Hello all,
I have a filter driver which transparently encrypts/decrypts all physical disk io. It is used in conjunction with a 16-bit int13 hooking module which handles disk reads during OS boot.My filter driver is loaded as lower filter to disk.sys.
INT13 hooking module is decrypting all the system files till certain point of time, i guess beyond which OS disk driver would take over task of disk read/write. But the moment BIOS looses control and it switches to (Windows XP) OS drivers it crashes with bugcheck code
0x6b(PROCESS1_INITIALIZATION_FAILED).
Is disk.sys reading the disk before my driver gets loaded? I had also read somewhere in the NTFSD archive that if we specify “multi()” in the boot.ini, all the boot drivers are read through int13 and only then it switches to disk drivers. I’m following the same syntax in my boot.ini.
I’m having problem only with Windows XP. I tried my driver and the int13h hooking module on Win2k and it’s working fine.
The “LoadOrderGroup” for my filter driver is “PnP Filter”. I tried changing it to “SCSI Class” so that it loads immediately after the disk.sys is loaded. Still the problem persists on Win XP…
Can anybody please point out what wrong am I doing? Any help would be greatly appreciated.
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
What is the Start value for your driver? Set it to 0 if it is not already.
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shenoy, Prashanth
Sent: Sunday, December 11, 2005 6:04 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Load order of disk filter driver in Windows XP
Hello all,
I have a filter driver which transparently encrypts/decrypts all physical
disk io. It is used in conjunction with a 16-bit int13 hooking module which
handles disk reads during OS boot.My filter driver is loaded as lower filter
to disk.sys.
INT13 hooking module is decrypting all the system files till certain point
of time, i guess beyond which OS disk driver would take over task of disk
read/write. But the moment BIOS looses control and it switches to (Windows
XP) OS drivers it crashes with bugcheck code
0x6b(PROCESS1_INITIALIZATION_FAILED).
Is disk.sys reading the disk before my driver gets loaded? I had also read
somewhere in the NTFSD archive that if we specify “multi()” in the boot.ini,
all the boot drivers are read through int13 and only then it switches to
disk drivers. I’m following the same syntax in my boot.ini.
I’m having problem only with Windows XP. I tried my driver and the int13h
hooking module on Win2k and it’s working fine.
The “LoadOrderGroup” for my filter driver is “PnP Filter”. I tried changing
it to “SCSI Class” so that it loads immediately after the disk.sys is
loaded. Still the problem persists on Win XP…
Can anybody please point out what wrong am I doing? Any help would be
greatly appreciated.
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo!
http:ylc=X3oDMTE2bzVzaHJtBF9TAzk1OTQ5NjM2BHNlYwNtYWlsdGFnBHNsawNob2xpZGF5LTA1%20%
0d%0a> Shopping — Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17 You are currently subscribed to
ntfsd as: xxxxx@kerneldrivers.com To unsubscribe send a blank email to
xxxxx@lists.osr.com</http:>
It is already set to 0 (ie it is loaded during boot time)
Peter Scott wrote:
v:* {behavior:url(#default#VML);} o:* {behavior:url(#default#VML);} w:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} st1:*{behavior:url(#default#ieooui) }
What is the Start value for your driver? Set it to 0 if it is not already.
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
---------------------------------
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Shenoy, Prashanth
Sent: Sunday, December 11, 2005 6:04 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Load order of disk filter driver in Windows XP
Hello all,
I have a filter driver which transparently encrypts/decrypts all physical disk io. It is used in conjunction with a 16-bit int13 hooking module which handles disk reads during OS boot.My filter driver is loaded as lower filter to disk.sys.
INT13 hooking module is decrypting all the system files till certain point of time, i guess beyond which OS disk driver would take over task of disk read/write. But the moment BIOS looses control and it switches to (Windows XP) OS drivers it crashes with bugcheck code
0x6b(PROCESS1_INITIALIZATION_FAILED).
Is disk.sys reading the disk before my driver gets loaded? I had also read somewhere in the NTFSD archive that if we specify “multi()” in the boot.ini, all the boot drivers are read through int13 and only then it switches to disk drivers. I’m following the same syntax in my boot.ini.
I’m having problem only with Windows XP. I tried my driver and the int13h hooking module on Win2k and it’s working fine.
The “LoadOrderGroup” for my filter driver is “PnP Filter”. I tried changing it to “SCSI Class” so that it loads immediately after the disk.sys is loaded. Still the problem persists on Win XP…
Can anybody please point out what wrong am I doing? Any help would be greatly appreciated.
