I’m trying to write a jump instruction to jump to my eventreceive from the higher driver’s eventreceive. I want to capture the tdi_Context and then remove the jump and then issue a set event handler to then properly route the events through my driver before passing to higher drivers. I need to di it that way because of a requirement to not have to restart the application we need to filter.
So the question I have is how do I set permissions on an exeutable page to allow me to write to it. And yes I know I’m playing with fire. I do have enter spin lock in my eventreceive while I replace the jump and reroute traffic back.
>driver before passing to higher drivers. I need to di it that way because of a
requirement to not have to restart the application we need to filter.
Always load the filter (not unloadable), then switch it between “real work” and
“stupid passthrough” modes from the app.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
I don’t have access to the application source since it is an outside application. And the point is I don’t want to stop it or restart it or stop it’s socket connections in any way. I’m just trying to get it’s tdi context. My driver was not running at the time the application started so did not capture its TDI_SET_EVENT_HANDLER for the event receive.
So that’s why I want to quickly and temporarily detour the higher driver’s event receive to mine so I can capture the tdi context, so I can then appropriately issue my own SET_EVENT_HANDLER. So all I need to know is how to set permissions on a page that contains executable code so I can write a jump instruction into it.