LPT-port driver filter

Alex_Funky · January 22, 2013, 1:17pm

Hello, I try intercept data from lpt-port (printing and etc), I make legacy driver filter and attach to \Device\Parallel0. But I don’t recieve any IRP_MJ_WRITE when printing start

Has anyone encountered this problem?

PS : can I use PNP-driver filter for parport.sys or only legasy?

Doron_Holan · January 22, 2013, 1:26pm

Your filter should be pnp.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, January 22, 2013 10:17 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] LPT-port driver filter

Hello, I try intercept data from lpt-port (printing and etc), I make legacy driver filter and attach to \Device\Parallel0. But I don’t recieve any IRP_MJ_WRITE when printing start

Has anyone encountered this problem?

PS : can I use PNP-driver filter for parport.sys or only legasy?

NTDEV is sponsored by OSR

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Alex_Funky · January 23, 2013, 7:20am

Thank Doron, bur when I install my filter as UpperFilters for Ports (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E978-E325-11CE-BFC1-08002BE10318}) I don’t recieve any IRP (IRP_MJ_CREATE,IRP_MJ_WRITE) in my filter when printing start…
Why?

Tim_Roberts · January 23, 2013, 12:46pm

xxxxx@gmail.com wrote:

Thank Doron, bur when I install my filter as UpperFilters for Ports (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E978-E325-11CE-BFC1-08002BE10318}) I don’t recieve any IRP (IRP_MJ_CREATE,IRP_MJ_WRITE) in my filter when printing start…
Why?

My guess would be that you actually have a USB printer. parport.sys is
only involved for parallel ports, and there are darned few parallel port
printers in the world these days. Indeed, it’s hard to find a genuine
parallel port on a modern computer.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Alex_Funky · January 23, 2013, 2:03pm

Tim Roberts,but I find computer with LPT port for testing))

Why I don’t recieve IRP_MJ_CREATE/IRP_MJ_WRITE in my filter?What am I wrong?How I can capture LPT data?

Alex_Grig · January 23, 2013, 2:33pm

See IOCTL_INTERNAL_PARCLASS_CONNECT

Tim_Roberts · January 23, 2013, 2:38pm

xxxxx@gmail.com wrote:

Tim Roberts,but I find computer with LPT port for testing))

And you actually have a printer with a parallel interface and a real
Windows driver? How are you doing your testing? Remember that an
operation in a DOS box like “dir > lpt1” will not go through this path.

Why I don’t recieve IRP_MJ_CREATE/IRP_MJ_WRITE in my filter?What am I wrong?How I can capture LPT data?

Did you reboot after installing your filter? Remember that you can’t
add a filter to a driver stack that’s already running. Are you sure
your driver is getting loaded?

What are you hoping to capture here? Remember that, at this level,
you’re going to get the printer’s binary language (which is probably
related to the binary language of moisture vaporators, if you’re a Star
Wars fan). It’s not going to be very meaningful.

There are other options for capturing printer traffic by using print
processors, which are user-mode DLL plugins.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Alex_Funky · January 24, 2013, 8:13am

Tim Roberts, after installing I reboot and see my driver in device stack parport.sys (use DeviceTree).

In case when I use legacy filter and try to attach to \Device\Parallel0 :

#define LPT_SYSTEM_OBJECT_NAME L"\Device\Parallel0"
…
RtlInitUnicodeString(&lpt_device,LPT_SYSTEM_OBJECT_NAME);
nt_status = IoGetDeviceObjectPointer(&lpt_device,FILE_READ_ATTRIBUTES,&portFileObject,&portDeviceObject);
…
IoGetDeviceObjectPointer() return STATUS_ACCESS_DENIED.

Tim_Roberts · January 24, 2013, 12:43pm

xxxxx@gmail.com wrote:

In case when I use legacy filter and try to attach to \Device\Parallel0 :

#define LPT_SYSTEM_OBJECT_NAME L"\Device\Parallel0"

There is a difference between \Device\Parallel0 and
\Device\ParallelPort0. It’s been too many years, but I believe
ParallelPort0 is the one you want. That’s the FDO for the parallel port
itself. \Device\Parallel0 is the PDO for a child device, which maps to
the LPT symbolic names.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff544284.aspx

I could be misremembering this.

However, I think there’s a bigger problem here. I suspect you have
copied your code from a 1997 sample available on the web. That sample
came out long before plug-and-play was introduced into NT. Now,
parport.sys is a PnP driver. You can’t insert a legacy driver into a
PnP device stack as a filter. The plumbing won’t connect. You have to
write a PnP filter driver and install it in the registry, like all PnP
filter drivers.

What you’re doing would allow you to send command into parport.sys, but
you would never be able to intercept requests from above.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Alex_Funky · January 25, 2013, 2:05am

Tim Roberts, yes parport.sys obeys the pnp-semantics.
But LowerFilter and UpperFilters for Port Class don’t help, and about this I wrote in the start of topic.
May be I must make BUS filter and tracking TargetDevice relations atach to PDO \Device\Parallel0 and cath IRP_MJ_WRITE?

Tim_Roberts · January 25, 2013, 1:50pm

xxxxx@gmail.com wrote:

Tim Roberts, yes parport.sys obeys the pnp-semantics.
But LowerFilter and UpperFilters for Port Class don’t help, and about this I wrote in the start of topic.
May be I must make BUS filter and tracking TargetDevice relations atach to PDO \Device\Parallel0 and cath IRP_MJ_WRITE?

Are you at least seeing IRP_MJ_PNP requests at startup?

Perhaps it’s already obvious to you, but remember that this only works
if you are printing from machine A onto a genuine parallel port printer
that is connected to machine A. It won’t work in a VM, or for a USB
printer, for for a networked printer.

Actually, I’m not sure you’ll see IRP_MJ_WRITE in the FDO. If you can
find the DDK version 3790 (I think that was the “Server 2003 DDK”), it
contains the source code for parport.sys. It looks like it expects to
see IRP_MJ_WRITE in the PDOs it creates, but not in the FDO.

Can you tell me exactly which printer model you are using for your testing?

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Don_Burn · January 25, 2013, 2:03pm

Tim,

You are correct about the parport being in the Server 2003 DDK, but
that was 3790.1830. As you mentioned a lot of print devices will not be
sending writes, since they will grab the I/O ports from the port driver
and use them directly.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Tim Roberts” wrote in message news:xxxxx@ntdev:

> xxxxx@gmail.com wrote:
> > Tim Roberts, yes parport.sys obeys the pnp-semantics.
> > But LowerFilter and UpperFilters for Port Class don’t help, and about this I wrote in the start of topic.
> > May be I must make BUS filter and tracking TargetDevice relations atach to PDO \Device\Parallel0 and cath IRP_MJ_WRITE?
>
> Are you at least seeing IRP_MJ_PNP requests at startup?
>
> Perhaps it’s already obvious to you, but remember that this only works
> if you are printing from machine A onto a genuine parallel port printer
> that is connected to machine A. It won’t work in a VM, or for a USB
> printer, for for a networked printer.
>
> Actually, I’m not sure you’ll see IRP_MJ_WRITE in the FDO. If you can
> find the DDK version 3790 (I think that was the “Server 2003 DDK”), it
> contains the source code for parport.sys. It looks like it expects to
> see IRP_MJ_WRITE in the PDOs it creates, but not in the FDO.
>
> Can you tell me exactly which printer model you are using for your testing?
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.