Hello Osr List,
I have made an upper filter driver using the template from
Walter Oney’s book and attached it to a USB storage device
using the DDK addfilter program, but when I do so, the USB
device drive vanishes from the list of hard disk drives in
My Computer! I checked the driver with WinDbg and
Verifier but didn’t get any error messages.
When I type “addfilter /listdevices” the filter and device
still appear, though. When I remove and re-insert the USB
drive, WinDbg prints the IRP messages that the filter
driver detects,e.g:
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_CLEANUP
TESTFILTER4 - IRP_MJ_CLOSE
TESTFILTER4 - IRP_MJ_CLEANUP
TESTFILTER4 - IRP_MJ_CLOSE
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_READ
TESTFILTER4 - IRP_MJ_DEVICE_CONTROL
TESTFILTER4 - IRP_MJ_READ
Is it possible that my filter driver is blocking the IOCTL
messages somewhere so that the disk drive doesn’t appear
in My Computer ?
The program is not meant to interfere with the IRPs for
the device, just detect them and print messages in WinDbg,
and then pass them on.
Is there anything in this method which would stop the IRPs
being passed down the stack to the device ?
#pragma LOCKEDCODE // make no assumptions about
pageability of dispatch fcns
NTSTATUS DispatchAny(IN PDEVICE_OBJECT fido, IN PIRP Irp)
{ // DispatchAny
PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)
fido->DeviceExtension;
PIO_STACK_LOCATION stack =
IoGetCurrentIrpStackLocation(Irp);
#if DBG
static char* irpname = {
“IRP_MJ_CREATE”,
“IRP_MJ_CREATE_NAMED_PIPE”,
“IRP_MJ_CLOSE”,
“IRP_MJ_READ”,
“IRP_MJ_WRITE”,
“IRP_MJ_QUERY_INFORMATION”,
“IRP_MJ_SET_INFORMATION”,
“IRP_MJ_QUERY_EA”,
“IRP_MJ_SET_EA”,
“IRP_MJ_FLUSH_BUFFERS”,
“IRP_MJ_QUERY_VOLUME_INFORMATION”,
“IRP_MJ_SET_VOLUME_INFORMATION”,
“IRP_MJ_DIRECTORY_CONTROL”,
“IRP_MJ_FILE_SYSTEM_CONTROL”,
“IRP_MJ_DEVICE_CONTROL”,
“IRP_MJ_INTERNAL_DEVICE_CONTROL”,
“IRP_MJ_SHUTDOWN”,
“IRP_MJ_LOCK_CONTROL”,
“IRP_MJ_CLEANUP”,
“IRP_MJ_CREATE_MAILSLOT”,
“IRP_MJ_QUERY_SECURITY”,
“IRP_MJ_SET_SECURITY”,
“IRP_MJ_POWER”,
“IRP_MJ_SYSTEM_CONTROL”,
“IRP_MJ_DEVICE_CHANGE”,
“IRP_MJ_QUERY_QUOTA”,
“IRP_MJ_SET_QUOTA”,
“IRP_MJ_PNP”,
};
UCHAR type = stack->MajorFunction;
if (type >= arraysize(irpname))
KdPrint((DRIVERNAME " - Unknown IRP, major type %X\n",
type));
else
KdPrint((DRIVERNAME " - %s\n", irpname[type]));
#endif
// Pass request down without additional processing
NTSTATUS status;
status = IoAcquireRemoveLock(&pdx->RemoveLock, Irp);
if (!NT_SUCCESS(status))
return CompleteRequest(Irp, status, 0);
IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(pdx->LowerDeviceObject, Irp);
IoReleaseRemoveLock(&pdx->RemoveLock, Irp);
return status;
} // DispatchAny
If anybody could help me with this I would greatly
appreciate it.
Scott
— Windows System Software Devs Interest List digest
$B$+$i$N%a%C%;!<%8!'(B
> NTDEV Digest for Sunday, May 15, 2005.
