how about hooking to system dispatch routines like NtReadFile , NtWriteFile.
You need to change the system descritptor table and replace these functions
with your own functions. see sysinternal’s registry monitor driver.
–kumar
-----Original Message-----
From: Saxena, Ajitabh Prakash [mailto:xxxxx@lsil.com]
Sent: Thursday, August 08, 2002 1:57 PM
To: NT Developers Interest List
Subject: [ntdev] RE: Need a Driver to Monitor IO on all devices
What i am trying to look is a driver that should be expandable in Nature.
But i would start this project as a simple driver that keeps the Record of
all the IOs that has gone to any
Storage media.
Say it will have some information like Number of reads from Hard Disk 1
Number of writes to hard disk 2 and number of reads from the CDROM.
Later on i would be playing with the commands for Each STORAGE media.
Since “what i will be doing with those commands” is confidential stuff i
would not be able to elaborate further but i just need to sit at a place
from where i can get all the commands that goes any storage media.
thanks
ajitabh
-----Original Message-----
From: Peter Wieland [mailto:xxxxx@windows.microsoft.com]
Sent: Thursday, August 08, 2002 2:44 PM
To: NT Developers Interest List
Subject: [ntdev] RE: Need a Driver to Monitor IO on all devices
where you sit in the storage stack (or most stacks for that matter)
depends on what format you want to see the I/O requests in.
if you sit above the class driver then you will see
IRP_MJ_READ/IRP_MJ_WRITE/IRP_MJ_DEVICE_CONTROL requests coming in. If
you sit between class and port then most of what you see will be
IRP_MJ_SCSI requests as these are what the storage class driver converts
the former commands into.
note that at this level it will be very difficult to tell what file is
being accessed, so if that information is important to you you should
probably implement a file system filter again.
what sort of data are you planning to collect? it’s possible the
information is already provided by an existing system component but no
one can tell you that without some more information about your real
goal.
-p
-----Original Message-----
From: Saxena, Ajitabh Prakash [mailto:xxxxx@lsil.com]
Sent: Thursday, August 08, 2002 11:27 AM
To: NT Developers Interest List
Subject: [ntdev] Need a Driver to Monitor IO on all devices
hi all,
I am in the process of designing the a system monitoring
software. My requirement is just to have a single driver which will
monitor the IO that are going to each device on the system (Hard Drives
,CD-ROMS,Floppy
drives) and all other storage peripherials. I am planning to Write a
filter Driver I am not sure that where that driver will fit?? if i am
not wrong the Filter Driver sits between the Class Driver and the PORT
driver ?? In that case my filter Driver will recieve requests only for a
particular type of device.
For Example my Driver could hook up between disk Class driver and get
the requests for all the Hard Disks connected to the system??
My question is :
Am i correct on whatever i said above??
Is there a better way to do this task???
thanks
ajitabh
You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: xxxxx@lsil.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: xxxxx@Legato.COM
To unsubscribe send a blank email to %%email.unsub%%