blocking the system in kernel mode.

I’d do some work to block the whole system,as if it is dead,including the
kernel.when specified event occurs, it comes back to life. Just like the
SoftIce debug window. Can anybody give some help ? any link will be
welcome.

You’re going to have to define “specified event.” Running kernel code at a high
IRQL on all CPUs would produce the general effect, but if “specified event” were
to comprise something arriving over the network, there’s not going to be
anything running to recognize the event. That is, you may be asking to stop
everything except processing for your desired event, but there may not be a way
to restrict the effects to everything except what’s needed.

Ming wrote:

I’d do some work to block the whole system,as if it is dead,including the
kernel.when specified event occurs, it comes back to life. Just like the
SoftIce debug window. Can anybody give some help ? any link will be
welcome.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

Add this to the long list of products that I will never, ever buy or
authorize use of.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
Sent: Thursday, December 18, 2003 10:32 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

You’re going to have to define “specified event.” Running kernel code at
a high IRQL on all CPUs would produce the general effect, but if
“specified event” were to comprise something arriving over the network,
there’s not going to be anything running to recognize the event. That
is, you may be asking to stop everything except processing for your
desired event, but there may not be a way to restrict the effects to
everything except what’s needed.

Ming wrote:

I’d do some work to block the whole system,as if it is dead,including
the kernel.when specified event occurs, it comes back to life. Just
like the SoftIce debug window. Can anybody give some help ? any link
will be welcome.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@sublinear.org To
unsubscribe send a blank email to xxxxx@lists.osr.com

It’s called a “debugger”. If you have a better way, hey, more power to you.

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Arlie Davis
Sent: Thursday, December 18, 2003 10:58 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

Add this to the long list of products that I will never, ever buy or
authorize use of.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
Sent: Thursday, December 18, 2003 10:32 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

You’re going to have to define “specified event.” Running kernel code at
a high IRQL on all CPUs would produce the general effect, but if
“specified event” were to comprise something arriving over the network,
there’s not going to be anything running to recognize the event. That
is, you may be asking to stop everything except processing for your
desired event, but there may not be a way to restrict the effects to
everything except what’s needed.

Ming wrote:

I’d do some work to block the whole system,as if it is dead,including
the kernel.when specified event occurs, it comes back to life. Just
like the SoftIce debug window. Can anybody give some help ? any link
will be welcome.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@sublinear.org To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

I’m obviously not going to tell people how we do it, but both our SoftICEs
and our BoundsChecker do that as a matter of fact.

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of James Antognini
Sent: Thursday, December 18, 2003 10:32 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

You’re going to have to define “specified event.” Running kernel code at a
high
IRQL on all CPUs would produce the general effect, but if “specified event”
were
to comprise something arriving over the network, there’s not going to be
anything running to recognize the event. That is, you may be asking to stop
everything except processing for your desired event, but there may not be a
way
to restrict the effects to everything except what’s needed.

Ming wrote:

I’d do some work to block the whole system,as if it is dead,including the
kernel.when specified event occurs, it comes back to life. Just like the
SoftIce debug window. Can anybody give some help ? any link will be
welcome.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

An interseting approach I’ve seen and definitely I’m way too off here is to
use halt instructions with some interrupts are armed, this is the way most
of the PDA does the hybernation, which is essentially turing the battery
drain off too … Man, for me, lot to learn …

Happy holidays to everyone on this list !

-prokash

----- Original Message -----
From: “Moreira, Alberto”
To: “Windows System Software Devs Interest List”
Sent: Thursday, December 18, 2003 8:58 AM
Subject: [ntdev] Re: blocking the system in kernel mode.

> It’s called a “debugger”. If you have a better way, hey, more power to
you.
>
> Alberto.
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Arlie Davis
> Sent: Thursday, December 18, 2003 10:58 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> Add this to the long list of products that I will never, ever buy or
> authorize use of.
>
> – arlie
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
> Sent: Thursday, December 18, 2003 10:32 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> You’re going to have to define “specified event.” Running kernel code at
> a high IRQL on all CPUs would produce the general effect, but if
> “specified event” were to comprise something arriving over the network,
> there’s not going to be anything running to recognize the event. That
> is, you may be asking to stop everything except processing for your
> desired event, but there may not be a way to restrict the effects to
> everything except what’s needed.
>
> Ming wrote:
>
> > I’d do some work to block the whole system,as if it is dead,including
> > the kernel.when specified event occurs, it comes back to life. Just
> > like the SoftIce debug window. Can anybody give some help ? any link
> > will be welcome.
>
> –
> If replying by e-mail, please remove “nospam.” from the address.
>
> James Antognini
> Windows DDK MVP
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Not your debugger. The broken encryption system.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Thursday, December 18, 2003 11:58 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

It’s called a “debugger”. If you have a better way, hey, more power to
you.

Alberto.

Some bosses with marketing background are sheer idiots.

I think they consider that a non-trivial feature (like spitting message
boxes from the kernel) will attract the customer’s attention, and neglect the
fact that the feature is clumsy to use, provides nothing really valuable, and
causes and itching desire to switch it off.

Any cases when something must be drawn on the GUI screen from the kernel
mode driver are such, for instance. Any cases when a firewall author would like
to spit a dialog at user’s face on packet arrival, and then wait for user’s
decision on whether to allow it is the same.

The psychologist would call this style - attracting attention at the cost
of lesser reliability, usability and no functionality - to be hysteroid :-).
Sorry, I prefer paranoid products

Given the situation with Chinese, Indian and to large degree Russian
offshore companies, where programmers have no voice at all, being treated as
servants of their bosses, and bosses made their initial money on pyramids or
such and know nothing on programming, but are very, very arrogant - such
development styles are not so surprising.

Off-shore the task to such a company - and you will have poor contact with
poor tech people (since yes, ICQ and MSN are banned there due to itching desire
of the boss to impose itself as a Man Of Power), at least 2 days turnaround
time for discussing trivial open issues (too many people on different pyramid
levels to review and approve the communication flow with you), but lots of MS
Project Gantt diagrams and other “business-like” explanations on “why we cannot
do what you want, and even cannot understand what you want”.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Arlie Davis”
To: “Windows System Software Devs Interest List”
Sent: Thursday, December 18, 2003 6:58 PM
Subject: [ntdev] Re: blocking the system in kernel mode.

> Add this to the long list of products that I will never, ever buy or
> authorize use of.
>
> – arlie
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
> Sent: Thursday, December 18, 2003 10:32 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> You’re going to have to define “specified event.” Running kernel code at
> a high IRQL on all CPUs would produce the general effect, but if
> “specified event” were to comprise something arriving over the network,
> there’s not going to be anything running to recognize the event. That
> is, you may be asking to stop everything except processing for your
> desired event, but there may not be a way to restrict the effects to
> everything except what’s needed.
>
> Ming wrote:
>
> > I’d do some work to block the whole system,as if it is dead,including
> > the kernel.when specified event occurs, it comes back to life. Just
> > like the SoftIce debug window. Can anybody give some help ? any link
> > will be welcome.
>
> –
> If replying by e-mail, please remove “nospam.” from the address.
>
> James Antognini
> Windows DDK MVP
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Max, there ain’t no such thing as “no can do” in kernel programming. It’s a
question of how much it takes, and of whether we’re willing to pay the
price. And the assertion that doing something outside the fold of the party
line lowers reliability, usability and functionality, well, doesn’t hold
water. In fact, I’d rather talk to hardware that I trust than to an API
that I don’t.

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Thursday, December 18, 2003 3:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

Some bosses with marketing background are sheer idiots.

I think they consider that a non-trivial feature (like spitting message
boxes from the kernel) will attract the customer’s attention, and neglect
the
fact that the feature is clumsy to use, provides nothing really valuable,
and
causes and itching desire to switch it off.

Any cases when something must be drawn on the GUI screen from the kernel
mode driver are such, for instance. Any cases when a firewall author would
like
to spit a dialog at user’s face on packet arrival, and then wait for user’s
decision on whether to allow it is the same.

The psychologist would call this style - attracting attention at the
cost
of lesser reliability, usability and no functionality - to be hysteroid :-).
Sorry, I prefer paranoid products

Given the situation with Chinese, Indian and to large degree Russian
offshore companies, where programmers have no voice at all, being treated as
servants of their bosses, and bosses made their initial money on pyramids or
such and know nothing on programming, but are very, very arrogant - such
development styles are not so surprising.

