Hello there,
Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot. So that I can put my KbFilter_ServiceCallback into the chain.
Is there a documented way of achieving this
You can get this if your keyboard is not PS2 based, like USB ou Bluetooth.
Disabling those devices and re-enabling them on the Device Manager you can get the registration again, but for PS2 keyboards you will must reboot your computer.
Fernando Roberto da Silva
DriverEntry Kernel Development
Nope. This question does imply that you are attaching after the stack has started. Is that right?
d
sent from my phpne
-----Original Message-----
From: xxxxx@gmail.com
Sent: April 15, 2010 8:07 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] KbdClass Filter Problem
Hello there,
Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot. So that I can put my KbFilter_ServiceCallback into the chain.
Is there a documented way of achieving this
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to
get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot.
For PS/2 - impossible.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Exactly it is after the stack has started. PrevX is a software that seems to
be doing this. I’m currently looking at their driver. If any1 knows it would
be great to let me know
Thanks
Ahmad
On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan wrote:
> Nope. This question does imply that you are attaching after the stack has
> started. Is that right?
>
> d
>
> sent from my phpne
>
> -----Original Message-----
> From: xxxxx@gmail.com
> Sent: April 15, 2010 8:07 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] KbdClass Filter Problem
>
>
> Hello there,
>
> Ive built a KbdLogger based on the DDK kbdfilter sample. I was just
> wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT
> request without reboot. So that I can put my KbFilter_ServiceCallback into
> the chain.
>
> Is there a documented way of achieving this
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Ahmad
Attaching after the stack has started is unsupported, you have no idea what the state of the stack is. Furthermore, if you want a logo for an input filter, KMDF is required and you can’t really pull this off with KMDF
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ahmad AbdulLateef
Sent: Thursday, April 15, 2010 11:38 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] KbdClass Filter Problem
Exactly it is after the stack has started. PrevX is a software that seems to be doing this. I’m currently looking at their driver. If any1 knows it would be great to let me know
Thanks
Ahmad
On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan > wrote:
Nope. This question does imply that you are attaching after the stack has started. Is that right?
d
sent from my phpne
-----Original Message-----
From: xxxxx@gmail.commailto:xxxxx >
Sent: April 15, 2010 8:07 AM
To: Windows System Software Devs Interest List >
Subject: [ntdev] KbdClass Filter Problem
Hello there,
Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot. So that I can put my KbFilter_ServiceCallback into the chain.
Is there a documented way of achieving this
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx>
I guess the only is to inline patch keyboardservicecallback :). will this
trigger KPP ???
On Fri, Apr 16, 2010 at 12:10 AM, Doron Holan wrote:
> Attaching after the stack has started is unsupported, you have no idea
> what the state of the stack is. Furthermore, if you h want a logo for an
> input filter, KMDF is required and you can?t really pull this off with KMDF
>
>
>
> d
>
>
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *Ahmad AbdulLateef
> Sent: Thursday, April 15, 2010 11:38 AM
>
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] KbdClass Filter Problem
>
>
>
> Exactly it is after the stack has started. PrevX is a software that seems
> to be doing this. I’m currently looking at their driver. If any1 knows it
> would be great to let me know
>
>
>
> Thanks
>
> Ahmad
>
> On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan
> wrote:
>
> Nope. This question does imply that you are attaching after the stack has
> started. Is that right?
>
> d
>
> sent from my phpne
>
>
> -----Original Message-----
> From: xxxxx@gmail.com
> Sent: April 15, 2010 8:07 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] KbdClass Filter Problem
>
>
> Hello there,
>
> Ive built a KbdLogger based on the DDK kbdfilter sample. I was just
> wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT
> request without reboot. So that I can put my KbFilter_ServiceCallback into
> the chain.
>
> Is there a documented way of achieving this
>
> —
>
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
>
> –
> Ahmad
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Ahmad
No, do not do that. Just filter MJ_READ irps, set a completion routine, and look at the buffer for KEYBOARD_INPUT_DATAs.
d
sent from my phpne
From: Ahmad AbdulLateef
Sent: April 15, 2010 9:54 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] KbdClass Filter Problem
I guess the only is to inline patch keyboardservicecallback :). will this trigger KPP ???
On Fri, Apr 16, 2010 at 12:10 AM, Doron Holan > wrote:
Attaching after the stack has started is unsupported, you have no idea what the state of the stack is. Furthermore, if you h want a logo for an input filter, KMDF is required and you can?t really pull this off with KMDF
d
From: xxxxx@lists.osr.commailto:xxxxx [mailto:xxxxx@lists.osr.commailto:xxxxx] On Behalf Of Ahmad AbdulLateef
Sent: Thursday, April 15, 2010 11:38 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] KbdClass Filter Problem
Exactly it is after the stack has started. PrevX is a software that seems to be doing this. I’m currently looking at their driver. If any1 knows it would be great to let me know
Thanks
Ahmad
On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan > wrote:
Nope. This question does imply that you are attaching after the stack has started. Is that right?
d
sent from my phpne
-----Original Message-----
From: xxxxx@gmail.commailto:xxxxx >
Sent: April 15, 2010 8:07 AM
To: Windows System Software Devs Interest List >
Subject: [ntdev] KbdClass Filter Problem
Hello there,
Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot. So that I can put my KbFilter_ServiceCallback into the chain.
