enumerate handles

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Drivers
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - enumerate handles hi there, I tried to make an aplication that monitors the handle of a process. I used ZwQuerySystemInformation with the SytemHandleInformation class, this returns a vector of Objects in the system associated with a process ID of the process that holds the object. I managed to get the object types easily, object names as well. I just had an issue, how do I get the handles associated with each object(for example u have the object for the current process PEPROCESS cProcess, and you can call ObOpebObjectByPointer() and make a lot of handles associated with that object with different security and different access masks ). I managed to get object handle count, for each object. Or how can I get the handle_table associated with a process, I know there is a function called ObReferenceProcessHandleTable but it is not documented and I cannot import it from ntoskrnl.exe. or NTKERNELAPI PHANDLE_TABLE ExCreateHandleTable ( __in_opt struct _EPROCESS *Process ); but the same problem not documented, nowhere to get it from. If u know other places I can get these function pointers from except ntoskrnl.exe or ntdll.dll please help, or i u have any solutions to this issue; thank you in advance Tag: enumerate handles Tag: 88327
  - 2
    - finding hidden devices i'm trying to figure out how i can programatically determine if a network adapter is hidden. i've tried finding a wmi property and using SPDRP_CHARACTERISTICS with no luck. any other suggestions? thanks Tag: enumerate handles Tag: 88326
  - 3
    - Can File Ssystem filter driver be implemented using UMDF? Hi, I am a newbee in this this area. I found the release of User Mode Driver Framework seem interesting for driver development. I wonder if it is possible to develop a filter driver for File System using the user mode framework. Thanks in advance. Tag: enumerate handles Tag: 88315
  - 4
    - Installing driver without hardware Hi, As part of a larger installation, I would like to install driver software for PCMCIA hardware that will be attached at a later time. When the hardware is attached, the user should see no wizard of any type. That is, the sorftware to operate the device should be either fully installed during the initial installation, or any additional steps should be invisible to the person using the device. Suggestions on the best way to do this would be greatly appreciated! Jim Tag: enumerate handles Tag: 88310
  - 5
    - Problems with installation of NDISUIO-based protocol driver Hello, We've succesfully developed a protocol driver based on MS DDK sample NDISUIO and are installing it using the Service Manager API on Win2K/XP. Most of the time everything goes fine, but occasionally, on machines were previous installations went OK, we observe the following: installation seem to complete correctly, but the TCP/IP stack somehow looks unbound from some lower level layer, probably tcpip --for instance DCHP is not able to resolve an IP address and the IP interfaces show a no or limited connectivity status message. When this happens, uninstallaing, doing the installation again and rebooting usually get things straight again. Does this ring a bell to anybody? I can provide more info on demand. Thanks for any information/help. Best regards, Tag: enumerate handles Tag: 88309
  - 6
    - WIA Scanner Minidriver - Preview Not Working I've written a WIA minidriver and I cannot get the preview button to work. When I click the preview button (on the standard UI) I get a message that start, "An error occurred during preview. If the scanner is being used..." I'm not currently using the scanner and I believe I've defined WIA_DPS_PREVIEW correctly, but in my logs I don't see the driver trying to scan at all when I click preview. Does anyone have any idea why this might be? Thanks in advance, Mike Tag: enumerate handles Tag: 88307
  - 7
    - Problem with compilation I am using the fpfilter ddk sample. I want to compile this sample. When I type build all works fine. Then, if I type build a 2nd time I have warning messages. I don't understand why the warnings don't appear on the 1st compilation as I have not changed anything in the project files. Here is the output from the build command: C:\NTDDK>cd .. C:\>cd fpfilter C:\fpfilter>build BUILD: Object root set to: ==> objchk BUILD: /i switch ignored BUILD: Compile and Link for i386 BUILD: Loading c:\NTDDK\build.dat... BUILD: Computing Include file dependencies: BUILD: Examining c:\fpfilter directory for files to compile. c:\fpfilter - 2 source files (1,122 lines) BUILD: Saving c:\NTDDK\build.dat... BUILD: Compiling c:\fpfilter directory Compiling - fpfilter.rc for i386 Compiling - fpfilter.c for i386 BUILD: Linking c:\fpfilter directory Linking Executable - objchk\i386\fpfilter.sys for i386 BUILD: Done 2 files compiled 1 executable built C:\fpfilter>build BUILD: Object root set to: ==> objchk BUILD: /i switch ignored BUILD: Compile and Link for i386 BUILD: Loading c:\NTDDK\build.dat... BUILD: Computing Include file dependencies: BUILD: Examining c:\fpfilter directory for files to compile. BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\winbase.h: cannot find include file <macwin32.h> BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\wingdi.h: cannot find include file <macwin32.h> BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\winuser.h: cannot find include file <macwin32.h> BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\winnls.h: cannot find include file <macwin32.h> BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\winreg.h: cannot find include file <macwin32.h> BUILD: c:\fpfilter\fpfilter.rc: c:\ntddk\inc\mmsystem.h: cannot find include fil e <macwin32.h> BUILD: Linking c:\fpfilter directory BUILD: Done Tag: enumerate handles Tag: 88303
  - 8