- Prashanth
---------------------------------
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping — Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
“Shenoy, Prashanth” wrote in message
news:xxxxx@ntfsd…
> INT13 hooking module is decrypting all the system files till certain point
> of time, i guess beyond which OS disk driver would take over task of disk
> read/write. But the moment BIOS looses control and it switches to (Windows
> XP) OS drivers it crashes with bugcheck code
> 0x6b(PROCESS1_INITIALIZATION_FAILED).
In 2003 and I assume XP, the system goes in and out of protected mode while
booting, is it possible that your hooks are not surviving the swaps?
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
Hi Don,
Can you please elaborate your explaination a little… I couldn’t get the problem yet.
Don Burn wrote:
“Shenoy, Prashanth”
wrote in message
news:xxxxx@ntfsd…
> INT13 hooking module is decrypting all the system files till certain point
> of time, i guess beyond which OS disk driver would take over task of disk
> read/write. But the moment BIOS looses control and it switches to (Windows
> XP) OS drivers it crashes with bugcheck code
> 0x6b(PROCESS1_INITIALIZATION_FAILED).
In 2003 and I assume XP, the system goes in and out of protected mode while
booting, is it possible that your hooks are not surviving the swaps?
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
—
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
Basically, the system goes into and out of protected mode several times
before it finally stays in protected mode and starts the device drivers.
Depending on where you put your hooks and how you identified them (sorry I’m
not a BIOS expert, I was just the architect on a project that saw this) you
may not have the hook properly mapped when you come back.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Shenoy, Prashanth” wrote in message
news:xxxxx@ntfsd…
> Hi Don,
>
> Can you please elaborate your explaination a little… I couldn’t get the
> problem yet.
>
> - Prashanth
>
> Don Burn wrote:
>
> “Shenoy, Prashanth”
> wrote in message
> news:xxxxx@ntfsd…
>> INT13 hooking module is decrypting all the system files till certain
>> point
>> of time, i guess beyond which OS disk driver would take over task of disk
>> read/write. But the moment BIOS looses control and it switches to
>> (Windows
>> XP) OS drivers it crashes with bugcheck code
>> 0x6b(PROCESS1_INITIALIZATION_FAILED).
>
> In 2003 and I assume XP, the system goes in and out of protected mode
> while
> booting, is it possible that your hooks are not surviving the swaps?
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> ---------------------------------
> Yahoo! Shopping
> Find Great Deals on Holiday Gifts at Yahoo! Shopping
If you acquire a tome such as “Inside Windows 2000” you will see that
there are several transitions between real mode and protected mode. At
power on or reset, without a doubt you are in real mode when the BISO runs
and POST is typically performed. The BIOS may or may not use protected
mode, until it loads and runs the MBR which in turn loads and runs NtLdr.
NtLdr may switch in and out of protected mode depending on what it is
doing ad what it needs. NtLdr is mapping OUT the BIOS and MAPPING in the
OS it is loading. So . is your “hook” surviving all of this memory
mapping, or is it still sitting in the BIOS which has been swapped into
Never Never Land?
I still contend that encryption/decryption is best done in the firmware of
the hard drive. A software solution cannot easily guarantee 100%
encryption of the media, whereas a disc that does full disc encryption
(FDE) can.
Gary G. Little
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shenoy, Prashanth
Sent: Tuesday, December 13, 2005 9:28 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Load order of disk filter driver in Windows XP
Hi Don,
Can you please elaborate your explaination a little… I couldn’t get the
problem yet.
Don Burn wrote:
“Shenoy, Prashanth” wrote in message
news:xxxxx@ntfsd…
> INT13 hooking module is decrypting all the system files till certain
point
> of time, i guess beyond which OS disk driver would take over task of
disk
> read/write. But the moment BIOS looses control and it switches to
(Windows
> XP) OS drivers it crashes with bugcheck code
> 0x6b(PROCESS1_INITIALIZATION_FAILED).
In 2003 and I assume XP, the system goes in and out of protected mode
while
booting, is it possible that your hooks are not surviving the swaps?
–
Don Burn (MVP, Windows DDK)
W! indows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
_____
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo!
http:;_ylc=X3oDMTE2bzVzaHJtBF9TAzk1OTQ5NjM2BHNlYwNtYWlsdGFnBHNsawNob2xpZGF5LTA1
%20%0d%0a> Shopping — Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17 You are currently subscribed
to ntfsd as: xxxxx@seagate.com To unsubscribe send a blank email
to xxxxx@lists.osr.com</http:>