Hi
I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t sufficient.
Can you supply me with a working example (or a link to one) of dma code from top to bottom?
Throw the Oney book away, if for no other reason that it’s about WDM.
You want to write a PCI device driver these days using KMDF, not WDM.
There are examples in the WDK that demonstrate DMA using KMDF.
Peter
OSR
xxxxx@mail.ru wrote:
I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t sufficient.
Can you supply me with a working example (or a link to one) of dma code from top to bottom?
It is complicated, so don’t be fooled into thinking someone’s going to
send you 20 lines of code that handles it all.
Do you actually have a PCI device that does bus mastering? Does it do
scatter/gather? Are you forwarding user-mode requests, or are these
transfers originating in the driver?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
>> I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t sufficient.
> Can you supply me with a working example (or a link to one) of dma code from top to bottom?
It is complicated, so don’t be fooled into thinking someone’s going to send you 20 lines of code that
handles it all.
Not that easy to scare me, though I’m just a beginner in driver dev.
Do you actually have a PCI device that does bus mastering? Does it do scatter/gather?
Are you forwarding user-mode requests, or are these transfers originating in the driver?
Well the driver won’t be all by itself. I mean that some userspace program will use its services.
I’m not really sure that dma is what I really need for my purpose (read the video card fb), besides
I tend to think that dma code will have some pretty device dependent code.
???
> I’m not really sure that dma is what I really need for my purpose (read the video card fb)
If you don’t own the HW resources, you can’t touch them. Especially true for such a complicated piece if hw like your grfx controller
d
Bent from my phone
From: xxxxx@mail.rumailto:xxxxx
Sent: ?5/?25/?2013 9:51 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] PCI devce DMA
>> I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t sufficient.
>> Can you supply me with a working example (or a link to one) of dma code from top to bottom?
>It is complicated, so don’t be fooled into thinking someone’s going to send you 20 lines of code that
>handles it all.
Not that easy to scare me, though I’m just a beginner in driver dev.
> Do you actually have a PCI device that does bus mastering? Does it do scatter/gather?
>Are you forwarding user-mode requests, or are these transfers originating in the driver?
Well the driver won’t be all by itself. I mean that some userspace program will use its services.
I’m not really sure that dma is what I really need for my purpose (read the video card fb), besides
I tend to think that dma code will have some pretty device dependent code.
???
—
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
d
Bent from my phone
From: xxxxx@mail.rumailto:xxxxx
Sent: ?5/?25/?2013 9:51 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] PCI devce DMA
>> I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t sufficient.
>> Can you supply me with a working example (or a link to one) of dma code from top to bottom?
>It is complicated, so don’t be fooled into thinking someone’s going to send you 20 lines of code that
>handles it all.
Not that easy to scare me, though I’m just a beginner in driver dev.
> Do you actually have a PCI device that does bus mastering? Does it do scatter/gather?
>Are you forwarding user-mode requests, or are these transfers originating in the driver?
Well the driver won’t be all by itself. I mean that some userspace program will use its services.
I’m not really sure that dma is what I really need for my purpose (read the video card fb), besides
I tend to think that dma code will have some pretty device dependent code.
???
—
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
Is this some sort of video mirror driver?
You aren’t going to be doing device dma at all if what you really want to
do is “read [a linear] video fb”. Assuming that this is in fact a linear
video framebuffer that can be read, and ignoring the fact that this isn’t a
good way to implement a mirror driver, given the virtual address for the
framebuffer’s pci device memory, you would be doing memcpy using the host
cpu, not DMA using the device processor anyway.
Mark Roddy
On Sat, May 25, 2013 at 12:51 PM, wrote:
> >> I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t
> sufficient.
> >> Can you supply me with a working example (or a link to one) of dma code
> from top to bottom?
> >It is complicated, so don’t be fooled into thinking someone’s going to
> send you 20 lines of code that
> >handles it all.
>
> Not that easy to scare me, though I’m just a beginner in driver dev.
>
> > Do you actually have a PCI device that does bus mastering? Does it do
> scatter/gather?
