Re: Can we link a windows driver (.sys) with our own code ?...

From: "Carl Woodward" <news@themonkey*removemeplease*alliance.com>
Date: Mon, 28 Nov 2005 10:18:41 GMT

If you want to intercept calls to the kernel, then you could just hook
imports via modifing the Import Address Table of the driver you wish to
modify the behaviour of. Set the IAT entry to point at a function in your
driver and then modify the call/pass it on/reject/block the call. That
should cover most of your requirements.

That said, there are many ways of filtering devices that might achieve your
goals in a more orthadox (and probably more stable) way. What are you trying
to achieve?

Carly

"zhiyuan" <gis93536@xxxxxxxxxxxxxxx> wrote in message
news:OE7ZiBA9FHA.808@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> Do anybody know how to link a windows driver (.sys) file with our own
> object file ?
>
> Our goal is to intercept the function calls that the driver invokes to
> the windows kernel.
> Once a function call is intercepted, we can do some preprocessing jobs,
> such as logging the
> number of invocations, etc.
>
> For example, if a driver invokes a function foo() provided by the windows
> kernel, we can implement a fake foo() and
> link it with the driver so as to intercept the function call. The fake
> foo() performs the following 2 jobs.
> First, it does some preprocessing job. Second, it calls the real foo() of
> the windows kernel.
>
> So, we need to ...
>
> 1. Obtain the symbols of the .sys driver to get the names of the functions
> that called by the driver to the kernel.
> Note: We don't have the source code of the driver, only the .sys file is
> available.
>
> 2. Link our interception code (i.e., fake functions) with the .sys driver.
>
> The question is that is it possible to achieve the above jobs. If it is
> possible, how ?
>
> Thanks very much for your help!
>

.

Follow-Ups:
- Re: Can we link a windows driver (.sys) with our own code ?...
  - From: Ali

References:
- Can we link a windows driver (.sys) with our own code ?...
  - From: zhiyuan

Prev by Date: Re: how to implement a virtual video driver base on testcap?
Next by Date: Re: help needed for system crash
Previous by thread: Can we link a windows driver (.sys) with our own code ?...
Next by thread: Re: Can we link a windows driver (.sys) with our own code ?...
Index(es):
- Date
- Thread

Relevant Pages

[PATCH 18-rc2] Fix typos in /Documentation : N-P
... Again, if you're not gonna do synchronization with disk drives (dang, ... -the kernel. ... There are two options specific to PSX driver portion. ... The driver uses the settings from the EEPROM set in the SCSI BIOS ...
(Linux-Kernel)
two scary syslog kernel messages
... Sep 20 03:46:06 marvin kernel: kernel BUG at mm/rmap.c:482! ... ACPI: Local APIC address 0xfee00000 ... Allocating PCI resources starting at 80000000 ... ** driver failed to call pci_enable_device. ...
(Debian-User)
Re: [PATCH, RFT, v4] sata_mv: convert to new EH
... check both new and old drives with SMART ... Use a HIGHMEM enabled kernel. ... ACPI: PM-Timer IO Port: 0xe408 ... Real Time Clock Driver v1.12ac ...
(Linux-Kernel)
Re: [PATCH 18-rc3] Fix typos in /Documentation : Q-R
... The driver will receive them again on the ... The kernel is entered with r3 pointing to an area of memory that is ... Bits are then right shifted into the GP_SAMPLE register at the specified ... you get an interrupt when a full DWORD is recieved. ...
(Linux-Kernel)
kernel Doc/ URL corrections
... -Documents about softnet driver issues in general can be found ... Additional documentation is available at Don Becker's Linux Drivers site: ... Just force it to be recognized by kernel parameters. ... Keywords: files, VFS, file operations, kernel interface, character ...
(Linux-Kernel)