Re: Can we link a windows driver (.sys) with our own code ?...

From: "Gary G. Little" <glittle@xxxxxxxxx>
Date: Tue, 29 Nov 2005 00:33:41 GMT

Basically you cannot directly call kernel code, including your driver, from
the application layer. At best you will BSOD, at worst your system will
implode and become a smoking pile of excrement.

What you can do is one of several things:

Use inverted callbacks: see the OSR Online article concerning that.
Use IOCTL calls.
Use a filter that uses IOCTLs to directly call entry points in the target
driver.

--
Gary G. Little

"zhiyuan" <gis93536@xxxxxxxxxxxxxxx> wrote in message
news:OE7ZiBA9FHA.808@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> Do anybody know how to link a windows driver (.sys) file with our own
> object file ?
>
> Our goal is to intercept the function calls that the driver invokes to
> the windows kernel.
> Once a function call is intercepted, we can do some preprocessing jobs,
> such as logging the
> number of invocations, etc.
>
> For example, if a driver invokes a function foo() provided by the windows
> kernel, we can implement a fake foo() and
> link it with the driver so as to intercept the function call. The fake
> foo() performs the following 2 jobs.
> First, it does some preprocessing job. Second, it calls the real foo() of
> the windows kernel.
>
> So, we need to ...
>
> 1. Obtain the symbols of the .sys driver to get the names of the functions
> that called by the driver to the kernel.
> Note: We don't have the source code of the driver, only the .sys file is
> available.
>
> 2. Link our interception code (i.e., fake functions) with the .sys driver.
>
> The question is that is it possible to achieve the above jobs. If it is
> possible, how ?
>
> Thanks very much for your help!
>

.

Follow-Ups:
- Re: Can we link a windows driver (.sys) with our own code ?...
  - From: Ali

References:
- Can we link a windows driver (.sys) with our own code ?...
  - From: zhiyuan

Prev by Date: Re: GetScatterGatherList() for bidirectional DMA ?
Next by Date: Re: GetScatterGatherList() for bidirectional DMA ?
Previous by thread: Re: Can we link a windows driver (.sys) with our own code ?...
Next by thread: Re: Can we link a windows driver (.sys) with our own code ?...
Index(es):
- Date
- Thread

Relevant Pages

Re: 2.6.30-rc4 kernel
... I think there may be a problem with the 2.6.30 kernel that is ... # Generic Driver Options ... # PCI IDE chipsets support ... # Other IDE chipsets support ...
(Linux-Kernel)
2.6.30-rc4 kernel
... kernel panic - not syncing: ... # Generic Driver Options ... # PCI IDE chipsets support ... # Other IDE chipsets support ...
(Linux-Kernel)
[PATCH 18-rc2] Fix typos in /Documentation : N-P
... Again, if you're not gonna do synchronization with disk drives (dang, ... -the kernel. ... There are two options specific to PSX driver portion. ... The driver uses the settings from the EEPROM set in the SCSI BIOS ...
(Linux-Kernel)
two scary syslog kernel messages
... Sep 20 03:46:06 marvin kernel: kernel BUG at mm/rmap.c:482! ... ACPI: Local APIC address 0xfee00000 ... Allocating PCI resources starting at 80000000 ... ** driver failed to call pci_enable_device. ...
(Debian-User)
Re: [PATCH, RFT, v4] sata_mv: convert to new EH
... check both new and old drives with SMART ... Use a HIGHMEM enabled kernel. ... ACPI: PM-Timer IO Port: 0xe408 ... Real Time Clock Driver v1.12ac ...
(Linux-Kernel)