kernal api

Hi,
??? which? kernal api calle while clicking “save as” button from a browser.Hope that help me.
??? Thank you

The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/

Sree K wrote:

Hi,
which kernal api calle while clicking “save as” button from a
browser.Hope that help me.

I’m sorry, but this is a silly question. The handling of the “Save As”
button is all inside the browser, which is a simple user-mode
application, and anyone with any Win32 programming experience should
know this.

Perhaps you should try asking your question in a different way. What
are you really trying to accomplish here?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Tim.?? Thank you for your replay.Actually i want to lock an web page without saving.I think by hooking ?zwwritefile it is possible.But how identify the data in the buffer is my own data.Have any solution to block the save as button.Hope that help me.?? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Thanks again.— On Mon, 23/11/09, Tim Roberts wrote:

From: Tim Roberts
Subject: Re: [ntdev] kernal api
To: “Windows System Software Devs Interest List”
Date: Monday, 23 November, 2009, 6:02 PM

Sree K wrote:
> Hi,
>? ? ? which? kernal api calle while clicking “save as” button from a
> browser.Hope that help me.
>
>

I’m sorry, but this is a silly question.? The handling of the “Save As”
button is all inside the browser, which is a simple user-mode
application, and anyone with any Win32 programming experience should
know this.

Perhaps you should try asking your question in a different way.? What
are you really trying to accomplish here?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/

OK. One more time.

  1. You shouldn’t be hooking anything. Although there are occasionally reasons to do so, this isn’t even remotely one of them.

  2. You’ve been told this several times today between two threads by several different people. If you don’t agree with us, fair enough, but how about we move on?

  3. There’s likely no reason to do this in the kernel at all; as Tim already said, this is a user mode problem. The ‘save as’ button on any given browser has no direct connection to ‘ZwWriteFile().’ There’s also a massive semantic gap between the two.

  4. Even if you were going to do this in the kernel, in addition to being unnecessary, incredibly complicated, hard to debug and unsafe, your approach of hooking ZwWriteFile() also wouldn’t work in all cases, even if you got it all ‘right.’ If you really want to do this as a driver, go read about filesystem minifilters and be prepared to spend a couple of years getting the kernel part of it work, and then you’ll still have to cobble it together inside the browser.

  5. Why don’t you look in to a user mode approach to this? No matter how your approach this, according to your design, you’re going to have to address the ‘save as’ button in user mode, so why not start there? Run something like spyxx++ to trace the windows messages from ‘save as,’ and if you really are hell bent on hooking, hook something like CreateFile(). I think if you do this, you’ll see why hooking is not a good approach.

  6. There are plenty of user mode newgroups that will be able to help you much better.

Good luck,

m

Frankly, I like this guys spelling of “kernal”, which is how it was spelled on the Commodore 64. He must be old school.

I just knew I couldn’t have the only one on this list to have noticed
that :slight_smile:

Cheers,

–mkj

xxxxx@gmail.com wrote:

Frankly, I like this guys spelling of “kernal”, which is how it was spelled on the Commodore 64. He must be old school.


//
// Michael K. Jones
// Stone Hill Consulting, LLC
// http://www.stonehill.com
//_______________________________________________

Sree K wrote:

Thank you for your replay.Actually i want to lock an web page
without saving.I think by hooking zwwritefile it is possible.

You think wrong. What you ask is simply not possible. Even if you
could, what would be the point? Web pages are all cached as soon as
they are read. By the time you are looking at the page, it has already
been copied to disk.

But how identify the data in the buffer is my own data. Have any
solution to block the save as button.

You can’t. There are many hundreds of programs to read web pages. Are
you going to do the same thing in Firefox? Opera? Safari? What about
IE 4? Netscape? Lynx? Konqueror? What about command line tools like
wget? Even Acrobat and can read web pages.

What is the OVERALL goal? Are you trying to protect a web page that YOU
created? That’s impossible. Just forget about it. In order for it to
be viewed at all, you have to send the page source out through a socket,
and as SOON as you do that, you have lost control. Are you trying to
keep a malicious web site from attacking your machine? If so, this is
entirely the wrong approach. The attacks come through executing code,
not through saving files.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Michael Jones wrote:

I just knew I couldn’t have the only one on this list to have
noticed that :slight_smile:

Probably there are others too.

I was thinking about how “sree k” would implement this on the C64. First, he’d need to copy ROM to RAM, and then switch the mapper to point to the RAM version of the kernel, with “POKE 1, 53”.

Now, according to http://www.flavioweb.it/c64/docs/AsmDocs/c64-rom.html, the jump-vector for saving RAM to a device is $FFD8. I guess he would just need to replace JMP $F5DD with the location of his choosing. After disabling interrupts, of course :slight_smile:

Chris,

Frankly, I like this guys spelling of “kernal”,

When I saw the original post few hours ago I was just about to type “shit, where is Chris - it is so incredibly amusing”…

Anton Bassov

On 11/23/2009 11:21 PM, xxxxx@gmail.com wrote:

I was thinking about how “sree k” would implement this on the C64.
First, he’d need to copy ROM to RAM, and then switch the mapper to
point to the RAM version of the kernel, with “POKE 1, 53”.

Would this also work on a C64DTS? Or do these have some additional
paging bits at address 1? (Didn’t do much with the DTS after applying
the color fix. Day has not enough hours.)

Hagen Patzke wrote:

On 11/23/2009 11:21 PM, xxxxx@gmail.com wrote:

> I was thinking about how “sree k” would implement this on the C64.
> First, he’d need to copy ROM to RAM, and then switch the mapper to
> point to the RAM version of the kernel, with “POKE 1, 53”.
>

Would this also work on a C64DTS? Or do these have some additional
paging bits at address 1? (Didn’t do much with the DTS after applying
the color fix. Day has not enough hours.)

We’re not really discussing Commodore 64 trivia on [ntdev], are we?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hagen wrote:

Would this also work on a C64DTS? Or do these have some
additional paging bits at address 1? (Didn’t do much with the
DTS after applying the color fix. Day has not enough hours.)

I guess I have to swallow my pride and say I have no idea what a C64DTS is (nor does Google). Is this like the German name for a C-128? (If so, then I don’t really know. I recall there were “BANK” instructions in BASIC to switch between the two 64K RAM parts).

Tim wrote:

We’re not really discussing Commodore 64 trivia on [ntdev], are
we?

Of *course* we are… oh and Anton, don’t worry, I *almost* never miss an opportunity to call out an outsourcer’s grammar or spelling :slight_smile:

Chris,

Anton, don’t worry, I *almost* never miss an opportunity to call out an outsourcer’s grammar or spelling :slight_smile:

In context of the OP’s question grammar/spelling/etc is not that significant - I would say that, from the technical standpoint, this is one of the funniest questions I ever saw on NTDEV. I would say that, in terms of fun, it gets pretty close to the one where poster was asking us how to rename a file (although certainly not as funny as a myriad of “Don’t send me any more messages” posts )…

Anton Bassov

> Thank you for your replay.Actually i want to lock an web page without saving.

Unsolvable. You need to support different versions of IE, Firefox, Opera, KDE Konqueror and Google Chrome, which all have different internal engines (Konqueror has the same engine as Apple Safari).


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com