hello everyone,
i want to hook the function IoCallDriver() exported by ntosknrl.exe,what
can i do to finish this job?
regards
ding hao
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
hello everyone,
i want to hook the function IoCallDriver() exported by ntosknrl.exe,what
can i do to finish this job?
regards
ding hao
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
The real question here is will anyone actually answer this post?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of shark marian
Sent: Saturday, December 11, 2004 1:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to hook the function IoCallDriver?hello everyone,
i want to hook the function IoCallDriver() exported by
ntosknrl.exe,what can i do to finish this job?
regards
ding hao
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
I’ll bite … why do you want to do this? This probably one of the most system critical functions that you do not want to go anywhere near.
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Saturday, December 11, 2004 4:53 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to hook the function IoCallDriver?
The real question here is will anyone actually answer this post?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of shark marian
Sent: Saturday, December 11, 2004 1:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to hook the function IoCallDriver?hello everyone,
i want to hook the function IoCallDriver() exported by
ntosknrl.exe,what can i do to finish this job?
regards
ding hao
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
because i want to track all the irp that it send to the object,i want
to know all the irp ,so i want to hook the IoCallDriver,and then i can get
all the irp and all the object that receive the irp.
Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
Whats wrong using for this a classical filter driver ? This is the correct
solution
to your problem, not a fantesist aproach like hooking a kernel API. May I
suggest you learning how NT works internally ?
Dan
----- Original Message -----
From: “shark marian”
To: “Windows System Software Devs Interest List”
Sent: Sunday, December 12, 2004 2:08 PM
Subject: RE:[ntdev] How to hook the function IoCallDriver?
> because i want to track all the irp that it send to the object,i want
> to know all the irp ,so i want to hook the IoCallDriver,and then i can get
> all the irp and all the object that receive the irp.
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
hello Dan Partelly,
may i talk to each other in the msn,my id is xxxxx@hotmail.com,i
will wait for you if you have time.
thanks.
ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£ http://www.hotmail.com
I assume you are trying to do this for research purposes. I have two ideas
about achieving this. You may want to try if they work :
I am not sure if IoCallDriver is available at the Widows Sevice Dispatch
table. If it is, it may be possible to hook its entry in the service
dispatch table.
Otherwise you may have to patch the export table of Ntoskernel.exe.
From my experiences for this list, hooking is hardly supported so I would
like to obey the common sense:) So I suggest you to ask the watchers if
there exists a documented way.
Regards,
Egemen Tas
-------Original Message-------
From: shark marian
Date: 12/12/04 14:10:18
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to hook the function IoCallDriver?
because i want to track all the irp that it send to the object,i want
to know all the irp ,so i want to hook the IoCallDriver,and then i can get
all the irp and all the object that receive the irp.
Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
Questions? First check the Kernel Driver FAQ at http://www.osronline
com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@gmail.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
thanks the Partelly.
first i want to know what is the watchers?execuse for my stupid question.
second can we talk online use another way,send email to the ntdev is to
slow?
do you think so.
regards
ding hao
Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
hello Egemen Tas,
thanks for your reply.
but if you do this irp track,what do you think is the best way to solve
this problem
regards
ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£ http://www.hotmail.com