    - DIFx: DriverPackageInstall for non-PnP devices? Hi, is it possible to install a non-PnP device with the DriverPackageInstall function or with DPInst.exe? I have a W2k driver for a non-PnP device that must be installed with the Add New Hardware Wizard (until now) and I like to automate the installation with a setup.exe or DPInst.exe. DriverPackageInstall / DPInst.exe installs my driver files in the DRVSTORE but the device will not be installed. Below, you will find the begin of my inf file and the DPINST.LOG output. Any idea? Thanks in advance! :)Dieter pci_f14_mon.inf ------------------ [Version] Signature="$Windows NT$" Class="BBIS boards" ClassGUID={A729BECD-2979-48f3-AA9F-7E0B96A0A98C} Provider=%MEN% DriverVer = 11/02/2006,1.4.0.0 [SourceDisksNames.x86] 1=MEN 13m00006 - MDIS System Package for Windows,"",, [SourceDisksFiles.x86] men_qt-mt.dll=1 men_mdis_clinst.dll=1 men_evlg.dll=1 men_pci.sys=1 [DestinationDirs] DefaultDestDir=12 ClassInst_Files=11 ;; ;; Class installation section ;; [ClassInstall32.ntx86] AddReg=AddClassReg CopyFiles=ClassInst_Files [AddClassReg] HKR,,,,"BBIS boards" HKR,,Icon,,101 HKR,,Installer32,,"men_mdis_clinst.dll,BbisClassInstaller" [ClassInst_Files] men_qt-mt.dll,,,%COPYFLG% men_mdis_clinst.dll,,,%COPYFLG% men_evlg.dll,,,%COPYFLG% ;; ;; Device list ;; [Manufacturer] %MEN%=MEN [MEN] "PCI - ICH6/7 LPC on MEN F14/F15/F17/D601 CPU (required for F14_MON)"=*PCI*,root\men_pci ;; ;; *PCI* sections ;; [*PCI*] ... DPINST.LOG -------------- INFO: **************************************** INFO: Current working directory: 'V:\TEST\DPInst\PCI_F14_MON' INFO: Running on path 'V:\TEST\DPInst\PCI_F14_MON' INFO: DPInst.xml does not list the current UI language. INFO: User UI Language is 0x409. INFO: Install option set: legacy mode on. INFO: Found driver package: 'V:\TEST\DPInst\PCI_F14_MON\pci_f14_mon.inf'. INFO: Preinstalling 'v:\test\dpinst\pci_f14_mon\pci_f14_mon.inf' ... INFO: ENTER: DriverPackagePreinstallW SUCCESS:v:\test\dpinst\pci_f14_mon\pci_f14_mon.inf is preinstalled. INFO: RETURN: DriverPackagePreinstallW (0xB7) INFO: ENTER: DriverPackageGetPathW SUCCESS:Found driver store entry. INFO: RETURN: DriverPackageGetPathW (0x0) INFO: ENTER: DriverPackageInstallW INFO: Installing INF file "D:\WINDOWS\system32\DRVSTORE\pci_f14_mo_7EC8FD667D6017CA2525C7A69712478741E71D7B\pci_f14_mon.inf" of Type 6. INFO: Looking for Model Section [MEN]... INFO: No matching devices found in INF "D:\WINDOWS\system32\DRVSTORE\pci_f14_mo_7EC8FD667D6017CA2525C7A69712478741E71D7B\pci_f14_mon.inf" on the Machine. INFO: No drivers installed. No devices found that match driver(s) contained in 'D:\WINDOWS\system32\DRVSTORE\pci_f14_mo_7EC8FD667D6017CA2525C7A69712478741E71D7B\pci_f14_mon.inf'. SUCCESS:Installation completed with code 0xE000020B. INFO: RETURN: DriverPackageInstallW (0xE000020B) INFO: No matching device was found for 'v:\test\dpinst\pci_f14_mon\pci_f14_mon.inf'. Driver will be installed when plugged in. INFO: Returning with code 0x100 INFO: 10/01/2006 01:37:34 ------------------- Tag: enumerate handles Tag: 88296
  - 9
    - Problem With - KSPROPERTY_DROPPEDFRAMES_CURRENT!!! & AmCap Hello, I have developed Avstream minidriver for camera device having a video capture pin. I have implemented PROPSETID_VIDCAP_DROPPEDFRAMES property for pin and in the handler i am returning all values properly. But i have some issues regarding it, 1) when tried driver with amcap application it dint show any kind of status of captured and dropped frame. 2) When i tried debugging , though it got IID_IAMDroppedFrames interface its failing at hr = gcap.pDF->GetNumDropped(&lDropped); 3) When i checked Driver log my handler is called too. but still amcap is not able to display the capture and drop information returned to it. 4) Captured file is playing properly, but when amcap is capturing , preview window goes blank no video is being previewed during capturing to file. Please help me . Thanks & Rgds, Darshan Tag: enumerate handles Tag: 88295
  - 10
    - How to set MTU for a virtual ethernet NIC driver Hi all, I have a miniport adapter (Virtual NIC) driver. Can anyone tell me how can I change its MTU? Thanks, Arsalan Tag: enumerate handles Tag: 88294
  - 11
    - Hyperthread issue Hi , I have developed a virutal ethernet driver which runs on a pci card. This works fine on a single cpu machine(celeron) with windows XPE. when i want the same to work on the hyperthread machine (p4) with windows XPE, i am facing a problem. Send handler running in the Dispatch level, is called for the second time by the same cpu(say cpu 1), even before the first call gets completed. The send handler holds a spinlock within that is sends the acknowledgements to the application. During the 2nd call, when the cpu tries to acquire the spinlock, the system hangs. Please let me know whether the above phenomenon is proper and how to avoid this race condition. Regards, Kans. Tag: enumerate handles Tag: 88293
  - 12
    - Using DIFxApp with Visual Studio 2005 Can you use DIFxApp merge modules with Visual Studio 2005? I added DIFxApp.msm to my existing setup project. What I would like to do now is add a driver package to the setup project. But I can't figure out what to do to achieve this. The msm has mininal properties and I can't find any GUI for adding a driver package. I see a lot of references to database tables and orca but they don't seem to have a parallel in VS2005. Any help appreciated. Tag: enumerate handles Tag: 88291
  - 13
    - NDIS mini-port and an application power management cooperation Hi All, The issue has been already discussed in a few forums. However, I would like to raise another aspect - can a "friendly" application be used in cooperation with NDIS mini-port driver to detect and to initiate the device low power setting. We have encountered the same problem with NDIS mini-port limitations - low power setting while a device idle (no activity). But in our situation we provide both an application and NDIS mini-port driver SW packages. Thus, my question is: Can we involve our application SW in order to initiate the NDIS mini-port driver low power setting? For example, Vista allows DeviceControl (even proprietary ones) IOCTLs communication between an application and device driver. Can such mechanism be used in order to initiate a device low power transition (e.g USB selective suspend) while the device detects idle conditions? Thanks in advance, Avi Tag: enumerate handles Tag: 88285
  - 14
    - Calling ReadRegistryParams() and NdisOpenConfiguration() from MiniportInitialise() causes system instability. I have seen various BSODs unrelated to my driver that I have tracked down to a combination of these function calls at initialise time. Are there any known issues regarding this? Thanks in advance. Tag: enumerate handles Tag: 88282
  - 15
    - use toaster sample to simulate USB device enumeration I am studying the toaster on bus behavior. Now I want to know can I use this sample to simulate USB device plugin/unplug. 1. can I use 'enum' console application to send the IOCTL to tell the busenum driver that a new USB device is plugged in? Do I need to modify the code of it? 2. what do I need to modify the busenum driver code to tell PnP manager that a USB device is attached? Any comment is appreaciated. Tag: enumerate handles Tag: 88281
  - 16