Off-shore the task to such a company - and you will have poor contact
with
poor tech people (since yes, ICQ and MSN are banned there due to itching
desire
of the boss to impose itself as a Man Of Power), at least 2 days turnaround
time for discussing trivial open issues (too many people on different
pyramid
levels to review and approve the communication flow with you), but lots of
MS
Project Gantt diagrams and other “business-like” explanations on “why we
cannot
do what you want, and even cannot understand what you want”.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Arlie Davis”
To: “Windows System Software Devs Interest List”
Sent: Thursday, December 18, 2003 6:58 PM
Subject: [ntdev] Re: blocking the system in kernel mode.

> Add this to the long list of products that I will never, ever buy or
> authorize use of.
>
> – arlie
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
> Sent: Thursday, December 18, 2003 10:32 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> You’re going to have to define “specified event.” Running kernel code at
> a high IRQL on all CPUs would produce the general effect, but if
> “specified event” were to comprise something arriving over the network,
> there’s not going to be anything running to recognize the event. That
> is, you may be asking to stop everything except processing for your
> desired event, but there may not be a way to restrict the effects to
> everything except what’s needed.
>
> Ming wrote:
>
> > I’d do some work to block the whole system,as if it is dead,including
> > the kernel.when specified event occurs, it comes back to life. Just
> > like the SoftIce debug window. Can anybody give some help ? any link
> > will be welcome.
>
> –
> If replying by e-mail, please remove “nospam.” from the address.
>
> James Antognini
> Windows DDK MVP
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

> In fact, I’d rather talk to hardware that I trust than to an API

Yes, we just had that argument.

Call me crazy, but device drivers should… drive devices. Not drive
me crazy.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Thursday, December 18, 2003 3:15 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

Max, there ain’t no such thing as “no can do” in kernel programming.
It’s a question of how much it takes, and of whether we’re willing to
pay the price. And the assertion that doing something outside the fold
of the party line lowers reliability, usability and functionality, well,
doesn’t hold
water. In fact, I’d rather talk to hardware that I trust than to an
API
that I don’t.

Alberto.

Exactly - device driver should drive devices.

Not APIs !

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Arlie Davis
Sent: Thursday, December 18, 2003 3:43 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

In fact, I’d rather talk to hardware that I trust than to an API

Yes, we just had that argument.

Call me crazy, but device drivers should… drive devices. Not drive
me crazy.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Thursday, December 18, 2003 3:15 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: blocking the system in kernel mode.

Max, there ain’t no such thing as “no can do” in kernel programming.
It’s a question of how much it takes, and of whether we’re willing to
pay the price. And the assertion that doing something outside the fold
of the party line lowers reliability, usability and functionality, well,
doesn’t hold
water. In fact, I’d rather talk to hardware that I trust than to an
API
that I don’t.

Alberto.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Can you please tell me where to find hardware I can trust? Or is
hardware that’s brain-dead in a reliable and consistent fashion
considered trustworthy?

=^)

Chuck

----- Original Message -----
From: “Moreira, Alberto”
To: “Windows System Software Devs Interest List”
Sent: Thursday, December 18, 2003 12:14 PM
Subject: [ntdev] Re: blocking the system in kernel mode.

