONAL,
> OUT PIO_STATUS_BLOCK IoStatusBlock,
> OUT PVOID Buffer,
> IN ULONG Length,
> IN PLARGE_INTEGER ByteOffset OPTIONAL,
> IN PULONG Key OPTIONAL );
>
> In my hook driver program, if ApcRoutine and ApcContext is not Null and
> also the Event is NULL, I just executed the ApcRoutine like this:
>
> ApcRoutine(ApcContext, IoStatusBlock, 0);
>
> And now, when playing mp3 file on my iTunes, I just skip the execution of
> ApcRoutine 3 times just to cover the error but I know it’s not the best
> solution. I also observed that Executing ApcRoutine while playing mp3 on
> iTunes after 3 times will not cause the iTunes application to terminate.
>
> Did I missed something on my code that causes the iTunes to abnormally
> terminate when ApcRoutine is executed? I really have no idea on what
> ApcRoutine is all about. Please enlighten me about this.
>
> Thanks,
> xyberblue
>
Anybody here knows what’s that ApcRoutine is for? I know it’s a
callback that’s being provided by NtReadFile but Im just wondering why
when executing that one on earlier phase of loading the iTunes will
cause the application to terminate.
On Tue, Mar 4, 2008 at 3:52 PM, Martin O’Brien
wrote:
> Pretty much.
>
>
>
>
> David Craig wrote:
> > Call Apple and ask them how to bypass their copy protection and DRM.
> >
> > wrote in message news:xxxxx@ntdev…
> >> Hello people,
> >>
> >> I have an NtReadFile hook sample program for my learning purposes and
> >> already tested it and works fine. I just have a wierd problem when Apple
> >> iTunes application is executed. In my driver program, the iTunes
> >> application just terminates when my hook NtReadFile hook driver executes
> >> the ApcRoutine on my code. The prototype of the NtReadFile API is this:
> >>
> >> NtReadFile( IN HANDLE FileHandle,
> >> IN HANDLE Event OPTIONAL,
> >> IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
> >> IN PVOID ApcContext OPTIONAL,
> >> OUT PIO_STATUS_BLOCK IoStatusBlock,
> >> OUT PVOID Buffer,
> >> IN ULONG Length,
> >> IN PLARGE_INTEGER ByteOffset OPTIONAL,
> >> IN PULONG Key OPTIONAL );
> >>
> >> In my hook driver program, if ApcRoutine and ApcContext is not Null and
> >> also the Event is NULL, I just executed the ApcRoutine like this:
> >>
> >> ApcRoutine(ApcContext, IoStatusBlock, 0);
> >>
> >> And now, when playing mp3 file on my iTunes, I just skip the execution of
> >> ApcRoutine 3 times just to cover the error but I know it’s not the best
> >> solution. I also observed that Executing ApcRoutine while playing mp3 on
> >> iTunes after 3 times will not cause the iTunes application to terminate.
> >>
> >> Did I missed something on my code that causes the iTunes to abnormally
> >> terminate when ApcRoutine is executed? I really have no idea on what
> >> ApcRoutine is all about. Please enlighten me about this.
> >>
> >> Thanks,
> >> xyberblue
> >>
> >
> >
> >
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
–
If you want to become somebody
Display your best ability
My guess is nobody here is going to help you hack itunes, but that is only a
guess.
On Tue, Mar 4, 2008 at 8:33 PM, Xyber Blue wrote:
> Anybody here knows what’s that ApcRoutine is for? I know it’s a
> callback that’s being provided by NtReadFile but Im just wondering why
> when executing that one on earlier phase of loading the iTunes will
> cause the application to terminate.
>
> On Tue, Mar 4, 2008 at 3:52 PM, Martin O’Brien
> wrote:
> > Pretty much.
> >
> >
> >
> >
> > David Craig wrote:
> > > Call Apple and ask them how to bypass their copy protection and DRM.
> > >
> > > wrote in message news:xxxxx@ntdev…
> > >> Hello people,
> > >>
> > >> I have an NtReadFile hook sample program for my learning purposes
> and
> > >> already tested it and works fine. I just have a wierd problem when
> Apple
> > >> iTunes application is executed. In my driver program, the iTunes
> > >> application just terminates when my hook NtReadFile hook driver
> executes
> > >> the ApcRoutine on my code. The prototype of the NtReadFile API is
> this:
> > >>
> > >> NtReadFile( IN HANDLE FileHandle,
> > >> IN HANDLE Event OPTIONAL,
> > >> IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
> > >> IN PVOID ApcContext OPTIONAL,
> > >> OUT PIO_STATUS_BLOCK IoStatusBlock,
> > >> OUT PVOID Buffer,
> > >> IN ULONG Length,
> > >> IN PLARGE_INTEGER ByteOffset OPTIONAL,
> > >> IN PULONG Key OPTIONAL );
> > >>
> > >> In my hook driver program, if ApcRoutine and ApcContext is not Null
> and
> > >> also the Event is NULL, I just executed the ApcRoutine like this:
> > >>
> > >> ApcRoutine(ApcContext, IoStatusBlock, 0);
> > >>
> > >> And now, when playing mp3 file on my iTunes, I just skip the
> execution of
> > >> ApcRoutine 3 times just to cover the error but I know it’s not the
> best
> > >> solution. I also observed that Executing ApcRoutine while playing
> mp3 on
> > >> iTunes after 3 times will not cause the iTunes application to
> terminate.
> > >>
> > >> Did I missed something on my code that causes the iTunes to
> abnormally
> > >> terminate when ApcRoutine is executed? I really have no idea on what
> > >> ApcRoutine is all about. Please enlighten me about this.
> > >>
> > >> Thanks,
> > >> xyberblue
> > >>
> > >
> > >
> > >
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >
>
>
>
> –
> If you want to become somebody
> Display your best ability
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy
I think, understanding the ApcRoutine is my key here to solve this problem. I know ApcRoutine is a callback from userspace application that calls NtReadFile API with ApcRoutine and ApcContext input.
Im thinking of other method of executing the ApcRoutine but in kernel mode. I think the ApcRoutine should have equivalent way to be executed in kernel mode. But currently, I had no specific information yet about this. If someone here has knowledge of this one, please enlighten me.
Hello,
Thank you for the suggestions on the problem I raised. I now solved
the problem after doing a series of experimentation. For the benefit
of those who will encounter the same error as i did, the topic I
raised is something todo with the APC Handling. It was my bad that I
execute directly the ApcRoutine on my code which was not good. My fix
involves sending the ApcRoutine to APC QUEUE. Here is my reference:
http://www.cmkrnl.com/arc-userapc.html
Thank you again, and hope to hear from you more.
xyber
On Wed, Mar 5, 2008 at 11:13 AM, wrote:
> I think, understanding the ApcRoutine is my key here to solve this problem. I know ApcRoutine is a callback from userspace application that calls NtReadFile API with ApcRoutine and ApcContext input.
> Im thinking of other method of executing the ApcRoutine but in kernel mode. I think the ApcRoutine should have equivalent way to be executed in kernel mode. But currently, I had no specific information yet about this. If someone here has knowledge of this one, please enlighten me.
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
–
If you want to become somebody
Display your best ability