Drivers loaded

Hello,

I have to check in my DriverEntry if other driver was loaded ealier.
I have only name of driver. Could you tell me how can I check it?

Grzegorz Malicki

Well the first question is why? A driver can be loaded but not ready to be
used, or could even be unloaded right after the check. If you are writing
both drivers, consider using a device interface and using
IoRegisterPlugPlayNotification to get access to the device interface.
Otherwise, if you can get the device name (not the driver name you specify),
use ZwCreateFile to open the device (you can use ObReferenceObjectByHandle
to get a pointer to the device object if desired).

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

----- Original Message -----
From: “Grzegorz Malicki”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 7:19 AM
Subject: [ntdev] Drivers loaded

> Hello,
>
> I have to check in my DriverEntry if other driver was loaded ealier.
> I have only name of driver. Could you tell me how can I check it?
>
> Grzegorz Malicki
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks for answer :slight_smile:

Why ? I’m checking who is loaded first: my driver or other driver.
My driver is load ON_DEMAND, I have to determine which
driver was loaded ealier.

I’m using ZwOpenFile for check this driver.
It returns STATUS_OBJECT_TYPE_MISMATCH if driver
was loaded or STATUS_OBJECT_NAME_NOT_FOUND if it wasn’t.

I don’t know device name because it’s not my driver.
If I will have pointer or handler to this driver I found devices.
Can I obtain pointer to DRIVER_OBJECT when I know only his name ?

Grzegorz Malicki

----- Original Message -----
From: “Don Burn”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 1:36 PM
Subject: [ntdev] Re: Drivers loaded

> Well the first question is why? A driver can be loaded but not ready to
be
> used, or could even be unloaded right after the check. If you are writing
> both drivers, consider using a device interface and using
> IoRegisterPlugPlayNotification to get access to the device interface.
> Otherwise, if you can get the device name (not the driver name you
specify),
> use ZwCreateFile to open the device (you can use ObReferenceObjectByHandle
> to get a pointer to the device object if desired).
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>

To peek into the list of driver objects and device objects, use the
DeviceTree application, which you can download free on www.osronline.com
This is an invaluable tool, very useful in lots of situations.

Mat

-----Original Message-----
From: Grzegorz Malicki [mailto:xxxxx@mks.com.pl]
Sent: Wednesday, July 23, 2003 9:20 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Drivers loaded

Thanks for answer :slight_smile:

Why ? I’m checking who is loaded first: my driver or other driver.
My driver is load ON_DEMAND, I have to determine which
driver was loaded ealier.

I’m using ZwOpenFile for check this driver.
It returns STATUS_OBJECT_TYPE_MISMATCH if driver
was loaded or STATUS_OBJECT_NAME_NOT_FOUND if it wasn’t.

I don’t know device name because it’s not my driver.
If I will have pointer or handler to this driver I found devices.
Can I obtain pointer to DRIVER_OBJECT when I know only his name ?

Grzegorz Malicki

----- Original Message -----
From: “Don Burn”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 1:36 PM
Subject: [ntdev] Re: Drivers loaded

> Well the first question is why? A driver can be loaded but not ready to
be
> used, or could even be unloaded right after the check. If you are writing
> both drivers, consider using a device interface and using
> IoRegisterPlugPlayNotification to get access to the device interface.
> Otherwise, if you can get the device name (not the driver name you
specify),
> use ZwCreateFile to open the device (you can use ObReferenceObjectByHandle
> to get a pointer to the device object if desired).
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>


You are currently subscribed to ntdev as: xxxxx@guillemot.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Again, why is this important to know which driver is first? There are
simple ways like writing a registry value that could be used to detect this.
If you really need the driver pointer then use ObReferenceObjectByName
which is undocumented and unsupported. If you seach Google groups you
should get enough data to use it,
but think carefully as to why you are going there.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

----- Original Message -----
From: “Grzegorz Malicki”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 9:20 AM
Subject: [ntdev] Re: Drivers loaded

> Thanks for answer :slight_smile:
>
> Why ? I’m checking who is loaded first: my driver or other driver.
> My driver is load ON_DEMAND, I have to determine which
> driver was loaded ealier.
>
> I’m using ZwOpenFile for check this driver.
> It returns STATUS_OBJECT_TYPE_MISMATCH if driver
> was loaded or STATUS_OBJECT_NAME_NOT_FOUND if it wasn’t.
>
> I don’t know device name because it’s not my driver.
> If I will have pointer or handler to this driver I found devices.
> Can I obtain pointer to DRIVER_OBJECT when I know only his name ?
>
> Grzegorz Malicki
>
> ----- Original Message -----
> From: “Don Burn”
> To: “Windows System Software Developers Interest List”

> Sent: Wednesday, July 23, 2003 1:36 PM
> Subject: [ntdev] Re: Drivers loaded
>
>
> > Well the first question is why? A driver can be loaded but not ready to
> be
> > used, or could even be unloaded right after the check. If you are
writing
> > both drivers, consider using a device interface and using
> > IoRegisterPlugPlayNotification to get access to the device interface.
> > Otherwise, if you can get the device name (not the driver name you
> specify),
> > use ZwCreateFile to open the device (you can use
ObReferenceObjectByHandle
> > to get a pointer to the device object if desired).
> >
> > Don Burn (MVP, Windows DDK)
> > Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Not so long ago, I showed a way of getting a list of loaded drivers. See
“How to enumarate all the drivers installed on a PC?” in
microsoft.public.development.device.drivers on 2003-03-27. But, as
others have noted, there is no guarantee that the list will stay correct
after you gather its contents.