> >Are you forwarding user-mode requests, or are these transfers originating
> in the driver?
> Well the driver won’t be all by itself. I mean that some userspace program
> will use its services.
> I’m not really sure that dma is what I really need for my purpose (read
> the video card fb), besides
> I tend to think that dma code will have some pretty device dependent code.
> ???
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
memcpy or READ_REGISTER_BUFFER_*?
Is this some sort of video mirror driver?
You aren’t going to be doing device dma at all if what you really want to
do is “read [a linear] video fb”. Assuming that this is in fact a linear
video framebuffer that can be read, and ignoring the fact that this isn’t
a
good way to implement a mirror driver, given the virtual address for the
framebuffer’s pci device memory, you would be doing memcpy using the host
cpu, not DMA using the device processor anyway.Mark Roddy
On Sat, May 25, 2013 at 12:51 PM, wrote:
>
>> >> I’ve read a chapter on dma in the book by Walter Oney, but it wasn’t
>> sufficient.
>> >> Can you supply me with a working example (or a link to one) of dma
>> code
>> from top to bottom?
>> >It is complicated, so don’t be fooled into thinking someone’s going to
>> send you 20 lines of code that
>> >handles it all.
>>
>> Not that easy to scare me, though I’m just a beginner in driver dev.
>>
>> > Do you actually have a PCI device that does bus mastering? Does it do
>> scatter/gather?
>> >Are you forwarding user-mode requests, or are these transfers
>> originating
>> in the driver?
>> Well the driver won’t be all by itself. I mean that some userspace
>> program
>> will use its services.
>> I’m not really sure that dma is what I really need for my purpose (read
>> the video card fb), besides
>> I tend to think that dma code will have some pretty device dependent
>> code.
>> ???
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> OSR is HIRING!! See http://www.osr.com/careers
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>> Is this some sort of video mirror driver?
No.
> You aren’t going to be doing device dma at all if what you really want to
> do is “read [a linear] video fb”. Assuming that this is in fact a linear
> video framebuffer that can be read, and ignoring the fact that this isn’t
> a
> good way to implement a mirror driver, given the virtual address for the
How do I btain the virtual address?
> framebuffer’s pci device memory, you would be doing memcpy using the host > cpu, not DMA >>using the device processor anyway.
memcpy or READ_REGISTER_BUFFER_*?
> I’m not really sure that dma is what I really need for my purpose (read the video card fb)
Then you need a video mirror driver, which is absolutely another song not covered by Oney’s book at all.
Also, IIRC installing a video mirror driver switches Desktop Composition off.
Without the mirror driver, you can go the user-mode-only way and try to access the screen using DDraw or even GDI’s CreateDC.
And, the last way is to write the driver which will find the video card’s mapped memory (trivial from a user-mode helper EXE by using SetupDIXxx and CM_Xxx APIs) and then will read the data from it.
Nevertheless, in such a case you will not have any idea about what particular part of the video memory is actually visible on the screen.
Or you can reverse-engineer the drivers from Intel, ATI and nVidia and hook some calls in them with a malware-style code. Or you can hook dxgkrnl.sys the similar way.
DMA has nothing to do to all of this.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
>Then you need a video mirror driver
I don’t think so. Does the mirror driver allow to capture drawing done by opengl and dx? because that’s exactly what I need to do (yes, from the ring 0).
And, the last way is to write the driver which will find the video card’s mapped memory (trivial from >a user-mode helper EXE by using SetupDIXxx and CM_Xxx APIs) and then will read the data from
it.
Could you be more specific?
Nevertheless, in such a case you will not have any idea about what particular part of the video >memory is actually visible on the screen.
Just like in the case of dma.
>a user-mode helper EXE by using SetupDIXxx and CM_Xxx APIs) and then will read the data from
>it.
Could you be more specific?
SetupDI and CM_ are the basis of Device Manager, you can use them to locate the video card’s devnode and query its HW resources.
BTW - there was a company which made a product doing the similar things, named DemoForge IIRC. They did some hooking of dxgkrnl.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
xxxxx@mail.ru wrote:
> Then you need a video mirror driver
I don’t think so. Does the mirror driver allow to capture drawing done by opengl and dx? because that’s exactly what I need to do (yes, from the ring 0).