>
> 1. Getting the Thread Context of a ring3 application
> 2. RE: Getting the Thread Context of a ring3
> application
> 3. RE: Virtual serial port software announce
> 4. Re: Virtual serial port software announce
> 5. draw icons and window titles in display driver
> 6. RE: Virtual serial port software announce
>
>
----------------------------------------------------------------------
>
> Subject: Getting the Thread Context of a ring3
> application
> From: “…”
> Date: Sun, 15 May 2005 19:57:32 +0200
> X-Message-Number: 1
>
> hello osr list,
>
> i set up a PsSetCreateProcessNotifyRoutine()
> when this callback now gets control i can obtain
> the eprocess and the threadid with
> PsLookupProcessByProcessId( ParentId,
> &ProcessPtr);
> PsGetCurrentThreadId();
> is it possible to obtain the whole register set of
> the ring3
> process(ParentId), with this information?
>
> i found this function, in the kernel exports
> PsGetContextThread()
> but i think there is no documentation about it.
>
> how can a ring0 debugger like syser or softice, read
> this values?
> with a user mode part, which uses the win32 debug
> api ?
>
> i hope somebody can give me a hint , thanks a lot
>
>
>
----------------------------------------------------------------------
>
> Subject: RE: Getting the Thread Context of a ring3
> application
> From: “Gary G. Little”
> Date: Sun, 15 May 2005 15:21:22 -0500
> X-Message-Number: 2
>
> Well …
>
> The questions is why? Tell us what you why you want
> to do that and perhaps
> we can give you a better answer, since, typically,
> what you asked is best
> left to the HAL.
>
> And … is a bit rude when the rest of us are not
> shy about using our
> names.
>
> Gary
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf
> Of …
> Sent: Sunday, May 15, 2005 12:58 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Getting the Thread Context of a
> ring3 application
>
> hello osr list,
>
> i set up a PsSetCreateProcessNotifyRoutine()
> when this callback now gets control i can obtain
> the eprocess and the threadid with
> PsLookupProcessByProcessId( ParentId,
> &ProcessPtr);
> PsGetCurrentThreadId();
> is it possible to obtain the whole register set of
> the ring3
> process(ParentId), with this information?
>
> i found this function, in the kernel exports
> PsGetContextThread()
> but i think there is no documentation about it.
>
> how can a ring0 debugger like syser or softice, read
> this values?
> with a user mode part, which uses the win32 debug
> api ?
>
> i hope somebody can give me a hint , thanks a lot
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> glittle@mn.rr.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
> NOD32 1.1097 (20050515) Information
>
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
>
>
>
----------------------------------------------------------------------
>
> Subject: RE: Virtual serial port software announce
> From: “Gary G. Little”
> Date: Sun, 15 May 2005 15:21:40 -0500
> X-Message-Number: 3
>
> Hmmm,
>
> Peter or Scott must have taken the weekend off. This
> kind of crap normally
> does not get through this list. Oh well … First?
> Hardly? I was doing this
> stuff (virtual anything) in 1976, in 12K of RAM
> supporting 8 users and 5
> print spoolers.
>
> Gary
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf
> Of Yura
> Sent: Saturday, May 14, 2005 3:47 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Virtual serial port software
> announce
>
> Hello ,Windows
>
> I would like to announce the program called
> Advanced Virtual COM Port.
> This is another virtual serial port software but
> has something
> interesting.
>
> It can create virtual serial ports and connect
> them locally or
> through the network. It can also share real serial
> ports trough the
> network.
> Another feature is a virtual ports monitoring
> feature
> (it shows port signals, number of bytes sent and
> received, etc.)
>
> Program can be found at:
> http://www.advancedvirtualcomport.com
>
> All NTDEV users will get 20% discount.
>
> Thanks for reading.
> –
> Best regards,
> Yura
> mailto:xxxxx@mail.zp.ua
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> glittle@mn.rr.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
> NOD32 1.1097 (20050515) Information
>
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
>
>
>
----------------------------------------------------------------------
>
> Subject: Re: Virtual serial port software announce
> From: “Peter Viscarola (OSR)”
> Date: Sun, 15 May 2005 14:17:54 -0700
> X-Message-Number: 4
>
> “Gary G. Little” wrote in
> message news:xxxxx@ntdev…
> > Hmmm,
> >
> > Peter or Scott must have taken the weekend off.
> This
=== message truncated ==
__________________________________
Do You Yahoo!?
Upgrade Your Life
http://bb.yahoo.co.jp/