Filter PNP Driver to file communication. Please guide!!

Hi,

I have an application that does following tasks:

  1. Upon starting user-level application , A request is sent to the driver
    i.e PNP driver
  2. The driver fetches the request , processes it.
  3. For each such request, the driver queries a file, gets data from it, and
    finally the driver sends the response back to user level application.

i.e Myuser.exe —(Sends password request) —>
MyDriver.sys ----(DriverReadsafile)---->File.dat ----(fileReturnsdatatodriver)—>Mydriver.sys----(sendspasswd)–>Myuser.exe
application

Now, I want to check all the processing going at the “Driver level
interacting with the file”

Earlier, i thought that filespy (sample in IFS kit) will work for my
problem. But filespy can filter only the requests that are coming from
userlevel to filesystem,

WHERE As need to filter all the requests that are being sent from Driver to
Dat file.

So can anybody suggest how can we filter/check/analyse/disassemble/debug the
communication betweeen the driver and the file in this case.,

Please suggest.

Thanks,
Rohit Dhamija

Uh… Afaik Filespy should ™ work…

Are you using the ZwXXXXX (or NTxxxx) APIs or “rolling your own” irps?

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Rohit Dhamija
Sent: 03 February 2005 13:22
To: Windows System Software Devs Interest List
Subject: [ntdev] Filter PNP Driver to file communication. Please guide!!

Hi,

I have an application that does following tasks:

  1. Upon starting user-level application , A request is sent to the
    driver
    i.e PNP driver
  2. The driver fetches the request , processes it.
  3. For each such request, the driver queries a file, gets data from it,
    and
    finally the driver sends the response back to user level application.

i.e Myuser.exe —(Sends password request) —>
MyDriver.sys ----(DriverReadsafile)---->File.dat
----(fileReturnsdatatodriver)—>Mydriver.sys----(sendspasswd)–>Myuser.
exe
application

Now, I want to check all the processing going at the “Driver level
interacting with the file”

Earlier, i thought that filespy (sample in IFS kit) will work for my
problem. But filespy can filter only the requests that are coming from
userlevel to filesystem,

WHERE As need to filter all the requests that are being sent from
Driver to
Dat file.

So can anybody suggest how can we filter/check/analyse/disassemble/debug
the
communication betweeen the driver and the file in this case.,

Please suggest.

Thanks,
Rohit Dhamija


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com

I don;t have the source code for the driver and the contents of the dat
file.
I have just the driver and the file and the application. I have code for the
user level application
rohit

“Rob Linegar” wrote in message news:xxxxx@ntdev…

Uh… Afaik Filespy should ™ work…

Are you using the ZwXXXXX (or NTxxxx) APIs or “rolling your own” irps?

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Rohit Dhamija
Sent: 03 February 2005 13:22
To: Windows System Software Devs Interest List
Subject: [ntdev] Filter PNP Driver to file communication. Please guide!!

Hi,

I have an application that does following tasks:

1) Upon starting user-level application , A request is sent to the
driver
i.e PNP driver
2) The driver fetches the request , processes it.
3) For each such request, the driver queries a file, gets data from it,
and
finally the driver sends the response back to user level application.

i.e Myuser.exe —(Sends password request) —>
MyDriver.sys ----(DriverReadsafile)---->File.dat
----(fileReturnsdatatodriver)—>Mydriver.sys----(sendspasswd)–>Myuser.
exe
application

Now, I want to check all the processing going at the “Driver level
interacting with the file”

Earlier, i thought that filespy (sample in IFS kit) will work for my
problem. But filespy can filter only the requests that are coming from
userlevel to filesystem,

WHERE As need to filter all the requests that are being sent from
Driver to
Dat file.

So can anybody suggest how can we filter/check/analyse/disassemble/debug
the
communication betweeen the driver and the file in this case.,

Please suggest.

Thanks,
Rohit Dhamija


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com