    - (null) For the past 30 years or so, when seeing the word "(null)" (without the quotes but with the parentheses) output in the middle of an otherwise sensible output string, it has commonly been due to passing a null pointer to printf or similar API. My understanding is that this started with BSD Unix, maybe when someone decided that some abuses of null pointers were less important than others so they made printf display (null) instead of segfaulting, or maybe a coder of printf internals forgot that segfaulting would be a good thing to do, at least during debugging stages. Does a Windows XP API (maybe a native API) do the same thing? Or is it just coincidence? Does the boot-time version of the CHKDSK command pass a null pointer to an API where a non-null pointer is required? Or is it just a coincidence? Maybe the boot-time version of the CHKDSK command intentionally outputs the word (null) to give geeks a scare but maybe it's mostly harmless? It was really really comforting to see Windows XP boot after displaying the following on a blue background: Windows replaced bad clusters in file \pagefile.sys of name (null). Windows replaced bad clusters in file \WINDOWS\MEMORY.DMP of name (null). It was really really comforting to see Windows boot after that, and operate without any apparent ill effects. It was really really comforting to see Windows XP robustly survive some strongly suspicious evidence that low-level internals are passing null pointers around where non-null pointers are required. But maybe it was just a coincidence? Or by design? Windows XP internals don't really pass null pointers around where non-null pointers are required, right? They surely wouldn't pass such things to printf, they surely wouldn't pass such things to memcpy, they surely wouldn't write such things into memory descriptors in RAM or file descriptors on disk or anything else like that, right? They've all been verified, right? Tag: enumerate handles Tag: 88271
  - 17
    - Please example of RtlStringCbVPrintfA...! Hi. I try to use RtlStringCbVPrintfA funciton. my code: RtlStringCbVPrintfA(pszBUFF, nPathSize, "%s\\%s", szVolume, szFolder); But the code is 'too many parameter'. So I made next code: void printfA(PCHAR szDest, int nDestSize, PCHAR Format, ...) { va_list va; NTSTATUS status; va_start(va, Format); status = RtlStringCbVPrintfA(szDest, nDestSize, Format, va); va_end(va); } But the code doesn't work also. How do I use the function? Tag: enumerate handles Tag: 88269
  - 18
    - Please example of RtlStringCbVPrintfA...! Hi. I try to use RtlStringCbVPrintfA funciton. my code: RtlStringCbVPrintfA(pszBUFF, nPathSize, "%s\\%s", szVolume, szFolder); But the code is 'too many parameter'. So I made next code: void printfA(PCHAR szDest, int nDestSize, PCHAR Format, ...) { va_list va; NTSTATUS status; va_start(va, Format); status = RtlStringCbVPrintfA(szDest, nDestSize, Format, va); va_end(va); } But the code doesn't work also. How do I use the function? Tag: enumerate handles Tag: 88268
  - 19
    - Please example of RtlStringCbVPrintfA...! Hi. I try to use RtlStringCbVPrintfA funciton. my code: RtlStringCbVPrintfA(pszBUFF, nPathSize, "%s\\%s", szVolume, szFolder); But the code is 'too many parameter'. So I made next code: void printfA(PCHAR szDest, int nDestSize, PCHAR Format, ...) { va_list va; NTSTATUS status; va_start(va, Format); status = RtlStringCbVPrintfA(szDest, nDestSize, Format, va); va_end(va); } But the code doesn't work also. How do I use the function? Tag: enumerate handles Tag: 88267
  - 20
    - Vista 5840 and Int 2C Hi! The OS is triggering this assert while my driver is executing its interrupt handler. I suspect that the OS is hitting the assert because we may be within DPC for too long. However, how can I find out the root cause for this assert? Thanks! Tag: enumerate handles Tag: 88264
  - 21
    - Does WDK include IFS? cannot find ntifs.h Hi. I have to port a Filter Driver to Vista. The Driver is working well in 2k, XP, 2k3 and i've used IFS for developing it. I read some articles that indicates WDK insludes IFS KIT, then I'd downloaded WDK beta.(WDK RTM build 6000.16386) But I can't find 'ntifs.h' in WDK (or WinDDK directory). I used #include ntifs.h in old source, i'm facing a huge wall. Should i 'modify all' my source to work well without ntifs.h? or Use IFS Kit for Windows Server 2003 SP1 with WDK? Please help. Regards Atdda Tag: enumerate handles Tag: 88263
  - 22
    - filtering ipnat.sys Has anyone tried to filter ipnat.sys? I have a machine that is using internet connection sharing and I have an NDIS IM driver monitoring the public interface. My IM driver sees NAT'd addresses and I need to associate these addresses to the original addresses. I've seen some stuff on the net about a user mode API which you can use to query the NAT table that ipnat.sys maintains, but I want to do this in kernel mode - perhaps by filtering the interface between tcpip.sys and ipnat.sys. Perhaps I can use a TDI driver to do this, or perhaps I can get my IM driver to send IOCTRL's directly to ipnat.sys to query the NAT table. Any suggestions? Tag: enumerate handles Tag: 88262
  - 23
    - Questions about Windows Installer, DIFX and non-device drivers Hi, I am using Wise for Windows Installer for creating an msi package that will install 32-bit non-device minifilter drivers plus the end user app. The driver package consists of three .SYS files, one INF and one CAT file. All of the drivers will be signed with the Authenticode (not WHQL). I am using the latest version of DIFxApp.msm. I have configured my test system (XP) to run in a debug mode, so I can avoid the problems related to signature validation. So far I have been unable to successfully install using the DIFx tools. I have examined the INF using chkinf.bat and fixed all of the errors. This INF works fine when I use right-click menu option "Install". The Setupapi.log shows only warnings related to drivers' signatures, but everything else gets installed. When I use the same INF with the msi and DIFx, the install fails with the msg in the log: "Could not get services associated with driver package". there is no problem with starting the services when I use right-click menu option "Install". 1. Can I use one INF file for all the three signed drivers? "The Requirements for Driver Packages That Are Used with the DIFx Tools" MS doc reads: "Each signed driver package INF must have its own catalog file, which contains the signature for the driver package. The DIFx tools do not support catalog files that contain signatures for more one driver package". Does it mean that I need to have three separate INFs and corresponding catalog files? That would be strange since a single INF works with the setupapi. 