That’s impossible. Sorry. You can snapshot the contents of the frame
buffer at a given point in time, assuming you can find its virtual
address, but that’s the best you can do, and the screen might be
changing while you’re reading it.
Even if it weren’t impossible, what you’re asking is a bad idea.
Graphics is a user-mode concept. It’s time-consuming. You don’t want
to spend that much time in user mode.
What, exactly, are you really trying to do? You’ve already dragged us
down two different rat holes by asking questions that are not actually
relevant to your problem.
> And, the last way is to write the driver which will find the video card’s mapped memory (trivial from a user-mode helper EXE by using SetupDIXxx and CM_Xxx APIs) and then will read the data from
> it.
Could you be more specific?
That was pretty specific. You use the SetupDi interfaces to find your
graphics device. There are good example on the web on how to do that.
Once you have a devnode handle, you can use something like
CM_Get_Next_Res_Des and CM_Get_Res_Des_Data to get the resource
descriptors for that device – the same descriptors it was handed at
AddDevice time. One of those resources will be a large chunk of
memory. Odds are, that’s the frame buffer.
> Nevertheless, in such a case you will not have any idea about what particular part of the video memory is actually visible on the screen.
Just like in the case of dma.
DMA is irrelevant. You really need to get it out of your head in this case.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
>What, exactly, are you really trying to do? You’ve already dragged us down two different rat holes >by asking questions that are not actually relevant to your problem.
Hi. Thanks for answering.
Let me start from the beginning.
As you may know, there are a lot of 3d multiplayer games out there, and a lot of cheaters.
Cheats are becoming more sophisticated and I’m fighting those cheats (cracks ) that allow the player to see what they actually shouldn’t be able to see. To determine what they see and what they
don’t we usually take a screenshot. Those cracks however can track the moment when the screenshot is taken and seize operating for a moment.
My job is to take a screenshot the lowest possible way in ring0.
At first I wanted to map video framebuffer by sending a corresponding ioctl, but someone told me
that I can’t get resources in kernel that easily.
Assuming that there’s a physical framebuffer (area of memory of the video card) I thought that
I could get it through dma. It’s not a good idea if you don’t know the place where the framebuffer starts because modern video cards can have up to 1gb of memory, but it’s the only one I have
after weeks of googling.
And correct me if I’m wrong, but windows driver development is poorly documented. That’s why I
decided to ask real people.
> As you may know, there are a lot of 3d multiplayer games out there, and a lot of cheaters.
Funny 
some people/companies really pay money and hire developers to oppose game cheaters.
I could get it through dma.
There is no DMA for this. Video cards can do DMA, but you cannot employ this, since the facility is monopolistically owned by the card’s driver, and thus you will ruin the driver’s operation.
It’s not a good idea if you don’t know the place where the framebuffer starts
because modern video cards can have up to 1gb of memory, but it’s the only one I have
Yes, framebuffer is just one of surfaces, and there can be plenty of them in VRAM.
And correct me if I’m wrong, but windows driver development is poorly documented
Well-documented in some areas, but this particular task is out of them.
I think that, if you really want to solve this task - you will need to do lots of hooking to dxgkrnl, with some of the hooks being dependant on particular video card driver - and maybe its version.
3D video card drivers for Windows are a gray area - there is only ~4 vendors in the world making these chips, and all 4 have their engineers in-place in in the MS campus to communicate to authors of dxgkrnl.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
xxxxx@mail.ru wrote:
Let me start from the beginning.
As you may know, there are a lot of 3d multiplayer games out there, and a lot of cheaters.
Cheats are becoming more sophisticated and I’m fighting those cheats (cracks ) that allow the player to see what they actually shouldn’t be able to see. To determine what they see and what they
don’t we usually take a screenshot. Those cracks however can track the moment when the screenshot is taken and seize operating for a moment.My job is to take a screenshot the lowest possible way in ring0.
