Mirror Driver

Hi.

I know a little bit about driver programming not a lot but I think I can make a driver from this successfully.

I am using the mirror driver from WDK 7600 and I would like to know what the relationship between the dll and the minidriver is? I am at a stage where I am learning to implentment a shared data between a driver and a service. Although I am not sure how secure this is and whether there are any better methods I could use for transfering a desktop image to a application. I had thought about copying only the changes to a variable and using FltMessageSend.

In this case I wouldn’t know what the security would be like.

Regarding the use of a mapped file (which is what I assume you mean when you refer to shared data), the way I’ve done that in the past is to have the service create the mapped file, then use an ioctl to tell the mirror driver what file to use. You can restrict the permissions as needed when creating the file.

On Oct 1, 2010, at 7:51 AM, xxxxx@hotmail.com wrote:

Hi.

I know a little bit about driver programming not a lot but I think I can make a driver from this successfully.

I am using the mirror driver from WDK 7600 and I would like to know what the relationship between the dll and the minidriver is? I am at a stage where I am learning to implentment a shared data between a driver and a service. Although I am not sure how secure this is and whether there are any better methods I could use for transfering a desktop image to a application. I had thought about copying only the changes to a variable and using FltMessageSend.

In this case I wouldn’t know what the security would be like.

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Hi.

Thanks.

I am good with communicating with the minifilter through IOCTL, how would I communicate with its DLL?

Regarding the use of a mapped file (which is what I assume you mean when you
refer to shared data), the way I’ve done that in the past is to have the service
create the mapped file, then use an ioctl to tell the mirror driver what file to
use. You can restrict the permissions as needed when creating the file.

On Oct 1, 2010, at 7:51 AM, xxxxx@hotmail.com wrote:

> Hi.
>
> I know a little bit about driver programming not a lot but I think I can make
a driver from this successfully.
>
> I am using the mirror driver from WDK 7600 and I would like to know what the
relationship between the dll and the minidriver is? I am at a stage where I am
learning to implentment a shared data between a driver and a service. Although I
am not sure how secure this is and whether there are any better methods I could
use for transfering a desktop image to a application. I had thought about
copying only the changes to a variable and using FltMessageSend.
>
> In this case I wouldn’t know what the security would be like.
>
> —
> NTDEV is sponsored by OSR
<…excess quoted lines suppressed…>

xxxxx@hotmail.com wrote:

I am good with communicating with the minifilter through IOCTL, how would I communicate with its DLL?

I’m confused. You have mixed the terms from a number of different types
of drivers here. Your subject line asks about a “mirror driver”, which
is a graphics driver. Such a driver consists of a DLL and a miniport.

However, you also mentioned “minidriver”, which is not a graphics driver
term. Then you mentioned “minifilter”, which is also not a graphics
driver term. Then, you mention FltMessageSend, which is a file system
driver term.

What kind of driver are you writing, exactly? You need to get in the
habit of using the proper terms. Otherwise, you’ll get nonsense answers.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi.

Thankyou.

I am writing a graphical mirror driver. The DLL is part of the sample WDK give you. I didn’t know FltMessageSend was for file system minifilters. What I am looking for is just to communicate between the DLL and a userapp. If it was a driver/minifilter, I could use IOCTL but I don’t know how to use this in the DLL.

Mirrored disks (RAID 0 or 1, I forget) perhaps?

— xxxxx@probo.com wrote:

From: Tim Roberts
To: “Windows System Software Devs Interest List”
Subject: Re: [ntdev] Mirror Driver
Date: Fri, 1 Oct 2010 09:48:28 -0700

xxxxx@hotmail.com wrote:
> I am good with communicating with the minifilter through IOCTL, how would I communicate with its DLL?

I’m confused. You have mixed the terms from a number of different types
of drivers here. Your subject line asks about a “mirror driver”, which
is a graphics driver. Such a driver consists of a DLL and a miniport.

However, you also mentioned “minidriver”, which is not a graphics driver
term. Then you mentioned “minifilter”, which is also not a graphics
driver term. Then, you mention FltMessageSend, which is a file system
driver term.

What kind of driver are you writing, exactly? You need to get in the
habit of using the proper terms. Otherwise, you’ll get nonsense answers.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

xxxxx@hotmail.com wrote:

I am writing a graphical mirror driver. The DLL is part of the sample WDK give you. I didn’t know FltMessageSend was for file system minifilters. What I am looking for is just to communicate between the DLL and a userapp. If it was a driver/minifilter, I could use IOCTL but I don’t know how to use this in the DLL.

You use the ExtEscape API. That calls DrvEscape in the driver. It’s
basically the ioctl equivalent for display drivers.

Some of the escape codes have pre-defined meanings. For safety, I’d
start my numbers at 0x2000.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi,

Thanks Tim, that proved a good help.

I seem to have one last (probably obvious thing). The code below worked until I rewrote the function, so I can get it to work but I would like to understand something. Below if I send a memory address from the App to the Driver, it's address is different. Can someone explain to me why.