2. DDK docs state explicitly that CatalogFile entry in the Version section of the INF file is "for signed antivirus minifilters, this entry contains the name of a WHQL-supplied catalog file. All other minifilters should leave this entry blank. For more information, see the description of the CatalogFile entry in INF Version Section". When I use DIFxApp.msm, the install will fail if there is no CatalogFile entry and there is nothing in the documentation that would suggest this entry is optional. So, I have assumed that when using DIFx tools I must use catalog files even when installing minifilter drivers. Is that correct? 3. The DriverPackageType in the [Version] section is listed as "FileSystemMinifilter". The latest version of the DIFx tools lists only two types: ClassFilter and PlugAndPlay. Should I change that entry to ClassFilter or is it backwards compatible. I recall seeing a post somewhere stating that using FileSystemMinifilter is OK. 4. I came across a post stating: "The issue is if you talk with the DIFx guys they will tell you that non-device drivers are not supported with DIFx. If it works be happy and continue to use it but if you have issues they won't do anything about it right now. Hopefully we will get this resolved (and supported) soon". Does this statement apply to Vista only or DIFx tools in general? What are my options in a situation where I need to use Windows Installer technology to install drivers with the application. My understanding is that there is no other other built-in support for installing drivers using Windows Installer than DIFx. If DIFx does not support non-device drivers it leaves me with no alternative. What am I supposed to do to install in a supported way non-device drivers using Windows Installer technology? I would appreciate your advice. Thanks, Jack Tag: enumerate handles Tag: 88258
  - 24
    - Help-Mux virtual miniport dirver showed as Disabled. Hi all, When I install Mux driver, the virtual miniport always showed up as Disabled. When I do right click to Eanbled and it said "Connection Failed." Yes, NdisImInitializeDeviceInstanceEx get called twice in PtBindAdapter and PtPnpNetEventReconfigure(by callling NdisReEnumerateProtocolBindings). I used DDk debuger but it still doesn't help, any suggestion? Sorry, I have to reposted again because someone used my last thread as a test page and I don't get any more responds after that. thanks, Tag: enumerate handles Tag: 88255
  - 25
    - Q: Are there multiple 'Plug and Play' drivers that I can try for my monitor? Someone jsut gave me a AXESS EP718 17" LCD and it works, but the picture is all pixelly. I have a feeling that it's just about toast, but I'm wonding if it could be a driver issue. I don't have the software that came with it, so I was wondering if there were different versions of XP's 'plug and Play' driver that I could try, to see it it makes any difference. Any other thoughts or ideas? Nice to have a monitor that doesn't take up half my desk, but I don't know how much longer I can look at it. It seems to be constantly changing; sometimes the brightness fades a bit, colour changes a touch or (like just now) the screen vibrates for a second. Any help would be greatly appreciated. (now the grey is gold; ok, now its grey again). Tag: enumerate handles Tag: 88254
- Next
  - 1
    - RtlInitUnicodeString and RtlFreeUnicodeString conventions For an uninitialized UNICODE_STRING, is it necessary to call RtlInitUnicodeString before calling a function like RtlStringFromGUID (or do functions like that unconditionally overwrite the previous contents of the structure)? For an initialized UNICODE_STRING, is it necessary to call RtlFreeUnicodeString before calling a function like RtlStringFromGUID (or do functions like that attempt to free the previously allocated buffer before overwriting the structure)? (Basically, are the conventions for UNICODE_STRING's and ANSI_STRING's similar to the conventions for BSTR's in COM?) Tag: enumerate handles Tag: 88249
  - 2
    - Problem with synchronous ReadFile() calls inside the NDIS miniport driver & some strange behaviour...please help URGENT Hello all, I am developing a NDIS miniport driver which also exposes a file interface (for CreateFile(), ReadFile(), WriteFile() etc).I created this file interface inside the MiniportInitialize() function using NdisMRegisterDevice() API. There are few problems which I am getting as follows: 1. If I try to assign different dispatch entry point functions then my driver is breaking the system (I am getting blue screen). The only way to avoid this I found is to use the same function for all the IRP dispatche entry points like below: DispatchTable[IRP_MJ_CREATE] = MyDeviceHook; DispatchTable[IRP_MJ_CLOSE] = MyDeviceHook; DispatchTable[IRP_MJ_READ] = MyDeviceHook; DispatchTable[IRP_MJ_WRITE] = MyDeviceHook; DispatchTable[IRP_MJ_DEVICE_CONTROL] = MyDeviceHook; DispatchTable[IRP_MJ_CLEANUP] = MyDeviceHook; NdisInitUnicodeString(&DeviceName, NT_DEVICE_NAME); NdisInitUnicodeString(&DosDeviceName, DOS_DEVICE_NAME); Status = NdisMRegisterDevice(g_NdisWrapperHandle, &DeviceName,&DosDeviceName,&DispatchTable[0],&tapDevice->devObj,&tapDevice->handle); and then use switch cases inside the MyDeviceHook() function for pIrpSp->MajorFunction to direct to particular function for handling read, write, close etc. My question is why I am unable to specify different dispatch entry point functions here? Is it something wrong with NDisMRegisterDevice() API. DDK documentation says that I should use as many different dispatch entry point functions for my different IRP_MJ_XXX codes handle by the driver. 2. Secondly I am using Cancel-Safe Irp (not Ex version) mechanism to pend read Irps until data is available from the other end of my Ndis miniport (i am transferring TCP/IP packets to my the user application via ReadFile()). However, when a read Irp is pending and I call CloseHandle() from my user application to close the handle, I expect that Close Irp will be called but it never get called and my application hangs. Please tell me why is it happening like that? I am using WinDDK (2600~1.110) on my Windows XP machine. Please reply soon as I am meeting deadlines. Thanks, Arsalan Tag: enumerate handles Tag: 88244
  - 3
    - RNDIS drivers don't support IAD ? I have a USB composite device and one of the subdevice is RNDIS. By monitoring the debug traces with checked build of usb8023.sys and rndismp.sys, I found windows RNDIS driver cannot find the pipes (bulk endpoints and interrupt endpoint) it needs. The USB configuration descriptors use IAD (Interface Association Descriptor) to indicate the group of interfaces by each device. While I modify the USB configuration device on my USB device, it is working fine as ususal. I am speculating the existing RNDIS drivers could not deal with IAD correctly. Anyone in MS can confirm this ? If this is the case, how to approach MS to fix this problem to make it support USB composite device and IAD correctly ? -Gary Tag: enumerate handles Tag: 88242
