Omer,
I’m happy to answer you questions, but I’d prefer to keep it on the
public list to ensure it also can help others.
* I have no experience with HtsScsiView, so I really can’t comment on
it. You might ping the authors of it if you’re stuck, or someone else
on xxxxx@osr.com might have additional info.
* If all you want to do is block writes that occur via normal means
(i.e. no 3rd party apps), then it’s rather simple by using a lower
filter (under IMAPI.SYS) and failing all IOCTL_SCSI_PASS_THROUGH,
_DIRECT, and SRB requests that have a WRITE6, WRITE10, or WRITE12
command. NOTE: a full solution is nearly impossible, as a kernel driver
can undo anything that you have done to fail the writes.
* Various incarnations of ASPI have been drivers, now there are
user-mode-only versions.
* Yes, but you can do the same thing using
IOCTL_SCSI_PASS_THROUGH_DIRECT (SPTD), which doesn’t require
finding/installing any 3rd party software.
* CDROM.SYS enables the standard IO write path only when the media is
like a HDD, for example DVD-RAM media or MRW formatted media. The
requests arrive at CDROM.SYS via the standard IRP_MJ_WRITE path, and
turn into SRBs with WRITE10 commands. InCD and other “packet writing
UDF” software uses either a filter driver or SPTD themselves.
* Win2k – there is no in-box scenario for writing to CD media, not even
for DVD-RAM/MRW media (this was added in XP).
.
-----Original Message-----
From: Omer B [mailto:xxxxx@gmail.com]
Sent: Wednesday, March 16, 2005 3:41 AM
To: Henry Gabryjelski
Subject: CDROM monitoring
Hi, and thanks for your detailed reply.
There is a free bus analyzer software called HtsScsiView, that for
some reason shows nothing when I run it… (one of its menus shows
scsi0 and scsi1 both disabled, any idea why?)
For a start, I want to monitor write attempts and maybe block them.
My target systems are winXP , win2003, and win2000 (which doesn’t
support imapi). I want a solution for internals CDR and also for USB
(external) ones.
ASPI is just an API layer or a driver?
ASPI sends SCSI commands even to none SCSI hardware?
CDROM.sys is used only to enable writing data to CD the same way to
write data to HDD? what programs use this method? (InCD maybe?)
How do you trace it’s requests?
If IMAPI sends IOCTL_SCSI_PASS_THROUGH to the port driver, what is the
scenario on win2000 where there isn’t IMAPI? and does
IOCTL_SCSI_PASS_THROUGH is also send to usb port driver? (for
external burners)?
And after all these questions. what is your recommended solution? 
Thanks a lot.