Hello.
I’m trying to monitor IRP and BRB delivered to pthport.sys. For that, I want to make a filter driver upon bthport.sys.
I’ve searched ntdev list and found some articles that tried what I’m doing but couldn’t get the answer I need.
-
How do I have to write INF file for this filter driver? and/or what kind of registry do I have to change manually?
-
I’ve read KMDF filter driver example(http://www.osronline.com/article.cfm?id=446). Is this example okay for my filter, too? I mean, may I write similar DriverEntry and EvtDeviceAdd ?
Thank you for your help!
xxxxx@naver.com wrote:
I’m trying to monitor IRP and BRB delivered to pthport.sys. For that, I want to make a filter driver upon bthport.sys.
No, you don’t. Bthport.sys is the “port” half of a “port/miniport”
driver set. It is not a driver, it is just a DLL used by other
Bluetooth drivers. It doesn’t handle any devices on its own. You need
to identify the DEVICE you want to filter.
I’ve searched ntdev list and found some articles that tried what I’m doing but couldn’t get the answer I need.
- How do I have to write INF file for this filter driver? and/or what kind of registry do I have to change manually?
You need to create a service entry for your driver. You can do that
with the “sc” command line app:
sc create type= kernel start= demand binPath=
system32\drivers\xxxx.sys
Note the unusual command-line parameters. The “=” sign is attached to
the parameter name, and must be followed by a space. Whoever wrote this
command had apparently never used a command-line tool before.
After that, you just have to add your service name to the “UpperFilters”
registry key in the Enum tree for the device you want to filter. You
can do that by hand with regedit for testing, or you can use
SetupDiSetDeviceRegistryProperty (and friends). You can find examples
of that in the “toaster” samples.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Just like usbhub, the fdo of the bus will not see the BRBs sent to the PDO via IoCallDriver when forwarding from pdo to parent. Are you interested in filtering a specific protocol on Bluetooth? That will be much simpler
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Thursday, July 5, 2012 10:14 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] want to make a filter driver upon bthport.sys
xxxxx@naver.com wrote:
I’m trying to monitor IRP and BRB delivered to pthport.sys. For that, I want to make a filter driver upon bthport.sys.
No, you don’t. Bthport.sys is the “port” half of a “port/miniport”
driver set. It is not a driver, it is just a DLL used by other Bluetooth drivers. It doesn’t handle any devices on its own. You need to identify the DEVICE you want to filter.
I’ve searched ntdev list and found some articles that tried what I’m doing but couldn’t get the answer I need.
- How do I have to write INF file for this filter driver? and/or what kind of registry do I have to change manually?
You need to create a service entry for your driver. You can do that with the “sc” command line app:
sc create type= kernel start= demand binPath= system32\drivers\xxxx.sys
Note the unusual command-line parameters. The “=” sign is attached to the parameter name, and must be followed by a space. Whoever wrote this command had apparently never used a command-line tool before.
After that, you just have to add your service name to the “UpperFilters”
registry key in the Enum tree for the device you want to filter. You can do that by hand with regedit for testing, or you can use SetupDiSetDeviceRegistryProperty (and friends). You can find examples of that in the “toaster” samples.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
looks like I should clarify what I want to do.
let me use BT stack figure in msdn (http://msdn.microsoft.com/en-us/library/windows/hardware/ff536587(v=vs.85).aspx)
I’m not trying to catch BRBs between BthPort.sys and BthUSB.sys, for exam. I want BRBs between BthPort.sys and upper layer stacks, like HidBth, BthEnum. Tim thankfully explained how to add a filter driver upon a CERTAIN DEVICE, but that’s not what I’m talking, if I understand properly.
Doron asked me about filtering a specific protocol and this sounds more close to my interest, but I want to filtering BRBs of ALL protocols, if possible.
Thank you for your kind help.
That would require a bus filter. Writing a bus filter is not supported nor documented. Specific protocols are device level filters and docuemnted
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@naver.com
Sent: Thursday, July 05, 2012 8:04 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] want to make a filter driver upon bthport.sys
looks like I should clarify what I want to do.
let me use BT stack figure in msdn (http://msdn.microsoft.com/en-us/library/windows/hardware/ff536587(v=vs.85).aspx)
I’m not trying to catch BRBs between BthPort.sys and BthUSB.sys, for exam. I want BRBs between BthPort.sys and upper layer stacks, like HidBth, BthEnum. Tim thankfully explained how to add a filter driver upon a CERTAIN DEVICE, but that’s not what I’m talking, if I understand properly.
Doron asked me about filtering a specific protocol and this sounds more close to my interest, but I want to filtering BRBs of ALL protocols, if possible.
Thank you for your kind help.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
-
bthport is a bus driver, so is bthenum. There is “level” of bus filter, it is a behavior. Fortunately the number of profile/protocol drivers (not necessarily a 1:1 mapping, rfcomm is a protocol driver upon which many profiles are based) is quite limited so you could just install yourself as a device lower filter for these specific stacks
-
use the kmdf toaster lower filter as a starting point. You would have to add BRB decoding logic in its internal IOCTL dispatch routine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@naver.com
Sent: Thursday, July 05, 2012 9:37 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] want to make a filter driver upon bthport.sys
@ Doron
-
I cannot understand the bus filter. As far as I know, Bus filter should be upon a bus driver, like usb and uart while BthPort.sys is not a bus. Besides the fact that writing a bus driver is not allowed, which level of bus filter do you mean?
-
If I should use a filter for a specific protocol (= profile driver? am I right?), is there any example that I can get some help?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Thank you for the clarification. That will really help me a lot.
please let me ask another simple question. If I make a filter driver between Bthport and BthUsb,
-
this should be an upper filter of BthUsb.
-
At this point of stack, I will see HCI commands instead of BRB.
Am I right?
You can’t filter between bthusb and bthport. It is a direct call interface. You can filter below bthusb to see urbs bring sent to the usb core stack though
d
debt from my phone
From: xxxxx@naver.com
Sent: 7/6/2012 1:43 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] want to make a filter driver upon bthport.sys
Thank you for the clarification. That will really help me a lot.
please let me ask another simple question. If I make a filter driver between Bthport and BthUsb,
-
this should be an upper filter of BthUsb.
-
At this point of stack, I will see HCI commands instead of BRB.
Am I right?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Thank you. Your answers really help me a lot.