> Max, there ain’t no such thing as “no can do” in kernel programming.
It’s a
> question of how much it takes, and of whether we’re willing to pay the
> price. And the assertion that doing something outside the fold of the
party
> line lowers reliability, usability and functionality, well, doesn’t
hold
> water. In fact, I’d rather talk to hardware that I trust than to an
API
> that I don’t.
>
> Alberto.
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
> Sent: Thursday, December 18, 2003 3:04 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> Some bosses with marketing background are sheer idiots.
>
> I think they consider that a non-trivial feature (like spitting
message
> boxes from the kernel) will attract the customer’s attention, and
neglect
> the
> fact that the feature is clumsy to use, provides nothing really
valuable,
> and
> causes and itching desire to switch it off.
>
> Any cases when something must be drawn on the GUI screen from the
kernel
> mode driver are such, for instance. Any cases when a firewall author
would
> like
> to spit a dialog at user’s face on packet arrival, and then wait for
user’s
> decision on whether to allow it is the same.
>
> The psychologist would call this style - attracting attention at
the
> cost
> of lesser reliability, usability and no functionality - to be
hysteroid :-).
> Sorry, I prefer paranoid products
>
> Given the situation with Chinese, Indian and to large degree
Russian
> offshore companies, where programmers have no voice at all, being
treated as
> servants of their bosses, and bosses made their initial money on
pyramids or
> such and know nothing on programming, but are very, very arrogant -
such
> development styles are not so surprising.
>
> Off-shore the task to such a company - and you will have poor
contact
> with
> poor tech people (since yes, ICQ and MSN are banned there due to
itching
> desire
> of the boss to impose itself as a Man Of Power), at least 2 days
turnaround
> time for discussing trivial open issues (too many people on different
> pyramid
> levels to review and approve the communication flow with you), but
lots of
> MS
> Project Gantt diagrams and other “business-like” explanations on “why
we
> cannot
> do what you want, and even cannot understand what you want”.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> ----- Original Message -----
> From: “Arlie Davis”
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, December 18, 2003 6:58 PM
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> > Add this to the long list of products that I will never, ever buy or
> > authorize use of.
> >
> > – arlie
> >
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of James
Antognini
> > Sent: Thursday, December 18, 2003 10:32 AM
> > To: Windows System Software Devs Interest List
> > Subject: [ntdev] Re: blocking the system in kernel mode.
> >
> >
> > You’re going to have to define “specified event.” Running kernel
code at
> > a high IRQL on all CPUs would produce the general effect, but if
> > “specified event” were to comprise something arriving over the
network,
> > there’s not going to be anything running to recognize the event.
That
> > is, you may be asking to stop everything except processing for your
> > desired event, but there may not be a way to restrict the effects to
> > everything except what’s needed.
> >
> > Ming wrote:
> >
> > > I’d do some work to block the whole system,as if it is
dead,including
> > > the kernel.when specified event occurs, it comes back to life.
Just
> > > like the SoftIce debug window. Can anybody give some help ? any
link
> > > will be welcome.
> >
> > –
> > If replying by e-mail, please remove “nospam.” from the address.
> >
> > James Antognini
> > Windows DDK MVP
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only.
It
> contains information that may be confidential. Unless you are the
named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@cbatson.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

I’d never thought my question would be this.

Exactly, I’m developing filter driver,When the specified event occures, the
encryption/decryption key will be
lost.So I want to block the whole system then,until the new event which
indicates the key is restore occurs.

I know this solution is quite hard. But I’ve got no better way.