Have you taken even a moment to think about what you’re asking? It is
simply impossible. I don’t mean “difficult”, I mean “impossible”. If
the cheat has the frame buffer’s virtual address (either via PnP
resources or through DirectX), which they obviously can do if you are
able to do it, they can grab a copy of the screen any time they want to
by using memcpy, and there is absolutely no way for you to detect that.
What you ask is utterly hopeless. Further, what’s the point? If the
game has displayed something in the frame buffer, how can it possibly be
cheating for a player to view it?
At first I wanted to map video framebuffer by sending a corresponding ioctl, but someone told me
that I can’t get resources in kernel that easily.
Assuming that there’s a physical framebuffer (area of memory of the video card) I thought that
I could get it through dma.
There is much here that you don’t yet grasp. DMA is a hardware
mechanism that allows a device to initiate a memory transfer. There has
to be a piece of hardware to do the transfer – a DMA controller on a
PCI device. A CPU doesn’t NEED to do DMA, because it’s already the bus
master. You can just do memcpy.
If you can get the physical address, then you can map it to a virtual
address. You don’t need the video port ioctl to do that. However,
there’s usually not enough address space to map an entire 1GB frame
buffer into memory at once.
It’s not a good idea if you don’t know the place where the framebuffer starts because modern video cards can have up to 1gb of memory, but it’s the only one I have after weeks of googling.
Yes, that’s an issue. You can generally assume the visible frame buffer
starts at offset 0, but that’s not guaranteed.
But let’s say you DID get the address of the frame buffer, and you DID
learn that someone is doing a screenshot. What are you going to do
about it? Are you going to ruin the display? What gives you the right
to do that? What if I want to post a screenshot of my results on
Facebook (which the kids do all the time)? Why do you have the right to
disable that?
This whole venture is poorly conceived.
And correct me if I’m wrong, but windows driver development is poorly documented. That’s why I
decided to ask real people.
You are wrong. Windows driver development has relatively good
documentation. However, it’s not a topic for beginners.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
>If the cheat has the frame buffer’s virtual address (either via PnP resources or through DirectX), >which they obviously can do if you are able to do it, they can grab a copy of the screen any time >they want to by using memcpy, and there is absolutely no way for you to detect that.
I’m not trying to detect any access to the framebuffer.
What you ask is utterly hopeless. Further, what’s the point? If the game has displayed something >in the frame buffer, how can it possibly be cheating for a player to view it?
Not the game, the *patched* game code. The cheat displays some additional information
that gives an advantage to the player. Looks like it confuses you. You are welcome to read my simple tutorial ( http://linuxcomps.campus.mipt.ru/assembler/articlewh2/articlewh.html )
But let’s say you DID get the address of the frame buffer, and you DID learn that someone is doing >a screenshot. What are you going to do about it? Are you going to ruin the display?
I don’t care if someone is doing a screenshot. I want to do a screenshot myself!
I’m going to save that screenshot on the filesystem. If the player is suspected in cheating
he will be asked to upload a screenshot which will resolve the matter.
You are wrong. Windows driver development has relatively good documentation. However, it’s not a >topic for beginners.
I’d like to believe so. A proof link would be nice.
Well, take a look at the online DDK documentation
http://msdn.microsoft.com/en-us/library/windows/hardware/ff557573(v=vs.85).aspx
It’s the best available documentation for host OS driver developers. The
second best I had used is Solaris man pages section 9 many years ago. Linux
and BSDs don’t have document for drivers AFAIK.
You are wrong. Windows driver development has relatively good
documentation. However, it’s not a >topic for beginners.
I’d like to believe so. A proof link would be nice.
>Well, take a look at the online DDK documentation http://msdn.microsoft.com/en-us/library/windows
/hardware/ff557573(v=vs.85).aspx It’s the best available documentation for host OS driver developers.
The second best I had used is Solaris man pages section 9 many years ago. Linux and BSDs don’t
have document for drivers AFAIK.
thx, what about ldd3. It’s a really short guide, but well written.
http://free-electrons.com/doc/books/ldd3.pdf
LDD3 is surprisingly well written, especially for noobs to the world of Linux device driver development.
Peter
OSR