  - 4
    - How to send IOCTLs to a filter driver KB uses wrong mutex? The microsoft KB on "How to send IOCTLs to a filter driver" http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q262305 uses a FastMutex to synchronize creation and deletion of control objects. The documentation for ExAcquireFastMutexUnsafe says: ExAcquireFastMutexUnsafe can be safely called only at IRQL = APC_LEVEL. Even if you were to use ExAcquireFastMutex, it sets the IRQL to APC_LEVEL. However, in the MS example, FilterCreateControlObject calls IoCreateSymbolicLink after calling ExAcquireFastMutexUnsafe and the documentation for IoCreateSymbolicLink says: Callers of IoCreateSymbolicLink must be running at IRQL = PASSIVE_LEVEL So is this a bug? Or did I miss some documentation where this is ok? I've run the code and it didn't crash, but according to the documentation, this isn't right. Gabe Tag: enumerate handles Tag: 88239
  - 5
    - CD/DVD read only - lower filter driver question Hi all, I have implemented a filter driver below CdRom and above StoragePort (atapi in my test case) as a lower filter to CdRom. I see all the traffic and specifially GET_CONFIGURATION resp READ_DISC_INFORMATION opcodes depending on the drive. My questions: To say that the disk is not writable, is it enough to patch the - CurrentProfile in the GET_CONFIGURATION response or - the Erasable bit and Disc Status in the READ_DISC_INFORMATION response I would tend to do the patch work in the respective completion routine and thus take the srb->DataBuffer and amend the buffer data appropriately. Is this the right way / place to do it? Could the SRB's DataBuffer be accessed directly or is it an MDL? Tag: enumerate handles Tag: 88235
  - 6
    - Multiple Report ID Problem Hi All, I have a HID keyboard application. I have single interface with one IN endpoint EP1(IN) for keyboard and one OUT endpoint EP2(OUT) for recieving data from the PC software. I have modified the existing report descriptor with addition of a vendor defined collection for output report descriptor as follows. DESCRIPTOR MyRepDesc[L_F_KBD_REP] PROGMEM = { // bootable keyboard report 0x05, 0x01, // Usage Page (Generic Desktop) 0x09, 0x06, // Usage (Keyboard) 0xA1, 0x01, // Collection (Application) 0x05, 0x07, // Usage Page (Key Codes) 0x19, 0xE0, // Usage Min (E0h = 224d) 0x29, 0xE7, // Usage Max (E7h = 231d) 0x15, 0x00, // Logical Min (0) 0x25, 0x01, // Logical Max (1) 0x75, 0x01, // Report Size (1) 0x95, 0x08, // Report Count (8) 0x81, 0x02, // Input (Data, Variable, Abs) 0x95, 0x01, // Report Count (1) 0x75, 0x08, // Report Size (8) 0x81, 0x01, // Input (Const, Ary, Abs) 0x95, 0x05, // Report Count (5) 0x75, 0x01, // Report Size (1) 0x05, 0x08, // Usage Page (LED) 0x19, 0x01, // Usage Min (1) 0x29, 0x05, // Usage Max (5) 0x91, 0x02, // Output (Data, Var, Abs); LED report 0x95, 0x01, // Report Count (1) 0x75, 0x03, // Report Size (3) 0x91, 0x01, // Output (Constant); padding 0x95, 0x06, // Report Count (6) 0x75, 0x08, // Report Size (8) 0x15, 0x00, // Logical Min (0) 0x26, 0xFF, 0x00, // Logical Max (255); all allowed key codes 0x05, 0x07, // Usage Page (Key Codes) 0x19, 0x00, // Usage Min (0) 0x2A, 0xFF, 0x00, // Usage Max (255); all allowed key codes 0x81, 0x00, // Input (Data, Ary); Key arrays (6 bytes) 0xC0 // End Collection total 65 (41h) bytes 0x06, 0xA0, 0xFF, // USAGE_PAGE (Vendor Usage Page 1) 0x09, 0x01, // USAGE (Vendor Usage 1) 0xA1, 0x01, // COLLECTION (Application) 0x85, 0x02, // Report ID (1) 0x09, 0x01, // USAGE (Vendor Usage 1) 0x15, 0x00, // LOGICAL_MINIMUM (0) 0x26, 0xFF, 0x00, // LOGICAL_MAXIMUM (255) 0x75, 0x08, // REPORT_SIZE (8) 0x95, 0x06, // REPORT_COUNT(6) 0x91, 0x02, // OUTPUT (Data,Var,Abs) 0xC0 // END_COLLECTION But its not enumarating ...whether i need to make any changes in my report descriptor? Thanks in Advance Tag: enumerate handles Tag: 88231
  - 7
    - determining what property sets are supported by a WDM streaming device Is there a way for an application to enumerate all the property set GUID's that a given WDM streaming device supports via its IKsPropertySet implementation? (I would like an application I am writing to have its own UI for all the properties supported by a given streaming WDM video capture device, even its custom properties.) Kronon Tag: enumerate handles Tag: 88230
  - 8
    - Help required with ddk sample FPFilter I compiled the 'fpfilter' driver from the ddk samples and the 'addfilter' app which is used to apply it to disk volumes. In the fpfilter I find an 'inf' file, I installed it with the 'install' context menu of explorer, then I added a volume with addfilter, then rebooted, and it doesn't work, i.e. the drive letter which corresponds to the volume has now disappeared from the explorer folder view? Thanks. Tag: enumerate handles Tag: 88228
  - 9
    - How to obtain a Handle on Tescap driver ?? Hi, I actually try to modify the TestCap sample of the DDK. And I would communicate with it in a user-mode application but I can't obtain a handle on it. The CreateFile functions always reject the name of the driver. Could you help me ?? I've found a message named "Use IOCTL in testcap ddk sample question?" but it was not useful for me... Tag: enumerate handles Tag: 88223
  - 10
    - UpdateDriverForPlugAndPlayDevices() return ERROR_FILE_NOT_FOUND on Vista x86 Hi, On Vista build 5744 x86, my uninstallation program calls UpdateDriverForPlugAndPlayDevices() to uninstall my proprietary mouse filter driver, but gets return value ERROR_FILE_NOT_FOUND. The parameter fullInfPath passed to UpdateDriverForPlugAndPlayDevices() is the full path to inbox msmouse.inf. I am sure it exists. Could someone please tell me how to solve the problem or advise some alternatives? Thanks. Regards, David Tag: enumerate handles Tag: 88216
  - 11
    - dont get the removecomplete message from the window XP. Hello, I'm working on WIN32 application which monitors and passes data from and to USB Device which also support serial communication . I monitors device arrival/removal notification ( Serial Port ), by the way, especially while I try to read data from USB device, if i remove usb device from PC, I dont get the removecomplete message from Windows. My process is the following. 1) Device Arrival ( Serial Port -DBT_DEVTYP_PORT) 2) Open Serial Port 3) Write/Read Serial Port 4) Close Serial Port 5) Open USB Device Port 6) Write/Read USB Device 7) if Read Failed, Close USB Device Handle 8) Device RemoveComplete ( Serial Port - DBT_DEVTYP_PORT ) ==> dont get that message . The Device Driver Developer said to me that He verified the following fact. My app closes serial com port, and closes USB Device port, and Device Driver called WinAPI for Windows Event iosetdeviceinterfacestate() to OS. => But My App or the other windows event collector(test program ) dont get that messages. After I kill My App, The RemoveComplete Event is notified. Except closing opened port, what else should I do? Any suggestion will be appreciated. Regards, kiyo, Tag: enumerate handles Tag: 88210
