How to track all the Irp?

OSR_Community_User · December 14, 2004, 10:33am

hello everyone,
i still want to develop a driver that can track all the Irp,but without
answer,does no one can help me?
i am not familiar about develop driver,this time is just so critical.
best regards
ding hao

Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn

Scott_Noone_OSR · December 14, 2004, 11:23am

This is the third time that you’ve asked in as many days, if someone is
going to give an answer they will reply to one of the other posts.

However, if you go and read the other responses under your other posts you
will see that people are very reluctant to give you an answer to this
question. In addition, I don’t think that you are going to be successful in
getting an answer to this question for several reasons:

You don’t indicate why you think you need to track ALL of the IRPs in the
system. It has very limited use outside of debugging/wanting to see how
things work. The fact that you are saying that you’re not an experienced
driver writer indicates that maybe you haven’t fully thought the problem
out. This suggests that you came to the conclusion that you need to hook
IoCallDriver before exploring legitimate solutions to your problem and are
now working backwards. This pretty much always leads to disaster.
There’s no blessed way to do this and all of the ways to achieve it are
major hacks. IRPTracker, for example, has to work differently if it’s the
checked build or if Verifier is running or if it’s Server 2003, and the “or
ifs” go on and on. That dialog that first pops up when it’s running ain’t
kiddin
Getting a driver that tracks all of the IRPs in the system is a pretty
advanced project and requires a thorough understanding of the I/O subsystem
(and I/O completion in particular). Getting the hooks in place is the least
of your problems.

So, I’d recommend familiarizing yourself more with drivers and going back
over your requirements before continuing down this path. If you still decide
to ignore everyone’s advice that this is not a good idea, you’d make more
progress on this time critical matter with WinDBG than sending posts to the
list and waiting for a response.

Regards,

-scott

–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

“shark marian” wrote in message
news:xxxxx@ntdev…
> hello everyone,
> i still want to develop a driver that can track all the Irp,but without
> answer,does no one can help me?
> i am not familiar about develop driver,this time is just so critical.
> best regards
> ding hao
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>

OSR_Community_User · December 14, 2004, 12:17pm

DQoNCg0KDQoNCkknbSBzb3JyeSB0aGF0IHlvdSBmZWVsIHRoYXQgbm8tb25lIHdhbnRzIHRvIGhl
bHAsIGJ1dCB5b3UncmUgYXNraW5nIGENCnByZXR0eSBzaW1wbGUsIHlldCBoYXJkIHRvIGFuc3dl
ciwgcXVlc3Rpb24sIGp1c3QgbGlrZSBzb21lb25lIHdhbGtpbmcgaW50bw0KYSBjYXItdHVuaW5n
IHBsYWNlIHNheWluZyAiQ2FuIHlvdSB0ZWxsIG1lIGhvdyB0byBtYWtlIG15IGVuZ2luZSBnbyBi
ZXR0ZXI/DQpJJ20gbm90IGEgdHJhaW5lZCBtZWNoYW5pYywgYnV0IEknbSBzdXJlIGl0IGNhbid0
IGJlIHRoYXQgaGFyZCIuIFRoZXJlIGFyZQ0Kc29tZSB0aGluZ3MgdGhhdCBhcmUgcmVhbGx5IHNp
bXBsZSB0byBkbyBpbiBjb21wdXRlciBzb2Z0d2FyZS4gRHJpdmVyDQpkZXZlbG9wbWVudCwgaG93
ZXZlciBJUyBOT1QgT05FIE9GIFRIRU0uIERpZ2dpbmcgYXJvdW5kIGluc2lkZSB0aGUga2VybmVs
DQp1c2luZyBob29raW5nIGlzIGRlZmluaXRlbHkgZXZlbiB3b3JzZSB0aGFuIGRyaXZlciBkZXZl
bG9wbWVudC4gWW91IG5lZWQgdG8NCnVuZGVyc3RhbmQgZXhhY3RseSB3aGF0IHRoZSBrZXJuZWwg
ZG9lcywgYW5kIGhvdyBpdCdzIHVzaW5nIHRoZSBpbmZvcm1hdGlvbg0KcGFzc2VkIGluLg0KDQpD
YW4geW91IGV4cGxhaW4gV0hZIHlvdSB3YW50IHRvIHRyYWNrIGV2ZXJ5IElSUCBpbiB0aGUgc3lz
dGVtPyBXaGF0IHByb2JsZW0NCmFyZSB5b3UgdHJ5aW5nIHRvIHNvbHZlPw0KDQpJbiBnZW5lcmFs
IHRoZSBwZW9wbCBvbiB0aGlzIGxpc3QgYXJlIHF1aXRlIGNhcGFibGUgb2YgZ2l2aW5nIHN1Z2dl
c3Rpb25zDQpvbiBob3cgdG8gc29sdmUgYSBwYXJ0aWN1bGFyIHByb2JsZW0gKHVzdWFsbHkgYmVj
YXVzZSB0aGV5IGFscmVhZHkgaGF2ZQ0Kc29sdmVkIHRoYXQgc2FtZSBwcm9ibGVtKSwgYnV0IGF0
IHRoZSBzYW1lIHRpbWUsIHRoZXkgYXJlIE5PVCBnb2luZyB0byB0ZWxsDQp5b3Ugc29tZXRoaW5n
IHRoYXQgaXMgb25seSBnb2luZyB0byBsZWFkIHRvIGEgbmV3LCBtdWNoIGhhcmRlciB0byBzb2x2
ZQ0KcHJvYmxlbSBpbW1lZGlhdGVseSBhZnRlciB5b3UndmUgcmVhZCB0aGUgYW5zd2VyLg0KDQot
LQ0KTWF0cw0KYm91bmNlLTE5NjExMS0xNDA3OUBsaXN0cy5vc3IuY29tIHdyb3RlIG9uIDEyLzE0
LzIwMDQgMDM6MzI6NTYgUE06DQoNCj4gaGVsbG8gZXZlcnlvbmUsDQo+ICAgICBpIHN0aWxsIHdh
bnQgdG8gZGV2ZWxvcCBhIGRyaXZlciB0aGF0IGNhbiB0cmFjayBhbGwgdGhlIElycCxidXQNCndp
dGhvdXQNCj4gYW5zd2VyLGRvZXMgbm8gb25lIGNhbiBoZWxwIG1lPw0KPiAgICAgaSBhbSBub3Qg
ZmFtaWxpYXIgYWJvdXQgZGV2ZWxvcCBkcml2ZXIsdGhpcyB0aW1lIGlzIGp1c3Qgc28gY3JpdGlj
YWwuDQo+ICAgICBiZXN0IHJlZ2FyZHMNCj4gICAgIGRpbmcgaGFvDQo+DQo+IF9fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+
IMPit9HPwtTYIE1TTiBFeHBsb3JlcjogICBodHRwOi8vZXhwbG9yZXIubXNuLmNvbS9sY2NuDQo+
DQo+DQo+IC0tLQ0KPiBRdWVzdGlvbnM/IEZpcnN0IGNoZWNrIHRoZSBLZXJuZWwgRHJpdmVyIEZB
USBhdCBodHRwOi8vd3d3Lg0KPiBvc3JvbmxpbmUuY29tL2FydGljbGUuY2ZtP2lkPTI1Ng0KPg0K
PiBZb3UgYXJlIGN1cnJlbnRseSBzdWJzY3JpYmVkIHRvIG50ZGV2IGFzOiBtYXRzLnBldGVyc3Nv
bkAzZGxhYnMuY29tDQo+IFRvIHVuc3Vic2NyaWJlIHNlbmQgYSBibGFuayBlbWFpbCB0byBsZWF2
ZS1udGRldi0xNDA3OUNAbGlzdHMub3NyLmNvbQ0KDQo+IEZvcndhcmRTb3VyY2VJRDpOVDAwMDA5
NkYy

