Logging Structures

NTDEV
1

I Want to write different structure data’s like DRIVER_OBJECT, DEVICE_OBJECt, IRP, IO_STACK_LOCATION,DEVICE_EXTENSION, URB etc in a file. well i can write file using ZwWriteFile but will i would be able to write any type of structure in a file? And is it safe to simply to use ZwOpenFile,ZwWriteFile without creating thread or events or pool etc.

2

I Want to write different structure data’s like DRIVER_OBJECT, DEVICE_OBJECt, IRP,
IO_STACK_LOCATION,DEVICE_EXTENSION, URB etc in a file. well i can write file using ZwWriteFile
but will i would be able to write any type of structure in a file? And is it safe to simply to use
ZwOpenFile,ZwWriteFile without creating thread or events or pool etc.

3
  1. this is a programming 101 question.
  2. if you are implementing a trace facility for a kernel driver might I
    suggest using the existing kernel tracing facility? Search for ETW here
    and in the DDK.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.in
Sent: Thursday, August 03, 2006 5:16 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Logging Structures

I Want to write different structure data’s like DRIVER_OBJECT,
DEVICE_OBJECt, IRP,
IO_STACK_LOCATION,DEVICE_EXTENSION, URB etc in a file. well i can write
file using ZwWriteFile
but will i would be able to write any type of structure in a file? And
is it safe to simply to use
ZwOpenFile,ZwWriteFile without creating thread or events or pool etc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

You can write anything you want to a file. There are 2 bigger problems here

  1. you can only use the Zw file APIs at passive level. this means you cannot log under a spinlock or in a dpc or in a completion routine
  2. these structures, especially a PIRP are entire flat. they have embedded pointers in them and these embedded pointers are what is interesting to the log, not necessarily the flat part of the structure .

d