Regards,

Ming zx

“Chuck Batson” Wrote:xxxxx@ntdev…
>
> Can you please tell me where to find hardware I can trust? Or is
> hardware that’s brain-dead in a reliable and consistent fashion
> considered trustworthy?
>
> =^)
>
> Chuck
>
> ----- Original Message -----
> From: “Moreira, Alberto”
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, December 18, 2003 12:14 PM
> Subject: [ntdev] Re: blocking the system in kernel mode.
>
>
> > Max, there ain’t no such thing as “no can do” in kernel programming.
> It’s a
> > question of how much it takes, and of whether we’re willing to pay the
> > price. And the assertion that doing something outside the fold of the
> party
> > line lowers reliability, usability and functionality, well, doesn’t
> hold
> > water. In fact, I’d rather talk to hardware that I trust than to an
> API
> > that I don’t.
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
> > Sent: Thursday, December 18, 2003 3:04 PM
> > To: Windows System Software Devs Interest List
> > Subject: [ntdev] Re: blocking the system in kernel mode.
> >
> >
> > Some bosses with marketing background are sheer idiots.
> >
> > I think they consider that a non-trivial feature (like spitting
> message
> > boxes from the kernel) will attract the customer’s attention, and
> neglect
> > the
> > fact that the feature is clumsy to use, provides nothing really
> valuable,
> > and
> > causes and itching desire to switch it off.
> >
> > Any cases when something must be drawn on the GUI screen from the
> kernel
> > mode driver are such, for instance. Any cases when a firewall author
> would
> > like
> > to spit a dialog at user’s face on packet arrival, and then wait for
> user’s
> > decision on whether to allow it is the same.
> >
> > The psychologist would call this style - attracting attention at
> the
> > cost
> > of lesser reliability, usability and no functionality - to be
> hysteroid :-).
> > Sorry, I prefer paranoid products
> >
> > Given the situation with Chinese, Indian and to large degree
> Russian
> > offshore companies, where programmers have no voice at all, being
> treated as
> > servants of their bosses, and bosses made their initial money on
> pyramids or
> > such and know nothing on programming, but are very, very arrogant -
> such
> > development styles are not so surprising.
> >
> > Off-shore the task to such a company - and you will have poor
> contact
> > with
> > poor tech people (since yes, ICQ and MSN are banned there due to
> itching
> > desire
> > of the boss to impose itself as a Man Of Power), at least 2 days
> turnaround
> > time for discussing trivial open issues (too many people on different
> > pyramid
> > levels to review and approve the communication flow with you), but
> lots of
> > MS
> > Project Gantt diagrams and other “business-like” explanations on “why
> we
> > cannot
> > do what you want, and even cannot understand what you want”.
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> >
> > ----- Original Message -----
> > From: “Arlie Davis”
> > To: “Windows System Software Devs Interest List”
> > Sent: Thursday, December 18, 2003 6:58 PM
> > Subject: [ntdev] Re: blocking the system in kernel mode.
> >
> >
> > > Add this to the long list of products that I will never, ever buy or
> > > authorize use of.
> > >
> > > – arlie
> > >
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com] On Behalf Of James
> Antognini
> > > Sent: Thursday, December 18, 2003 10:32 AM
> > > To: Windows System Software Devs Interest List
> > > Subject: [ntdev] Re: blocking the system in kernel mode.
> > >
> > >
> > > You’re going to have to define “specified event.” Running kernel
> code at
> > > a high IRQL on all CPUs would produce the general effect, but if
> > > “specified event” were to comprise something arriving over the
> network,
> > > there’s not going to be anything running to recognize the event.
> That
> > > is, you may be asking to stop everything except processing for your
> > > desired event, but there may not be a way to restrict the effects to
> > > everything except what’s needed.
> > >
> > > Ming wrote:
> > >
> > > > I’d do some work to block the whole system,as if it is
> dead,including
> > > > the kernel.when specified event occurs, it comes back to life.
> Just
> > > > like the SoftIce debug window. Can anybody give some help ? any
> link
> > > > will be welcome.
> > >
> > > –
> > > If replying by e-mail, please remove “nospam.” from the address.
> > >
> > > James Antognini
> > > Windows DDK MVP
> > >
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> > > unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as:
> xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
> It
> > contains information that may be confidential. Unless you are the
> named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@cbatson.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>

This particular query seems to have been a Rorschach test, eliciting each
person’s pet peeves, prejudices or deeply held beliefs. Looking over the
responses, I can hardly believe they were prompted by the same question.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

>

I’d never thought my question would be this.

Not your fault. The list history applies meaning to posts unintended by new
posters. It is a harsh bunch here, but if your needs are legitimate we will
eventually get around to answering your questions, you just need to pick the
answers out from all of the flame bait, trolling, and religious wars.

Exactly, I’m developing filter driver,When the specified
event occures, the encryption/decryption key will be lost.So
I want to block the whole system then,until the new event
which indicates the key is restore occurs.

I know this solution is quite hard. But I’ve got no better way.

Oh it is well beyond ‘quite hard’. ‘Blocking the whole system’ and ‘waiting
for an event’ appear to be mutually exclusive. It sounds more like you need
to block new IO requests for encrypted files. That might at least be
possible, depending on how deep and comprehensive your encryption system is.
Also how exactly does this ‘encryption key restore event’ get delivered to
the system?

Have you delved into the wonderful world of the Trusted Computing groups
specifications? Considered the workings and machinations of the “Left Hand”
side versus the “Right Hand” side? Why would the encryption/decryption key
be lost given you are following the TSS and or TPM specifications? If you
aren’t, then perhaps you need to look at www.trustedcomputinggroup.org and
do a google on NGSCB.

