IrpTracker

OSR_Community_User · November 17, 2008, 3:11pm

How does IrpTarcker work?

Scott_Noone_OSR · November 17, 2008, 3:50pm

Through unsupported, undocumented, hacky, and big PITA means. Are you asking
out of curiousity or are you trying to accomplish something? If you’re
trying to accomplish something other than rewriting the tool (keeping the
icon, I hope) then there’s almost surely a better way to accomplish it.

-scott

–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntdev…
> How does IrpTarcker work?
>

OSR_Community_User · November 17, 2008, 6:39pm

Yeah but how? What unsupported, undocumented, hacky, and big PITA means is IrpTracker using???

Tim_Roberts · November 17, 2008, 6:55pm

xxxxx@hotmail.com wrote:

Yeah but how? What unsupported, undocumented, hacky, and big PITA means is IrpTracker using???

It’s not that hard to guess, is it? It doesn’t use a filter driver,
which means they must be doing something horrible like hooking the
IoCallDriver entry point, or one of the internal routines that
IoCallDriver uses, and then something similar on the completion end.
They hooking probably needs to be tweaked for every service pack.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · November 17, 2008, 7:46pm

Hooking? What about PatchGuard on Vista, since Vista is one of the supported platforms

Tim_Roberts · November 17, 2008, 7:49pm

xxxxx@hotmail.com wrote:

Hooking? What about PatchGuard on Vista, since Vista is one of the supported platforms

PatchGuard makes it harder. It doesn’t make it impossible. Also, I
should qualify this by saying I don’t KNOW that’s what they’re doing.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Ken_Johnson · November 17, 2008, 8:06pm

Irregardless, excepting NDIS.sys, PatchGuard doesn’t do anything about patching loaded driver images, or anything about IRP dispatcher entrypoints.

(This is of course not encouragement to blithely run out and do that in production code.)

S

-----Original Message-----
From: xxxxx@hotmail.com
Sent: Monday, November 17, 2008 18:46
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] IrpTracker

Hooking? What about PatchGuard on Vista, since Vista is one of the supported platforms

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer