Re: hook driver
From: Don Burn (burn_at_stopspam.acm.org)
Date: 04/09/04
- Next message: shawn: "Re: hook driver"
- Previous message: Thomas F. Divine [DDK MVP]: "Re: Could this be implemented with an NDIS or TDI driver?"
- In reply to: shawn: "Re: hook driver"
- Next in thread: shawn: "Re: hook driver"
- Reply: shawn: "Re: hook driver"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 9 Apr 2004 17:11:20 -0400
Shawn,
We will need some more information then. Since you believe it is a
hook driver, is it:
1. Patching the kernel or your drivers import address table so a call
to a standard routine is going to this driver?
2. Is it trying to modify your driver directly?
Basically why do you think it is a hook driver, or what is the driver
so maybe we can answer more.
-- Don Burn (MVP, Windows DDK) Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove StopSpam from the email to reply "shawn" <shawn at att dot com> wrote in message news:%23ZqsrXnHEHA.164@TK2MSFTNGP10.phx.gbl... > I don't think this is one of the supported types of NDIS hook drivers. > > "Don Burn" <burn@stopspam.acm.org> wrote in message > news:107ddfp5jl8gu25@corp.supernews.com... > > Shawn, > > > > I assume you are talking about a filter hook driver in this case? Or > > are you talking about an NDIS-Hooking filter or a firewall hook driver? > > One > > of the reasons for the reactions you've gotten is there are a number of > > drivers referred to as hook drivers, and they present varying negative > > impacts to the system. Note: there are actually several other types of > > hooking drivers once one gets out of NDIS, again with varying impacts on > > the > > system. > > > > There is a paper that explains some this at > > http://www.ndis.com/papers/winpktfilter.htm The filter hook is pretty > > simple, and the DDK has some decent material on it under "Creating a > > filter > > hook driver". The firewall hook is an obsolete concept, that hopefully > > isn't used, again see the DDK for some data. The NDIS-Hooking filter is > > very intrusive, the paper above has a link to a sample driver of this > > sort. > > > > -- > > Don Burn (MVP, Windows DDK) > > Windows 2k/XP/2k3 Filesystem and Driver Consulting > > Remove StopSpam from the email to reply > > > > "shawn" <shawn at att dot com> wrote in message > > news:eJJky2iHEHA.3832@TK2MSFTNGP10.phx.gbl... > >> > You'd be soundly scolded here for wanting to do that. I infer that > >> > there's some internal mechanism that the driver verifier uses to get > >> > the > >> > memory manager to resolve certain imports differently at driver load > > time, > >> > but I can't think of any other safe way to hook function calls. > >> > >> I'm debugging a crash in my IM driver and I see another driver on the > > stack > >> below me, which I think is at the root of the problem. I don't want to > > write > >> a hook driver. I just want to understand what I see. > > > > > >
- Next message: shawn: "Re: hook driver"
- Previous message: Thomas F. Divine [DDK MVP]: "Re: Could this be implemented with an NDIS or TDI driver?"
- In reply to: shawn: "Re: hook driver"
- Next in thread: shawn: "Re: hook driver"
- Reply: shawn: "Re: hook driver"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