Driver

ServiceDesktopImage = (PMIRRORMEMORY) pvIn; // Is 0x9C85FD00
DbgPrint("ServiceDesktopImage='0x%08X'.\n", (ULONG) ServiceDesktopImage);

App

ServiceDesktopImage = (PMIRRORMEMORY) malloc(sizeof(MIRRORMEMORY)+1);
memset(ServiceDesktopImage, 0, sizeof(MIRRORMEMORY));
ExtEscape(hdc, 0x2000, 1, (LPCSTR)ServiceDesktopImage, 0, NULL); // Is 0x00A80020

The giveaway is the fact that in the kernel, you have a kernel address.
There are many potential causes for this, and here's some guesses...

If you use buffered I/O (unlikely) this is the kernel buffer into which it
was copied

If you are using direct I/O, and the controller does not have scatter-gather
capability, this is an internal kernel buffer of contiguous memory into
which the scattered pages have been copied

If you have the Driver Verifier running, and it is in the mood to do so, it
has remapped the buffers to its own internal buffers which it is using to
help check DMA

If you are using programmed I/O, this is the remapped kernel address which
is an alias to the user buffer; this is essential if you ever expect to use
the user buffer in the kernel (MmGetSystemAddressForMdlSafe, for example)

I missed if this was a mirrored file system, but this could be the address
of the pages in the file system cache, which at this point is just now being
actually written to the device(s)

I did not see the messages leading up to this, so I'm working here with
incredibly incomplete information. So these are just my best guesses at
what might be happening (any of the above would account for what you see,
and there may be more explanations)
joe

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Sunday, October 03, 2010 1:31 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Mirror Driver

Hi,

Thanks Tim, that proved a good help.

I seem to have one last (probably obvious thing). The code below worked
until I rewrote the function, so I can get it to work but I would like to
understand something. Below if I send a memory address from the App to the
Driver, it's address is different. Can someone explain to me why.

Driver

ServiceDesktopImage = (PMIRRORMEMORY) pvIn; // Is 0x9C85FD00
DbgPrint("ServiceDesktopImage='0x%08X'.\n", (ULONG) ServiceDesktopImage);

App

ServiceDesktopImage = (PMIRRORMEMORY) malloc(sizeof(MIRRORMEMORY)+1);
memset(ServiceDesktopImage, 0, sizeof(MIRRORMEMORY));
ExtEscape(hdc, 0x2000, 1, (LPCSTR)ServiceDesktopImage, 0, NULL); // Is
0x00A80020

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:

To unsubscribe, visit the List Server section of OSR Online at

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

xxxxx@hotmail.com wrote:

I seem to have one last (probably obvious thing). The code below worked until I rewrote the function, so I can get it to work but I would like to understand something. Below if I send a memory address from the App to the Driver, it’s address is different. Can someone explain to me why.

Driver

ServiceDesktopImage = (PMIRRORMEMORY) pvIn; // Is 0x9C85FD00
DbgPrint(“ServiceDesktopImage=‘0x%08X’.\n”, (ULONG) ServiceDesktopImage);

App

ServiceDesktopImage = (PMIRRORMEMORY) malloc(sizeof(MIRRORMEMORY)+1);
memset(ServiceDesktopImage, 0, sizeof(MIRRORMEMORY));
ExtEscape(hdc, 0x2000, 1, (LPCSTR)ServiceDesktopImage, 0, NULL); // Is 0x00A80020

User mode addresses are transient, since processes come and go so
quickly. (Remember that the address 0x00A80020 is only valid while your
process is actually in the CPU. When there is a task switch so that
Word can blink its cursor, that address points to somewhere in Word.)

For almost all I/O requests, when the request moves from user-mode to
kernel-mode, the user’s buffer is turned into a kernel address. That’s
done in one of two ways: either the user’s buffer is copied into a safe
piece of kernel mode memory (called “buffered I/O”), or the user’s
buffer is locked so it cannot be paged out, and a kernel address is
assigned to the same page (called “direct I/O”).

I should know whether the Escape call is buffered or direct, but I
don’t. I assume it is “direct”.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Thankyou so very much,

xxxxx@hotmail.com wrote:
> I seem to have one last (probably obvious thing). The code below worked until
I rewrote the function, so I can get it to work but I would like to understand
something. Below if I send a memory address from the App to the Driver, it’s
address is different. Can someone explain to me why.
>
> Driver
> -------
> ServiceDesktopImage = (PMIRRORMEMORY) pvIn; // Is 0x9C85FD00
> DbgPrint(“ServiceDesktopImage=‘0x%08X’.\n”, (ULONG) ServiceDesktopImage);
>
> App
> ----
> ServiceDesktopImage = (PMIRRORMEMORY) malloc(sizeof(MIRRORMEMORY)+1);
<…excess quoted lines suppressed…>

User mode addresses are transient, since processes come and go so
quickly. (Remember that the address 0x00A80020 is only valid while your
process is actually in the CPU. When there is a task switch so that
Word can blink its cursor, that address points to somewhere in Word.)

For almost all I/O requests, when the request moves from user-mode to
kernel-mode, the user’s buffer is turned into a kernel address. That’s
done in one of two ways: either the user’s buffer is copied into a safe
piece of kernel mode memory (called “buffered I/O”), or the user’s
buffer is locked so it cannot be paged out, and a kernel address is
assigned to the same page (called “direct I/O”).

I should know whether the Escape call is buffered or direct, but I
don’t. I assume it is “direct”.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.