The driver isn’t GUI specific.
Just call the driver after loading it with the necessary IOCTL commands
found in the header file to hook the filter and retrieve the buffer.
Will
----- Original Message -----
From: “Philip Hong” To: “File Systems Developers” Sent: Wednesday, January 23, 2002 11:26 PM Subject: [ntfsd] How to modify Filemon (from www.sysinternals.com) as a GUI independent driver ?
> As the captioned question. Since I’m going to develop a non-GUI driver that > can intercept all file I/O calls. > > Thanks and Regards, > > – Philip > > — > You are currently subscribed to ntfsd as: xxxxx@figure8.com > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com >
— You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’) To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I’m a newbie in writing driver. I cannot figure out your suggested
solution. So far, what I understand is that the GUI generates a
IRP_MJ_CREATE IOCTL command to activate the driver. If I just activate the
driver at the boot up time but without executing the application, I cannot
receive anything outputed from the driver.
What I want to do is to continue watching the “dbgprint” message from the
driver without using the GUI. That is, after booting up the machine, I’ll
continue seeing the debugging messages at the host console (by using
WinDbg).
Since, I’m really a beginner. Please give me a more comprehensive solutions
to follow ?
Thanks and Regards,
– Philip
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Thursday, January 24, 2002, 6:08:51 AM, you wrote:
PH> IRP_MJ_CREATE IOCTL command to activate the driver. If I just activate the
PH> driver at the boot up time but without executing the application, I cannot
PH> receive anything outputed from the driver.
There’s some variables to initialize - includepath (path filters), number of filters and
FilterOn. They must be initialized to start filtering the file i/o.
but before that You must hook the drive You need (call function
HookDrive(s).
These You can do in initialization section - where everything is set
up.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
----- Original Message -----
From: “Philip Hong” To: “File Systems Developers” Sent: Thursday, January 24, 2002 12:00 AM Subject: [ntfsd] Re: How to modify Filemon (from www.sysinternals.com) as a GUI- independent driver ?
> I’m a newbie in writing driver. I cannot figure out your suggested > solution. So far, what I understand is that the GUI generates a > IRP_MJ_CREATE IOCTL command to activate the driver. If I just activate the > driver at the boot up time but without executing the application, I cannot > receive anything outputed from the driver. > > What I want to do is to continue watching the “dbgprint” message from the > driver without using the GUI. That is, after booting up the machine, I’ll > continue seeing the debugging messages at the host console (by using > WinDbg). > > Since, I’m really a beginner. Please give me a more comprehensive solutions > to follow ? > > Thanks and Regards, > > – Philip > > — > You are currently subscribed to ntfsd as: xxxxx@vba.com.by > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
— You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’) To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com