–
Gary G. Little
Seagate Technologies, LLC

“Ming” wrote in message news:xxxxx@ntdev…
>
> I’d never thought my question would be this.
>
> Exactly, I’m developing filter driver,When the specified event occures,
the
> encryption/decryption key will be
> lost.So I want to block the whole system then,until the new event which
> indicates the key is restore occurs.
>
> I know this solution is quite hard. But I’ve got no better way.
>
>
> Regards,
>
> Ming zx
>
> “Chuck Batson” Wrote:xxxxx@ntdev…
> >
> > Can you please tell me where to find hardware I can trust? Or is
> > hardware that’s brain-dead in a reliable and consistent fashion
> > considered trustworthy?
> >
> > =^)
> >
> > Chuck
> >
> > ----- Original Message -----
> > From: “Moreira, Alberto”
> > To: “Windows System Software Devs Interest List”
> > Sent: Thursday, December 18, 2003 12:14 PM
> > Subject: [ntdev] Re: blocking the system in kernel mode.
> >
> >
> > > Max, there ain’t no such thing as “no can do” in kernel programming.
> > It’s a
> > > question of how much it takes, and of whether we’re willing to pay the
> > > price. And the assertion that doing something outside the fold of the
> > party
> > > line lowers reliability, usability and functionality, well, doesn’t
> > hold
> > > water. In fact, I’d rather talk to hardware that I trust than to an
> > API
> > > that I don’t.
> > >
> > > Alberto.
> > >
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
> > > Sent: Thursday, December 18, 2003 3:04 PM
> > > To: Windows System Software Devs Interest List
> > > Subject: [ntdev] Re: blocking the system in kernel mode.
> > >
> > >
> > > Some bosses with marketing background are sheer idiots.
> > >
> > > I think they consider that a non-trivial feature (like spitting
> > message
> > > boxes from the kernel) will attract the customer’s attention, and
> > neglect
> > > the
> > > fact that the feature is clumsy to use, provides nothing really
> > valuable,
> > > and
> > > causes and itching desire to switch it off.
> > >
> > > Any cases when something must be drawn on the GUI screen from the
> > kernel
> > > mode driver are such, for instance. Any cases when a firewall author
> > would
> > > like
> > > to spit a dialog at user’s face on packet arrival, and then wait for
> > user’s
> > > decision on whether to allow it is the same.
> > >
> > > The psychologist would call this style - attracting attention at
> > the
> > > cost
> > > of lesser reliability, usability and no functionality - to be
> > hysteroid :-).
> > > Sorry, I prefer paranoid products
> > >
> > > Given the situation with Chinese, Indian and to large degree
> > Russian
> > > offshore companies, where programmers have no voice at all, being
> > treated as
> > > servants of their bosses, and bosses made their initial money on
> > pyramids or
> > > such and know nothing on programming, but are very, very arrogant -
> > such
> > > development styles are not so surprising.
> > >
> > > Off-shore the task to such a company - and you will have poor
> > contact
> > > with
> > > poor tech people (since yes, ICQ and MSN are banned there due to
> > itching
> > > desire
> > > of the boss to impose itself as a Man Of Power), at least 2 days
> > turnaround
> > > time for discussing trivial open issues (too many people on different
> > > pyramid
> > > levels to review and approve the communication flow with you), but
> > lots of
> > > MS
> > > Project Gantt diagrams and other “business-like” explanations on “why
> > we
> > > cannot
> > > do what you want, and even cannot understand what you want”.
> > >
> > > Maxim Shatskih, Windows DDK MVP
> > > StorageCraft Corporation
> > > xxxxx@storagecraft.com
> > > http://www.storagecraft.com
> > >
> > >
> > > ----- Original Message -----
> > > From: “Arlie Davis”
> > > To: “Windows System Software Devs Interest List”
> > > Sent: Thursday, December 18, 2003 6:58 PM
> > > Subject: [ntdev] Re: blocking the system in kernel mode.
> > >
> > >
> > > > Add this to the long list of products that I will never, ever buy or
> > > > authorize use of.
> > > >
> > > > – arlie
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On Behalf Of James
> > Antognini
> > > > Sent: Thursday, December 18, 2003 10:32 AM
> > > > To: Windows System Software Devs Interest List
> > > > Subject: [ntdev] Re: blocking the system in kernel mode.
> > > >
> > > >
> > > > You’re going to have to define “specified event.” Running kernel
> > code at
> > > > a high IRQL on all CPUs would produce the general effect, but if
> > > > “specified event” were to comprise something arriving over the
> > network,
> > > > there’s not going to be anything running to recognize the event.
> > That
> > > > is, you may be asking to stop everything except processing for your
> > > > desired event, but there may not be a way to restrict the effects to
> > > > everything except what’s needed.
> > > >
> > > > Ming wrote:
> > > >
> > > > > I’d do some work to block the whole system,as if it is
> > dead,including
> > > > > the kernel.when specified event occurs, it comes back to life.
> > Just
> > > > > like the SoftIce debug window. Can anybody give some help ? any
> > link
> > > > > will be welcome.
> > > >
> > > > –
> > > > If replying by e-mail, please remove “nospam.” from the address.
> > > >
> > > > James Antognini
> > > > Windows DDK MVP
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > > > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > You are currently subscribed to ntdev as: xxxxx@sublinear.org To
> > > > unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > >
> > > The contents of this e-mail are intended for the named addressee only.
> > It
> > > contains information that may be confidential. Unless you are the
> > named
> > > addressee or an authorized designee, you may not copy or use it, or
> > disclose
> > > it to anyone else. If you received it in error please notify us
> > immediately
> > > and then destroy it.
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@cbatson.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
>
>
>
>