AFei · December 14, 2004, 1:02pm

Hi Ding,

Actually you already got the answer, why not read the prior responses
carefully?
lots of people want to help you but you are shy to give us the detail
problem you
want to solve. I have tried to reply you yesterday, but finally give it up
because
you were already told what I want to say.If you didn’t familiar enough on
the
device driver & kernel stuff, why not start from a legitimate solution, by
the
limited description on your post, mostly, I think Maxim’s suggestion should
be
the answer: “attach a filter driver on the objects you want to monitor”.

Rgds,

AFei

“shark marian” wrote in message
news:xxxxx@ntdev…
> hello everyone,
> i still want to develop a driver that can track all the Irp,but
without
> answer,does no one can help me?
> i am not familiar about develop driver,this time is just so critical.
> best regards
> ding hao
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
>

OSR_Community_User · December 14, 2004, 6:22pm

hello AFei,
thanks for the reply.
of course i read all the answers about my question,and i know attach a
filter can do something,but i want to filter all the device/drivers,at
first how can i filter some many objects in one driver?then i want to
change the filter object set dynamicly,that is to say if i do not want to
filter floopydisk ,then i can make the filter driver filter anything except
the floppydisk,and can add the floppydisk if i want sometime,i do not know
how to do like this?
best regards
ding hao

ÓëÁª»úµÄÅóÓÑ½øÐÐ½»Á÷£¬ÇëÊ¹ÓÃ MSN Messenger: http://messenger.msn.com/cn

OSR_Community_User · December 14, 2004, 6:37pm

(I’m sure many people with disagree with me but)

There is no acceptable way to do this. It cannot be done safely, and it definitely can’t be done quickly (which you seem to need).

If that’s really all there is to your project then you’re done.

If there was some other goal, and you thought this was a step to get there, please tell us the actual goal and perhaps we can help you find an alternative that will actually work.

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of shark marian
Sent: Tuesday, December 14, 2004 3:21 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to track all the Irp?

hello AFei,
thanks for the reply.
of course i read all the answers about my question,and i
know attach a filter can do something,but i want to filter
all the device/drivers,at first how can i filter some many
objects in one driver?then i want to change the filter object
set dynamicly,that is to say if i do not want to filter
floopydisk ,then i can make the filter driver filter anything
except the floppydisk,and can add the floppydisk if i want
sometime,i do not know how to do like this?
best regards
ding hao

???ѽ??н???ʹ?? MSN Messenger: http://messenger.msn.com/cn

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com

Gary_G_Little · December 15, 2004, 11:21am

Hmmm, but I don’t WANT you mucking around with, or even know about, IRPs
that are bound for my driver so I guess I’ll just have to unhook your hook.

You have been told NO becsuae it is extremely invasive and rude, and because
you have neither the skills nor understanding of the kernel to do it
reliably without the entire driver stack crumbling.

–
The personal opinion of
Gary G. Little

“shark marian” wrote in message
news:xxxxx@ntdev…
> hello everyone,
> i still want to develop a driver that can track all the Irp,but
without
> answer,does no one can help me?
> i am not familiar about develop driver,this time is just so critical.
> best regards
> ding hao
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>
>