Hey, guys
I am porting some old hooking code to a minifilter and my minifilter does
not seem to get the
aforesaid IRP. I am trying to replace the old hooking logic present in the
DeviceIoControl() hook.
I receive both FILE_SYSTEM_CONTROL and DEVICE_CONTROL but for some
misterious reason
I don’t receive INTERNAL_DEVICE_CONTROL.
Anybody has a clue?
Regards,
Dmitry.
Are you sure someone is trying to send them to the FSD (note that internal
device controls can only come from kernel mode)?
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Dmitry Geskin” wrote in message news:xxxxx@ntfsd…
> Hey, guys
> I am porting some old hooking code to a minifilter and my minifilter does
> not seem to get the
> aforesaid IRP. I am trying to replace the old hooking logic present in the
> DeviceIoControl() hook.
> I receive both FILE_SYSTEM_CONTROL and DEVICE_CONTROL but for some
> misterious reason
> I don’t receive INTERNAL_DEVICE_CONTROL.
>
> Anybody has a clue?
> Regards,
> Dmitry.
>
>
You can get them, and this is one of many deficiencies in the
mini-filter model. The model is great when you can fit into the world
as Microsoft intended, but unlike WDF has no good way to escape when the
model misses a needed action.
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: Scott Noone [mailto:xxxxx@osr.com]
Posted At: Thursday, June 17, 2010 9:50 AM
Posted To: ntfsd
Conversation: IRP_MJ_INTERNAL_DEVICE_CONTROL
Subject: Re: IRP_MJ_INTERNAL_DEVICE_CONTROLAre you sure someone is trying to send them to the FSD (note that
internal
device controls can only come from kernel mode)?-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com“Dmitry Geskin” wrote in message
news:xxxxx@ntfsd…
> > Hey, guys
> > I am porting some old hooking code to a minifilter and my minifilter
does
> > not seem to get the
> > aforesaid IRP. I am trying to replace the old hooking logic present
in the
> > DeviceIoControl() hook.
> > I receive both FILE_SYSTEM_CONTROL and DEVICE_CONTROL but for some
> > misterious reason
> > I don’t receive INTERNAL_DEVICE_CONTROL.
> >
> > Anybody has a clue?
> > Regards,
> > Dmitry.
> >
> >
>
>
> Information from ESET Smart Security, version of virus
signature
> database 5203 (20100617)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
Thanks, I am just trying to escape some very ugly logic for hooking tcp and
udp traffic (Win XP)
which is currently implemented within the NtDeviceIoControl hook. I am
trying to port the code
to a minifilter model but looks like I will have to stay with this ugly hook
since:
So, I will have to stick to the hooker lifestyle for a while…
“Don Burn” wrote in message news:xxxxx@ntfsd…
> You can get them, and this is one of many deficiencies in the
> mini-filter model. The model is great when you can fit into the world
> as Microsoft intended, but unlike WDF has no good way to escape when the
> model misses a needed action.
>
>
> Don Burn (MVP, Windows DKD)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
>
>> -----Original Message-----
>> From: Scott Noone [mailto:xxxxx@osr.com]
>> Posted At: Thursday, June 17, 2010 9:50 AM
>> Posted To: ntfsd
>> Conversation: IRP_MJ_INTERNAL_DEVICE_CONTROL
>> Subject: Re: IRP_MJ_INTERNAL_DEVICE_CONTROL
>>
>> Are you sure someone is trying to send them to the FSD (note that
> internal
>> device controls can only come from kernel mode)?
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Dmitry Geskin” wrote in message
> news:xxxxx@ntfsd…
>> > Hey, guys
>> > I am porting some old hooking code to a minifilter and my minifilter
> does
>> > not seem to get the
>> > aforesaid IRP. I am trying to replace the old hooking logic present
> in the
>> > DeviceIoControl() hook.
>> > I receive both FILE_SYSTEM_CONTROL and DEVICE_CONTROL but for some
>> > misterious reason
>> > I don’t receive INTERNAL_DEVICE_CONTROL.
>> >
>> > Anybody has a clue?
>> > Regards,
>> > Dmitry.
>> >
>> >
>>
>>
>> Information from ESET Smart Security, version of virus
> signature
>> database 5203 (20100617)
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>
>