Mark Roddy wrote:

Oh it is well beyond ‘quite hard’. ‘Blocking the whole system’ and ‘waiting
for an event’ appear to be mutually exclusive. It sounds more like you need
to block new IO requests for encrypted files. That might at least be
possible, depending on how deep and comprehensive your encryption system is.
Also how exactly does this ‘encryption key restore event’ get delivered to
the system?

It seemed obvious to me that he was going to poll for this…

However, I think the real question is “what is the compelling reason the
entire system needs to be blocked?”. Why can’t you just pend all the IO
requests in your filter driver and work on them when the key becomes
available?

A perhaps related question that I don’t happen to know the answer to:
Does IRQL == HIGH_LEVEL imply the debugger can’t break in?

…/ray..

Thank all the guys for replying.
If i pend all the io request in my filter driver , how can i manage the
pending-queue?
How can i work on the io reuqest pended long time ago? Is there any timeout
mechanism?
Still many questions to handle. I’ll try.

Regards,

Ming
“Ray Trent” ???:xxxxx@ntdev…
>
> Mark Roddy wrote:
> > Oh it is well beyond ‘quite hard’. ‘Blocking the whole system’ and
‘waiting
> > for an event’ appear to be mutually exclusive. It sounds more like you
need
> > to block new IO requests for encrypted files. That might at least be
> > possible, depending on how deep and comprehensive your encryption system
is.
> > Also how exactly does this ‘encryption key restore event’ get delivered
to
> > the system?
>
> It seemed obvious to me that he was going to poll for this…
>
> However, I think the real question is “what is the compelling reason the
> entire system needs to be blocked?”. Why can’t you just pend all the IO
> requests in your filter driver and work on them when the key becomes
> available?
>
> A perhaps related question that I don’t happen to know the answer to:
> Does IRQL == HIGH_LEVEL imply the debugger can’t break in?
> –
> …/ray..
>
>

You need to rethink your design.

First, what is encrypted? How does the encryption work? Is the USB
device actually getting the data and encrypting the data? You need to
provide that information and probably more to come close to designing a
system that will be stable.

Second, after you understand all the above, including key management
issues, you may need to understand how the file system, cache manager,
memory manager, and storage stack interact and provide their services in
response to user requests.

I am assuming that your driver is a file system filter that exists on
top of the normal file systems - FAT & NTFS. If you have your own file
system then it can be easier when your FS is bug free, but not
completely. I think a well designed implementation will enable this to
work properly, but this is not a simple DIY project, but one that
requires experience and a high degree of skill. Hiring a contracting
firm might be the only good way. This has gone on for three days or
more and started early with how to block the system in kernel mode -
which is not even a possible solution to your problems.

