Hello all,
Iam not completely sure if this is the correct newsgroup but I trust you
will be able to help me out on this one.
Can you tell me where I can find the correct description of the boot
process. Especially the very early stages. My goal is to create a mechanism
that will always be filtering the disck access. In the very early stages I
can do that by filtering INT13 but I need to know when this will be taken
over. Basically after things have booted I would like to have a filter at
the upper edge of the disk driver. (I don’t want to write my own IDE driver
since that is not required for the functionality).
What is important is : can I attach to the disk driver before this actually
starts accessing the disk directly?
Best regards,
Wim Vervoorn
Wim Vervoorn wrote:
Hello all,
Iam not completely sure if this is the correct newsgroup but I trust you
will be able to help me out on this one.
Can you tell me where I can find the correct description of the boot
process. Especially the very early stages. My goal is to create a mechanism
that will always be filtering the disck access. In the very early stages I
can do that by filtering INT13 but I need to know when this will be taken
over. Basically after things have booted I would like to have a filter at
the upper edge of the disk driver. (I don’t want to write my own IDE driver
since that is not required for the functionality).
What is important is : can I attach to the disk driver before this actually
starts accessing the disk directly?
Best regards,
Wim Vervoorn
well… the disk is accessed first by ntldr, which have its own fat/ntfs
implementation which gets to load ntoskrnl and all the rest. So if you
mean to “hook” that, i think you can rely on BIOS int13 functions
only… and it would be a mess, since you’d need to know how to access
filesystem structures yourself in raw mode.
If you want to takeover the stuff a little after, you just have to
create a filter driver (disk filter or fs filter, depends on your needs)
which is loaded early in the boot stages. You control this by
installing your driver as Boot Driver with a tag value of 0xffff.
Usually, this way you get loaded before anything else but the standard
OS boot drivers. Then, you can hook the deviceobjects as soon as they
appear (volumes/disks).
regards,
valerio