Is there a documented way of achieving this
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>
Well then ill be above kbdclass if im not wrong. I would not operate on
KEYBOARD_INPUT_DATA right… It would be IRP based not CONNECT_DATA right?
On Fri, Apr 16, 2010 at 10:56 AM, Doron Holan wrote:
> No, do not do that. Just filter MJ_READ irps, set a completion routine, and
> look at the buffer for KEYBOARD_INPUT_DATAs.
>
>
> d
>
> sent from my phpne
>
> ------------------------------
> From: Ahmad AbdulLateef
> Sent: April 15, 2010 9:54 PM
>
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] KbdClass Filter Problem
>
> I guess the only is to inline patch keyboardservicecallback :). will
> this trigger KPP ???
>
> On Fri, Apr 16, 2010 at 12:10 AM, Doron Holan wrote:
>
>> Attaching after the stack has started is unsupported, you have no idea
>> what the state of the stack is. Furthermore, if you h want a logo for an
>> input filter, KMDF is required and you can?t really pull this off with KMDF
>>
>>
>>
>> d
>>
>>
>>
>> From: xxxxx@lists.osr.com [mailto:
>> xxxxx@lists.osr.com] *On Behalf Of *Ahmad AbdulLateef
>> Sent: Thursday, April 15, 2010 11:38 AM
>>
>> To: Windows System Software Devs Interest List
>> Subject: Re: [ntdev] KbdClass Filter Problem
>>
>>
>>
>> Exactly it is after the stack has started. PrevX is a software that seems
>> to be doing this. I’m currently looking at their driver. If any1 knows it
>> would be great to let me know
>>
>>
>>
>> Thanks
>>
>> Ahmad
>>
>> On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan
>> wrote:
>>
>> Nope. This question does imply that you are attaching after the stack has
>> started. Is that right?
>>
>> d
>>
>> sent from my phpne
>>
>>
>> -----Original Message-----
>> From: xxxxx@gmail.com
>> Sent: April 15, 2010 8:07 AM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] KbdClass Filter Problem
>>
>>
>> Hello there,
>>
>> Ive built a KbdLogger based on the DDK kbdfilter sample. I was just
>> wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT
>> request without reboot. So that I can put my KbFilter_ServiceCallback into
>> the chain.
>>
>> Is there a documented way of achieving this
>>
>> —
>>
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>>
>> –
>> Ahmad
>> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
>> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
>> the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
>
> –
> Ahmad
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Ahmad
Yes, but if you are attaching after the stack has started, the top is the only place you can be. The only way to be in the service callback chain is to let pnp add you when the stack is starting.
d
sent from my phpne
From: Ahmad AbdulLateef
Sent: April 15, 2010 10:29 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] KbdClass Filter Problem
Well then ill be above kbdclass if im not wrong. I would not operate on KEYBOARD_INPUT_DATA right… It would be IRP based not CONNECT_DATA right?
On Fri, Apr 16, 2010 at 10:56 AM, Doron Holan > wrote:
No, do not do that. Just filter MJ_READ irps, set a completion routine, and look at the buffer for KEYBOARD_INPUT_DATAs.
d
sent from my phpne
________________________________
From: Ahmad AbdulLateef >
Sent: April 15, 2010 9:54 PM
To: Windows System Software Devs Interest List >
Subject: Re: [ntdev] KbdClass Filter Problem
I guess the only is to inline patch keyboardservicecallback :). will this trigger KPP ???
On Fri, Apr 16, 2010 at 12:10 AM, Doron Holan > wrote:
Attaching after the stack has started is unsupported, you have no idea what the state of the stack is. Furthermore, if you h want a logo for an input filter, KMDF is required and you can?t really pull this off with KMDF
d
From: xxxxx@lists.osr.commailto:xxxxx [mailto:xxxxx@lists.osr.commailto:xxxxx] On Behalf Of Ahmad AbdulLateef
Sent: Thursday, April 15, 2010 11:38 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] KbdClass Filter Problem
Exactly it is after the stack has started. PrevX is a software that seems to be doing this. I’m currently looking at their driver. If any1 knows it would be great to let me know
Thanks
Ahmad
On Thu, Apr 15, 2010 at 8:43 PM, Doron Holan > wrote:
Nope. This question does imply that you are attaching after the stack has started. Is that right?
d
sent from my phpne
-----Original Message-----
From: xxxxx@gmail.commailto:xxxxx >
Sent: April 15, 2010 8:07 AM
To: Windows System Software Devs Interest List >
Subject: [ntdev] KbdClass Filter Problem
Hello there,
Ive built a KbdLogger based on the DDK kbdfilter sample. I was just wondering if there is any way to get an IOCTL INTERNAL KEYBOARD CONNECT request without reboot. So that I can put my KbFilter_ServiceCallback into the chain.
Is there a documented way of achieving this
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Ahmad
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>