“Ming” wrote in message news:xxxxx@ntdev…
>
> Thank all the guys for replying.
> If i pend all the io request in my filter driver , how can i manage
the
> pending-queue?
> How can i work on the io reuqest pended long time ago? Is there any
timeout
> mechanism?
> Still many questions to handle. I’ll try.
>
> Regards,
>
> Ming
> “Ray Trent” ???:xxxxx@ntdev…
> >
> > Mark Roddy wrote:
> > > Oh it is well beyond ‘quite hard’. ‘Blocking the whole system’ and
> ‘waiting
> > > for an event’ appear to be mutually exclusive. It sounds more like
you
> need
> > > to block new IO requests for encrypted files. That might at least
be
> > > possible, depending on how deep and comprehensive your encryption
system
> is.
> > > Also how exactly does this ‘encryption key restore event’ get
delivered
> to
> > > the system?
> >
> > It seemed obvious to me that he was going to poll for this…
> >
> > However, I think the real question is “what is the compelling reason
the
> > entire system needs to be blocked?”. Why can’t you just pend all the
IO
> > requests in your filter driver and work on them when the key becomes
> > available?
> >
> > A perhaps related question that I don’t happen to know the answer
to:
> > Does IRQL == HIGH_LEVEL imply the debugger can’t break in?
> > –
> > …/ray..
> >
> >
>
>
>
>

Thanks. haven’t u post it to the group? or just replied to me directly?
I can not get this post on the group.

I think it needs a better design. there is only a filter driver here,without
own file system driver. Things blocks here.
usb device does not get the data.It is just a token,doing the work of auth,and
providing the encryption/decryption algorithm and key. We really have no idea
of this problem.

“David J. Craig” д???ʼ???:…
> You need to rethink your design.
>
> First, what is encrypted? How does the encryption work? Is the USB
> device actually getting the data and encrypting the data? You need to
> provide that information and probably more to come close to designing a
> system that will be stable.
>
> Second, after you understand all the above, including key management
> issues, you may need to understand how the file system, cache manager,
> memory manager, and storage stack interact and provide their services in
> response to user requests.
>
> I am assuming that your driver is a file system filter that exists on
> top of the normal file systems - FAT & NTFS. If you have your own file
> system then it can be easier when your FS is bug free, but not
> completely. I think a well designed implementation will enable this to
> work properly, but this is not a simple DIY project, but one that
> requires experience and a high degree of skill. Hiring a contracting
> firm might be the only good way. This has gone on for three days or
> more and started early with how to block the system in kernel mode -
> which is not even a possible solution to your problems.
>
> “Ming” wrote in message news:xxxxx@ntdev…
> >
> > Thank all the guys for replying.
> > If i pend all the io request in my filter driver , how can i manage
> the
> > pending-queue?
> > How can i work on the io reuqest pended long time ago? Is there any
> timeout
> > mechanism?
> > Still many questions to handle. I’ll try.
> >
> > Regards,
> >
> > Ming
> > “Ray Trent” ???:xxxxx@ntdev…
> > >
> > > Mark Roddy wrote:
> > > > Oh it is well beyond ‘quite hard’. ‘Blocking the whole system’ and
> > ‘waiting
> > > > for an event’ appear to be mutually exclusive. It sounds more like
> you
> > need
> > > > to block new IO requests for encrypted files. That might at least
> be
> > > > possible, depending on how deep and comprehensive your encryption
> system
> > is.
> > > > Also how exactly does this ‘encryption key restore event’ get
> delivered
> > to
> > > > the system?
> > >
> > > It seemed obvious to me that he was going to poll for this…
> > >
> > > However, I think the real question is “what is the compelling reason
> the
> > > entire system needs to be blocked?”. Why can’t you just pend all the
> IO
> > > requests in your filter driver and work on them when the key becomes
> > > available?
> > >
> > > A perhaps related question that I don’t happen to know the answer
> to:
> > > Does IRQL == HIGH_LEVEL imply the debugger can’t break in?
> > > –
> > > …/ray..
> > >
> > >
> >
> >
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>