If replying by e-mail, please remove “nospam.” from the address.

James Antognini
Windows DDK MVP

Why cant you just call NtQuerySystemInformation?, Traverse the list of
loaded drivers, doing a string compare.

Can I use NtQuerySystemInformation in DriverEntry in my kernel-mode driver?!

Grzegorz Malicki

----- Original Message -----
From:
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 4:54 PM
Subject: [ntdev] Re: Drivers loaded

> Why cant you just call NtQuerySystemInformation?, Traverse the list of
> loaded drivers, doing a string compare.
>
> —

You probably can, of course this is also undocumented and not guaranteed to
work. Again, think about why you are trying to do this, explain that to
this group and we can probably give you an answer that will work.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

----- Original Message -----
From: “Grzegorz Malicki”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 11:25 AM
Subject: [ntdev] Re: Drivers loaded

> Can I use NtQuerySystemInformation in DriverEntry in my kernel-mode
driver?!
>
> Grzegorz Malicki
>
> ----- Original Message -----
> From:
> To: “Windows System Software Developers Interest List”

> Sent: Wednesday, July 23, 2003 4:54 PM
> Subject: [ntdev] Re: Drivers loaded
>
>
> > Why cant you just call NtQuerySystemInformation?, Traverse the list of
> > loaded drivers, doing a string compare.
> >
> > —
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Yes. ZwQuerySystemInformation though.

Max

----- Original Message -----
From: “Grzegorz Malicki”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 7:25 PM
Subject: [ntdev] Re: Drivers loaded

> Can I use NtQuerySystemInformation in DriverEntry in my kernel-mode driver?!
>
> Grzegorz Malicki
>
> ----- Original Message -----
> From:
> To: “Windows System Software Developers Interest List”
> Sent: Wednesday, July 23, 2003 4:54 PM
> Subject: [ntdev] Re: Drivers loaded
>
>
> > Why cant you just call NtQuerySystemInformation?, Traverse the list of
> > loaded drivers, doing a string compare.
> >
> > —
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

I try to explain (my english is poor).

I wrote TDI filter driver attached to TCP device.
My driver works in two situations:

  1. First use (without reboot):
    Driver is registers in the system.
    I change GroupOrderList to determine new order load driver.
    I load driver, create devices and use it.

In this case driver is load after NetBT and:
In InternalDeviceControl it receives IRPs with too small stack,
and it has to allocate new IRP to pass to lower driver, etc …
I don’t unload my driver, because I will get BSOD (NetBT call
code of my driver after successfull unload).
To prevent this I don’t set Unload procedure in DriverEntry.

  1. Second and next use (after reboot)
    System loads my driver after TcpIp and before NetBT by
    data stored in registry (which I changed).
    My dispatch receives good IRP stack size.
    In my driver I set UnLoad because it is safe.

Beyond first and second, I want to make safely my driver
to situation when another aplication change new order load drivers.

To correctly working my driver is necessary to load after
TcpIp and before NetBT.
My idea is to check if driver NetBT was loaded.
Maybe anyone know better solution ?

It’s very important to don’t reboot system after install
my software. Yes, I know, reboot is the simplest method.

Grzegorz Malicki

----- Original Message -----
From: “Don Burn”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 3:42 PM
Subject: [ntdev] Re: Drivers loaded

> Again, why is this important to know which driver is first? There are
> simple ways like writing a registry value that could be used to detect
this.
> If you really need the driver pointer then use ObReferenceObjectByName
> which is undocumented and unsupported. If you seach Google groups you
> should get enough data to use it,
> but think carefully as to why you are going there.
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>

I believe the best thing to do would be to make sure the IRP passed to you
has enough stack locations. This has been talked about before on this
list.

-Jeff

-----Original Message-----
From: Grzegorz Malicki [mailto:xxxxx@mks.com.pl]
Sent: Thursday, July 24, 2003 9:26 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Drivers loaded

I try to explain (my english is poor).

I wrote TDI filter driver attached to TCP device.
My driver works in two situations:

  1. First use (without reboot):
    Driver is registers in the system.
    I change GroupOrderList to determine new order load driver.
    I load driver, create devices and use it.

In this case driver is load after NetBT and:
In InternalDeviceControl it receives IRPs with too small stack,
and it has to allocate new IRP to pass to lower driver, etc …
I don’t unload my driver, because I will get BSOD (NetBT call
code of my driver after successfull unload).
To prevent this I don’t set Unload procedure in DriverEntry.

  1. Second and next use (after reboot)
    System loads my driver after TcpIp and before NetBT by
    data stored in registry (which I changed).
    My dispatch receives good IRP stack size.
    In my driver I set UnLoad because it is safe.

Beyond first and second, I want to make safely my driver
to situation when another aplication change new order load drivers.

To correctly working my driver is necessary to load after
TcpIp and before NetBT.
My idea is to check if driver NetBT was loaded.
Maybe anyone know better solution ?

It’s very important to don’t reboot system after install
my software. Yes, I know, reboot is the simplest method.

Grzegorz Malicki

----- Original Message -----
From: “Don Burn”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, July 23, 2003 3:42 PM
Subject: [ntdev] Re: Drivers loaded

> Again, why is this important to know which driver is first? There are
> simple ways like writing a registry value that could be used to detect
this.
> If you really need the driver pointer then use ObReferenceObjectByName
> which is undocumented and unsupported. If you seach Google groups you
> should get enough data to use it,
> but think carefully as to why you are going there.
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>


You are currently subscribed to ntdev as: xxxxx@concord.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
the latest virus scan software available for the presence of computer
viruses.