  - 12
    - video capture filter driver, detect current streaming format Hello all. I wrote a usb camera filter driver that can do some processing before the image data was submited to the appliction from the driver. Now I can modified the image data(which comes with the IOCTL of IOCTL_KS_READ_STREAM), but I can't get the format(such as size, rgb or yuv...)of current stream. I also found something from here: http://groups.google.com/group/microsoft.public.development.device.drivers/browse_thread/thread/72d37da008f62553/c84a2e1dadc7af13?lnk=st&q=filter+driver+format&rnum=2&hl=zh-CN#c84a2e1dadc7af13 but it seems not work. Any one can help me? Best Regards __ Martin Zhang Tag: enumerate handles Tag: 88209
  - 13
    - upper audio filter driver Hi, How does the IO Manager/PNP manager recognise a driver to be an upper level filter driver for the "audio" class of devices? Where does it look, and for what? Thanks in advance! Tag: enumerate handles Tag: 88203
  - 14
    - How do I send string to driver? Hi. I'm a beginner of device driver development. Now I'm writting any driver. I wrote 'theDriverObject->MajorFunction[IRP_MJ_WRITE] = OnMyDispatch;' So I can receive 'IRP_MJ_WRITE' in 'OnMyDispatch'. Now I have to send any string to the driver. I think it's possible by IRP_MJ_WRITE. How do I do it? (In fact, I need simple example.) Tag: enumerate handles Tag: 88199
  - 15
    - Make INF for filter driver jarvisbao wrote: > *Hi All, > We've developed a lower filter driver for CD/DVD, and we want to get > WHQL signature, so we performed "Unclassified Signature Program" task > on DTM, all the jobs have been passed except the job 828 (Run INFTest > with single INF). I know it will use chkinf to check our INF file. > Attached is the INF for our driver, can anyone suggest to make our > INF file pass the chkinf test? > > Thanks > > Jarvis Bao * We signed our driver with embedded digital signature, so it did not include CAT file, and no CLASS, CLASSGUID specified, but the chkinf would tell us that the CLASS, CLASSGUID, and CatalogFile filds are required. -- jarvisbao ------------------------------------------------------------------------ Posted via http://www.codecomments.com ------------------------------------------------------------------------ Tag: enumerate handles Tag: 88197
  - 16
    - Make INF for filter driver Hi All, We've developed a lower filter driver for CD/DVD, and we want to get WHQL signature, so we performed "Unclassified Signature Program" task on DTM, all the jobs have been passed except the job 828 (Run INFTest with single INF). I know it will use chkinf to check our INF file. Attached is the INF for our driver, can anyone suggest to make our INF file pass the chkinf test? Thanks Jarvis Bao +----------------------------------------------------------------+ | Attachment filename: afc.zip | |Download attachment: http://www.codecomments.com/attachment.php?postid=3328637 | +----------------------------------------------------------------+ -- jarvisbao ------------------------------------------------------------------------ Posted via http://www.codecomments.com ------------------------------------------------------------------------ Tag: enumerate handles Tag: 88196
  - 17
    - Vista, rollback driver In the escrow build, x86, I've updated an inbox driver to my test signed version from Device Manager. It complained that the driver is unsigned, created restore point, etc. Later I wanted to roll it back, but the rollback button was grayed. I did uninstall and remove files. Then Vista immediately found and reinstalled the in-box driver. Two questions: a. Why the roll-back button was grayed? Some error on my side, or a feature of Vista? b. Can we disable the immediate reinstall after removing a driver, or is this considered for future? (Why: suppose that the previous version is bad and crashed. Restoring it will result in... yes, crash ). Regards, --PA Tag: enumerate handles Tag: 88192
  - 18
    - Mouse Development, use HID-USB or RS-232? Hello, As my senior design project i'm developing a computer pointing device that i'd like the computer to interpret as a mouse. The mouse will eventually be designed to support movement in three dimensions, however if i can just get limited functionality working with the PC, i'll be happy. In that case, i'm trying to determine the best way to implement PC connectivity with the device. I'm trying to wage the amount of effort needed to connect the mouse using the USB HID protocol. The problem is i'm having trouble finding resources on implementing a USB HID device. The datasheets for the microprocessors i'm considering do not document HID integration very well with their devices. Does anyone have any suggestions as to implementation methods (USB or RS-232) ? would HID be the best option even if supporting three dimentions? thanks in advance Tag: enumerate handles Tag: 88167
  - 19
    - Bugcheck D1 in ks.sys I've written an AVStream video capture driver. When I turn on DriverVerifier, I get bugcheck D1 (!analyze -v output is below). It happens when I insert the filter into GraphEdt.exe, render the preview pin, and hit play. The bugcheck occurs after the first call to Process (right after entering the Run state). The memory being accessed (e3987bc8) is indeed pageable; !pool e3987bc8 2 shows: Pool page e3987bc8 region is Paged pool *e3987b68 size: 70 previous size: 28 (Allocated) *KSpf Owning component : Unknown (update pooltag.txt) It appears the KS.SYS has allocated the KSGATE structure from paged pool (the tag "KSpf" is not used in my driver, so I'm guessing it is KS). It also appears that KS.SYS is calling KsGateTurnInputOn at DISPATCH_LEVEL. I have added code to all of my functions to capture the IRQL coming in, and check it going out, to make sure it is the same; it comes up clean, so I'm 99% sure it's not me forgetting to release a spinlock or something. Any ideas? Oh, this is running on XP Pro SP2, with all the latest updates installed. TIA, -- mkj _______________________________________________ // // Michael K. Jones // Stone Hill Consulting, LLC // http://www.stonehill.com //_______________________________________________ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: e3987bc8, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: f6673dfd, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: e3987bc8 Paged pool CURRENT_IRQL: 2 FAULTING_IP: ks!KsGateTurnInputOn+d f6673dfd f00fc108 lock xadd [eax],ecx DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 8053225b to 804e3592 STACK_TEXT: ed1dc664 8053225b 00000003 ed1dc9c0 00000000 nt!RtlpBreakWithStatusInstruction ed1dc6b0 80532d2e 00000003 e3987bc8 f6673dfd nt!KiBugCheckDebugBreak+0x19 ed1dca90 804e187f 0000000a e3987bc8 00000002 nt!KeBugCheck2+0x574 ed1dca90 f6673dfd 0000000a e3987bc8 00000002 nt!KiTrap0E+0x233 ed1dcb24 f6678279 e3987bc8 86a0b2b8 866c9884 ks!KsGateTurnInputOn+0xd ed1dcb38 f6678b31 869c7270 86a0b2b8 00000000 ks!CKsQueue::SetStreamPointer+0x254 ed1dcb64 f667a310 01a0b2b8 00000000 861a56d0 ks!CKsQueue::AddFrame+0x5a ed1dcb90 f668cf3a 866c97d8 00000000 ed1dcbb0 ks!CKsQueue::TransferKsIrp+0x1e6 ed1dcbb8 f667bf85 86a5c020 87130f00 ed1dcbfc ks!CKsPin::DispatchDeviceIoControl+0x168 ed1dcbc8 804e37f7 86a5c020 87130f00 806ed2a4 ks!DispatchDeviceIoControl+0x28 ed1dcbd8 80669cc5 87130fd4 87130ff8 86704750 nt!IopfCallDriver+0x31 ed1dcbfc 80674c0b 86704698 86709170 87130f00 nt!IovCallDriver+0xa0 ed1dcc10 804e37f7 86704698 87130f00 806ed2a4 nt!ViDriverDispatchGeneric+0x2a ed1dcc20 80669cc5 861ca230 806ed070 87130f00 nt!IopfCallDriver+0x31 ed1dcc44 8056a101 87130fdc 866d26f8 87130f00 nt!IovCallDriver+0xa0 ed1dcc58 80579a8a 86704698 87130f00 866d26f8 nt!IopSynchronousServiceTail+0x60 ed1dcd00 8057bfa5 0000025c 00000314 00000000 nt!IopXxxControlFile+0x611 ed1dcd34 804de7ec 0000025c 00000314 00000000 nt!NtDeviceIoControlFile+0x2a ed1dcd34 7c90eb94 0000025c 00000314 00000000 nt!KiFastCallEntry+0xf8 057dfe68 7c90d8ef 7c8016be 0000025c 00000314 ntdll!KiFastSystemCallRet 057dfe6c 7c8016be 0000025c 00000314 00000000 ntdll!ZwDeviceIoControlFile+0xc 057dfecc 5e04b82d 0000025c 002f4017 00000000 kernel32!DeviceIoControl+0x78 057dff44 5e03ce0a 0027ff7c 00000001 057dff7c ksproxy!CStandardInterfaceHandler::KsProcessMediaSamples+0x227 057dff84 5e03cf32 00000000 057dffb4 5e041762 ksproxy!CKsOutputPin::QueueBuffersToDevice+0x128 057dff90 5e041762 00000000 0090cce0 0006f2b8 ksproxy!CKsOutputPin::MarshalRoutine+0x16 057dffb4 7c80b683 00917758 0006f2b8 77d4d598 ksproxy!CAsyncItemHandler::AsyncItemProc+0x18e 057dffec 00000000 5e0415d4 00917758 00000000 kernel32!BaseThreadStart+0x37 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: ks!KsGateTurnInputOn+d f6673dfd f00fc108 lock xadd [eax],ecx FAULTING_SOURCE_CODE: SYMBOL_STACK_INDEX: 4 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: ks!KsGateTurnInputOn+d MODULE_NAME: ks IMAGE_NAME: ks.sys DEBUG_FLR_IMAGE_TIMESTAMP: 41107ef8 FAILURE_BUCKET_ID: 0xD1_W_VRF_ks!KsGateTurnInputOn+d BUCKET_ID: 0xD1_W_VRF_ks!KsGateTurnInputOn+d Followup: MachineOwner --------- Tag: enumerate handles Tag: 88153
  - 20
    - Moufiltr, ServiceCallback I have been modified the DDK sample moufiltr driver to be accessed by user app. user mode app can access to the control objcet with the symbolic link. It also works well with WriteFile() - IRP_MJ_WRITE. But when it call MouFilter_ServiceCallback() in IRP_MJ_WRITE hanlder, PC is rebooted immediately. I'd like to create a mouse packet in the driver from the user mode app call. What is wrong? What should I do? Thank you. -- Blade Tag: enumerate handles Tag: 88151
  - 21
    - ScsiPort and mapBuffers Folks, I have a scsiport miniport driver. The hardware I talk to supports DMA so I do not need system virtual address for doing read/write commands. However I need to emulate some SCSI commands and need mapped buffers for non-read/write commands processing like test unit ready etc. In scsiport model if I set the mapBuffers to TRUE I will get system virtual address in data pointe for all commands including read/write commands. I beleive creating this mapping is a costly operation. I there a way I can set the mapBuffers to FALSE and then for non read/write commands only get a virtual address to map the physical address? Since my driver is an experimental driver I am fine using "disallowed" windows driver commands. Any help much appreciated. Thanks in advance. regards vs Tag: enumerate handles Tag: 88148
  - 22
    - StorPort for Windows XP Folks, I have a Scsiport miniport that I wish to convert to the storport model. I could not find support for storport on Win XP. I saw the support available only for Win Server 2003. In the WinHEC 2006 slides around this topic I saw a statement that a backport to WinXP is under consideration. Is this port available or is there a beta/eval version available? I am currently still in experimental stage so even a eval/beta version of the port drivers will help me get through what I am doing now. Thanks in advance for your assistance regards windrv Tag: enumerate handles Tag: 88136
  - 23
    - Start /Stop WZC from code like NetStumbler Hello!, How can I stop the WZC from the code of my application like the NetStumbler?? I have done a NDIS Protocol Driver "mydriver.sys" like ndisuio, then How can I start "mydriver.sys" from the code of my application in Visual C#.NET?? I can do all that with "net start wzcsvc / mydriver" or "net stop wzcsvc" from command line, but I want to do that from the code of my application. Please, can you tell me how can I do that?? Tag: enumerate handles Tag: 88135
  - 24
    - cat installing under Vista x64 Hi I have the followinbg problem: I have a legacy driver with the following inf ;;; ;;; Hardlock sys ;;; ;;; ;;; Copyright (c) 2006, Aladdin Knwoledge Systems LTD. ;;; [Version] Signature = "$Windows NT$" Provider = %Aks% DriverVer = 11/9/2006,3.41 CatalogFile = hardlock.cat [DestinationDirs] DefaultDestDir = 12 Hlk.DriverFiles = 12 ;%windir%\system32\drivers ;; ;; Default install sections ;; [DefaultInstall] OptionDesc = %HlkServiceDesc% CopyFiles = Hlk.DriverFiles [DefaultInstall.Services] AddService = %HlkServiceName%,,Hlk.Service ; ; Services Section ; [Hlk.Service] DisplayName = %HlkServiceName% Description = %HlkServiceDesc% ServiceBinary = %12%\hardlock.sys ;%windir%\system32\drivers\hardlock.sys ServiceType = 1 ;SERVICE_FILE_SYSTEM_DRIVER StartType = 2 ;SERVICE_AUTO_START ErrorControl = 1 ;SERVICE_ERROR_NORMAL ; ; Copy Files ; [Hlk.DriverFiles] hardlock.sys [SourceDisksNames] 1 = %Disk1% [SourceDisksFiles] hardlock.sys = 1 ;; ;; String Section ;; [Strings] Aks = "Aladdin Knowledge Systems" HlkServiceDesc = "Aladdin Hardlock Legacy Driver" HlkServiceName = "hardlock" Disk1 = "File Source Media" I've build a .cat using makecat -v hardlock.cdf from following file: [CatalogHeader] Name=hardlock.cat PublicVersion=0x0000001 EncodingType=0x00010001 CATATTR1=0x10010001:OSAttr:2:6.0 [CatalogFiles] <hash>File1=hardlock.sys <hash>File2=hardlock.inf then signed the cat with our own certificate whic is added on the test machine in the Trusted Root Store and Trusted Publisher store. On the test Vista X64 build 5744 the testsigned is on and when I've embedded sign the drivber there is no problem to load the driver. I've used the fvollowing program to add the .cat to the cat data base and I see that it is added in the cat root. #include <windows.h> #include <stdio.h> typedef BOOL (__stdcall * PCryptCATAdminAcquireContext)(PVOID* phCatAdmin,const GUID* pgSubsystem,DWORD dwFlags); typedef BOOL (__stdcall* PCryptCATAdminReleaseContext)(PVOID hCatAdmin,DWORD dwFlags); typedef PVOID (__stdcall * PCryptCATAdminAddCatalog)(PVOID hCatAdmin, WCHAR* pwszCatalogFile, WCHAR* pwszSelectBaseName,DWORD dwFlags); typedef BOOL (__stdcall* PCryptCATAdminReleaseCatalogContext)( PVOID hCatAdmin, PVOID hCatInfo, DWORD dwFlags); typedef struct wintrust_functions{ PCryptCATAdminAcquireContext pCryptCATAdminAcquireContext; PCryptCATAdminReleaseContext pCryptCATAdminReleaseContext; PCryptCATAdminAddCatalog pCryptCATAdminAddCatalog; PCryptCATAdminReleaseCatalogContext pCryptCATAdminReleaseCatalogContext; }WINTRUST_FCT; void Char2Wchar(char* cmdline,unsigned int Srcsizem,char* wcmdline,unsigned int DestSize) { int i = 0; memset(wcmdline,0x0,DestSize); for(i=0;i<strlen(cmdline);i++) wcmdline[i*2]=cmdline[i]; } int hhls_GetWinTrustFct(WINTRUST_FCT * fct) { HMODULE wintrust; wintrust = LoadLibrary("wintrust.dll"); if( NULL == wintrust ){ printf("can not load wintrust.dll\n"); exit(0); } fct->pCryptCATAdminAcquireContext = (PCryptCATAdminAcquireContext)GetProcAddress(wintrust,"CryptCATAdminAcquireContext"); if( NULL == fct->pCryptCATAdminAcquireContext ){ printf("can not get address for CryptCATAdminAcquireContext\n"); exit(0); } fct->pCryptCATAdminReleaseContext = (PCryptCATAdminReleaseContext)GetProcAddress(wintrust,"CryptCATAdminReleaseContext"); if( NULL == fct->pCryptCATAdminReleaseContext ){ printf("can not get address for CryptCATAdminReleaseContext\n"); exit(0); } fct->pCryptCATAdminAddCatalog = (PCryptCATAdminAddCatalog)GetProcAddress(wintrust,"CryptCATAdminAddCatalog"); if( NULL == fct->pCryptCATAdminAddCatalog ){ printf("can not get address for CryptCATAdminAddCatalog\n"); exit(0); } fct->pCryptCATAdminReleaseCatalogContext = (PCryptCATAdminReleaseCatalogContext)GetProcAddress(wintrust,"CryptCATAdminReleaseCatalogContext"); if( NULL == fct->pCryptCATAdminReleaseCatalogContext ){ printf("can not get address for CryptCATAdminReleaseCatalogContext\n"); exit(0); } return 1; } int main(int argc, char* argv[]) { WINTRUST_FCT wintrust; int status; PVOID catAdmin; PVOID hcat; char wPath[2*MAX_PATH]={0}; printf("usage: instcat <full_path_to_cat\catfilename.cat>\n"); if( argc != 2 ){ printf("usage: instcat <full_path_to_cat\catfilename.cat>\n"); exit(0); } hhls_GetWinTrustFct(&wintrust); if( FALSE == wintrust.pCryptCATAdminAcquireContext(&catAdmin,NULL,0)){ printf("CryptCATAdminAcquireContext failed error %d\n",GetLastError()); exit(1); } Char2Wchar(argv[1],strlen(argv[1]),wPath,MAX_PATH); hcat = wintrust.pCryptCATAdminAddCatalog(catAdmin,wPath,NULL,0); if( NULL == hcat ){ printf("CryptCATAdminAddCatalog failed error %d\n",GetLastError()); exit(1); } if( FALSE == wintrust.pCryptCATAdminReleaseCatalogContext(catAdmin,hcat,0) ){ printf("CryptCATAdminReleaseCatalogContext failed error %d\n",GetLastError()); exit(1); } if( FALSE == wintrust.pCryptCATAdminReleaseContext(catAdmin,0) ){ printf("CryptCATAdminReleaseContext failed error %d\n",GetLastError()); exit(1); } printf("cat succesfully installed\n"); return 0; } after running the program and cat is added to the cat database I'm installing the driver by right clicking the mouse and choosing Install. Driver is copyed to system32\drivers and no message reporting errors occurs. when from command prompt I use sc start hardlock to load the driver Vista is reporting that driver is not sign. Anyone can help ? thanks horatiu Tag: enumerate handles Tag: 88134
  - 25
    - How to implement blocking ReadFile() call in the driver Hi all, I am implementing a driver for windows XP which interacts with a device and exposes that device to application via file interface (CreateFile(), ReadFile(), WriteFile() APIs). So now if a user application needs to communicate with the device then it opens file handle to the device \\Mydevice and then uses ReadFile() to read packets from the device and WriteFile() to write packets from the device. Problem is that this reading and writing can be done simulataneously using multiple threads (one thread for reading and one for writing). Currently in the reading thread I call ReadFile() to read packets from the device in a loop and if there are no packets to read I go to sleep for some time and then try reading the packets again. Code is like: While(TRUE) { if(ReadFile(m_hFile, buffer, MAX_BUFFER_SIZE, &bytesRead, NULL) == 0) { // An error } else { if(bytesRead > 0) { // Do something with the data } } Sleep(SOME_TIME); } I want to change my implementation of ReadFile() in the driver to a blocking ReadFile() so that my ReadFile() only returns when either there is a data packet or an error has occured (like for example I close the file handle from some other thread). May be its just a beginning level question, but if you could guide (some links or hints etc) me how can I do this, I will really appreciate. Thanks, Arsalan Tag: enumerate handles Tag: 88129

hi there,
I tried to make an aplication that monitors the handle of a process.
I used ZwQuerySystemInformation with the SytemHandleInformation class,
this returns a vector of Objects in the system associated with a
process ID of the process that holds the object. I managed to get the
object types easily, object names as well.
I just had an issue, how do I get the handles associated with each
object(for example u have the object for the current process PEPROCESS
cProcess, and you can call ObOpebObjectByPointer() and make a lot of
handles associated with that object with different security and
different access masks ). I managed to get object handle count, for
each object.
Or how can I get the handle_table associated with a process, I know
there is a function called ObReferenceProcessHandleTable but it is not
documented and I cannot import it from ntoskrnl.exe.
or
NTKERNELAPI
PHANDLE_TABLE
ExCreateHandleTable (
__in_opt struct _EPROCESS *Process
); but the same problem not documented, nowhere to get it from.
If u know other places I can get these function pointers from except
ntoskrnl.exe or ntdll.dll please help, or i u have any solutions to
this issue;
thank you in advance

Top