Ah yes. It works now. Thanks very much! (Scott remains on his duff - haha).
Tripp Hyde
Mobile-Mind, Inc.
http://www.mobile-mind.com
+1 (617) 926 6888 x201
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gary Little
Sent: Wednesday, March 08, 2006 2:46 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Monitor IRPs (+ data)
Unless you are doing crash dump analysis, WinDbg needs to be connected via
1394 (recommended) or hard serial port (not USB to serial converter) to a
target running your driver. Most likely the ??? are saying “invalid
memory”. Once you have set the target for debug and have a connection and
things are chugging along, break into the system and set the breakpoint.
You shouldn’t really need to attach to anything.
Tell Scott Guthrie to get off his duff and help you. 
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tripp Hyde
Sent: Wednesday, March 08, 2006 1:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Monitor IRPs (+ data)
Gary,
Thanks very much. I seem to be getting a bit further but all the info
that comes up from the dt command has question marks. The command for an
IRP at 0x81859E48 (which I get from OSR’s IrpTracker) looks like: “dt _IRP
0x81859e48”. This is what it returns:
0:008> dt _IRP 0x81859e48
+0x000 Type : ??
+0x002 Size : ??
+0x004 MdlAddress : ???
+0x008 Flags : ??
+0x00c AssociatedIrp : __unnamed
+0x010 ThreadListEntry : _LIST_ENTRY
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x020 RequestorMode : ??
+0x021 PendingReturned : ??
+0x022 StackCount : ??
+0x023 CurrentLocation : ??
+0x024 Cancel : ??
+0x025 CancelIrql : ??
+0x026 ApcEnvironment : ??
+0x027 AllocationFlags : ??
+0x028 UserIosb : ???
+0x02c UserEvent : ???
+0x030 Overlay : __unnamed
+0x038 CancelRoutine : ???
+0x03c UserBuffer : ???
+0x040 Tail : __unnamed
Memory read error 81859e84
This is also my first time using WinDbg so I’m a little unclear how to use
it. As far as I know I need to attach the debugger to something so I’ve
attached it to the Windows Smartcard Service process (SCardSvr.exe). Is
that the right thing to do? Thanks again.
Tripp Hyde
Mobile-Mind, Inc.
http://www.mobile-mind.com
+1 (617) 926 6888 x201
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gary Little
Sent: Wednesday, March 08, 2006 11:26 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Monitor IRPs (+ data)
The Smartcard IFD defines METHOD_BUFFERED for all of it’s IOCTL calls so
the data buffer must be in IRP->AssociatedIrp->SystemBuffer. If you are in
WinDbg, which is one of the best places to do this, you can use "dt _IRP
" if you know the IRP. From there you can use dt in the same way
to display the system buffer contents, if you have the structure
available. Barring that then set a breakpoint at
!SmartcardDeviceControl. On the stack you will have pointers to
the IRP and the SMARTCARD_EXTENSION.
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tripp Hyde
Sent: Wednesday, March 08, 2006 8:34 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Monitor IRPs (+ data)
Hi all,
I'm working on a Windows "virtual" smartcard driver. We have a server on
the network that acts like a smartcard and we have built a driver for that
server so it looks like a smartcard/smartcard reader to Windows. The
problem we're having is getting the handshaking down between the "reader"
and driver/resource manager. There are a few things that need to happen
between the two for the resource manager to be happy (like protocol
selection and ATR confirmation).
We're not entirely sure what needs to happen so we've been trying to
monitor the communication between an actual smartcard reader and the
driver/resource manager. We have had great luck using the osronline
IrpTracker. It shows us what IRPs are occuring and what the responses
should like, but the one (and most important for us) thing it does not
show is the data associated with the IRP. It will, for example, show us
that an IOCTL_SMARTCARD_GET_ATTRIBUTE has been submitted by the resource
manager and we can see that, say, 16 bytes of data is returned by the
reader and the status is "success", but we cannot see what those 16 bytes
of data are! I believe it even shows the memory location of the buffers,
but I haven't had any luck reading those memory locations.
Any thoughts or does anyone know of any programs that do do this? I have
found one (NT Kernel Resources DevFilter) but it is not free.
Thanks much,
Tripp Hyde
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
---
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer