Internals Book, was: How to hook the function IoCallDriver?

Well for that I would recommend:

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server™
2003, Windows XP, and Windows 2000 (Pro-Developer)
by Mark E. Russinovich, David A. Solomon see
http://www.sysinternals.com/windowsinternals.shtml for details.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

From: “Ihab Hamadeh”

Ok. Calm down guys. We are all here to learn and I am the first to be
taught. What is a great book about how NT works. Any recommendations? I
want the best of the best if possible.

Thanks a lot.

Thank you very much Don.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Sunday, December 12, 2004 1:52 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Internals Book, was: How to hook the function
IoCallDriver?

Well for that I would recommend:

Microsoft Windows Internals, Fourth Edition: Microsoft Windows
Server™
2003, Windows XP, and Windows 2000 (Pro-Developer)
by Mark E. Russinovich, David A. Solomon see
http://www.sysinternals.com/windowsinternals.shtml for details.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

From: “Ihab Hamadeh”

Ok. Calm down guys. We are all here to learn and I am the first to be
taught. What is a great book about how NT works. Any recommendations? I
want the best of the best if possible.

Thanks a lot.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@cse.psu.edu
To unsubscribe send a blank email to xxxxx@lists.osr.com

thanks for all the reply.
i really can download some tools that finish the irp track job,but that
is not sufficient,we also need something that the other tools can not
track,so we decide to develop ourselves,this is the main goal of the
question.
sorry for not clearly detailed my question.
regards


ÏíÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþϵͳ¡ª MSN Hotmail¡£ http://www.hotmail.com

ivona prenosilova wrote:

no, no Tony, i’ve never said you’re lame or that OSR stuff is lame.

Perhaps you did not intend to, but you did.

Your retraction and apology are accepted. Topic closed.

but why to
> make fun of them? why not just simply ignore the posts?

Well, first note that nobody from OSR made fun of them. Not that we
WOULDN’T have, mind you, but just nobody did this particular time.

Second, note that if somebody is lame enough to post such a question to
this forum, then at least the following two things are true:

a) They have not taken the time to search the archives of this list for
similar topics, which immediately marks them as lame;

b) They know enough to understand the name of the function IoCallDriver,
but little else. It is EXTREMELY lame (and arrogant) to not spend time
doing the proper research before bothering other people with one’s
question. I’m talking an hour with the debugger here. There are MANY
examples of such arrogance on this list, and it annoys me, personally,
to no end.

“How do I hook IoCallDriver” is one of thoese questions which, if you
have to ask, you shouldn’t be anywhere near doing it. Other questions
in this category are “Is this thing here the trigger?”, “Which is the
gas and which is the brake?”, and “Which handle do I pull to open the
chute?”

And lest I have to be subjected to any additional shite about whether
IrpTracker hooks this or that or not, note the following: When you run
IRP Tracker, the FIRST THING that happens is that it pops a DIALOG BOX
that says “This is a development support utility that may crash your
system. Click OK to proceed or cancel to exit now.” This is done before
anything tricky or harmful is done to the system on which it is running,
thus ensuring that naive users are warned of the risk. This allows us
to create an exceptionally powerful utility to benefit the community,
that’s useful for developers, while warning people who might try to use
such a utility that it is not suitable for use in a production
environment. Do you think the OP had similar safeguards in mind?

Ugh! Enough of that. Back to the original topic…

Hey, OP: Forget about hooking IoCallDriver. Do do it. Use a filter
driver. And do your homework next time before you post, OK?

Peter
OSR

Read this article http://research.microsoft.com/sn/detours/ .
Then go and hook whatever you like.

“shark marian” wrote in message
news:xxxxx@ntdev…
> hello everyone,
> i want to hook the function IoCallDriver() exported by ntosknrl.exe,what
> can i do to finish this job?
> regards
> ding hao
>
> _________________________________________________________________
> ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
>

Naa, Mark, its please name the driver and company so we can black-ball it.

To the OP – Bad idea, when you consider that inserting a driver in a driver
stack either as filter or child will give you the functionality you want and
reduce impact on the rest of the system. Questions like this one get
answered a dozen times a month so if we seem a little short it’s because you
didn’t do your homework and look at the history.


The personal opinion of
Gary G. Little

“Mark Roddy” wrote in message news:xxxxx@ntdev…
The real question here is will anyone actually answer this post?

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of shark marian
> Sent: Saturday, December 11, 2004 1:23 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to hook the function IoCallDriver?
>
> hello everyone,
> i want to hook the function IoCallDriver() exported by
> ntosknrl.exe,what can i do to finish this job?
> regards
> ding hao
>
> _________________________________________________________________
> ???,??? MSN Messenger: http://messenger.msn.com/cn
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@hollistech.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>