Hi guys,
Can we interact with kernel mode drivers namely the .sys files through
.net.If we can then how can we do it.Please help me.
with regards
Ganesh
You can use a managed C++ layer to talk through shared memory or a hanging
IRP method…
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ganesh
Sent: Thursday, January 26, 2006 9:44 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How to interact with kernel mode drivers through .net
Hi guys,
Can we interact with kernel mode drivers namely the .sys files through
.net.If we can then how can we do it.Please help me.
with regards
Ganesh
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@bitarmor.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
> Can we interact with kernel mode drivers namely the .sys files through
.net.If we can then how can we do it.Please help me.
Well I am not a .NET expert, but i know that you can import
any API from system DLLs, so you may import DeviceIoControl
and use that.
L.
Go to www.pinvoke.net it is a wiki of public domain C# <-> Platform SDK
interfaces.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Thursday, January 26, 2006 12:37 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] How to interact with kernel mode drivers
through .net> Can we interact with kernel mode drivers namely the .sys files
> through .net.If we can then how can we do it.Please help me.Well I am not a .NET expert, but i know that you can import
any API from system DLLs, so you may import DeviceIoControl
and use that.L.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17You are currently subscribed to ntfsd as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Hey Ganesh,
We use .NET to connect to our file system filters all the time. The
trick is to marshal CreateFile (to open the driver), DeviceIoControl (to
read/write driver) and CloseHandle (to close it out) and use the built
in PtrToStructure and StructureToPtr methods in the Marshal class to
manipulate the buffers.
It took me a bit of time to get the proper P/Invoke defined for the
functions. To give you a head start, here you go:
// CreateFile P/Invoke
DllImport(“kernel32.dll”, SetLastError=true, CharSet=CharSet.Auto)]
public static extern int CreateFile(
[MarshalAs(UnmanagedType.LPTStr)]string fileName,
[MarshalAs(UnmanagedType.U4)]uint desiredAccess,
[MarshalAs(UnmanagedType.U4)]uint shareMode,
[MarshalAs(UnmanagedType.LPStruct)]SecurityAttributes secAttr,
[MarshalAs(UnmanagedType.U4)]uint creationDisposition,
[MarshalAs(UnmanagedType.U4)]uint flagsAndAttributes,
[MarshalAs(UnmanagedType.U4)]uint templateFile );
// DeviceIoControl P/Invoke
[DllImport(“kernel32.dll”, SetLastError=true, CharSet=CharSet.Auto)]
public static extern bool DeviceIoControl(
[MarshalAs(UnmanagedType.U4)]int device,
[MarshalAs(UnmanagedType.U4)]uint ioControlCode,
IntPtr lpInBuffer,
[MarshalAs(UnmanagedType.U4)]uint inBufferSize,
IntPtr lpOutBuffer,
[MarshalAs(UnmanagedType.U4)]uint outBufferSize,
[MarshalAs(UnmanagedType.U4)]out int bytesReturned,
[MarshalAs(UnmanagedType.U4)]uint overlapped );
// CloseHandle P/Invoke
[DllImport(“kernel32.dll”, EntryPoint=“CloseHandle”)]
public static extern uint CloseHandle(int handle);
One last thing you will need is the SecurityAttributes struct for use in
CreateFile to properly open it. I have talked to a few different
Microsoft engineers about this, but I got the best bang for the buck
rolling my own like:
[StructLayout(LayoutKind.Sequential)]
public class SecurityAttributes
{
public int nLength = Marshal.SizeOf(typeof(SecurityAttributes));
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle;
}
From there, it’s pretty much no different than using C/C++ to
communicate with the driver in usermode. I know I have answered this on
a few forums now, and have seen people posting code snippits based on my
description. I would bet if you google you will be able to find those
threads if you need to understand how to write the underlying C# code.
As a final point, if I could give any sort of brain dead advice on this,
it’s to remember that once you use the Marshal class, you have to watch
what you allocate through Marshal.AllocHGlobal(). I erroneously thought
the garbage collector would take care of anything I allocated, and thats
just not the case. Took me a few days to find an ugly memory leak which
was fixed with a brain dead Marshal.FreeHGlobal() call.
YMMV. Good luck.
Regards,
Dana Epp [Security MVP]
Blog: http://silverstr.ufies.org/blog/
From: xxxxx@lists.osr.com on behalf of Ganesh
Sent: Thu 1/26/2006 6:44 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How to interact with kernel mode drivers through .net
Hi guys,
Can we interact with kernel mode drivers namely the .sys files
through
.net.If we can then how can we do it.Please help me.
with regards
Ganesh
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@vulscan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com