PDA

View Full Version : Driver Tracing


anthrazius
April 2nd, 2012, 08:25
I want to analyse the code of a driver that gets 'called' within another program via Kernel32-DeviceIOControl function.

First I tried to trace the DeviceIOControl-function until it calls the driver routine, but apparently there is lots of Windows-code before the driver-code is actually called.

I have no idea about this driver stuff, but since Windows knows the address of the driver routine I was wondering if there is an easy way to obtain the address, maybe directly from the driver file?

Best regards

Kayaker
April 2nd, 2012, 09:21
Hi

A brief start that might help

http://www.woodmann.com/forum/showthread.php?14561-Had-to-say&p=91470#post91470

anthrazius
April 2nd, 2012, 09:36
Oh yes...

Thanks a lot

bilbo
April 2nd, 2012, 15:01
...and to make some practice after all that nice theory...http://www.woodmann.com/collaborative/tools/index.php/Categoryriver_%26_IRP_Monitoring_Tools

(by the way, I have just added IRP Tracker... I hope I wasn't wrong...)

Best regards, bilbo

Kayaker
April 2nd, 2012, 15:53
Thanks for adding that Bilbo

JMI
April 3rd, 2012, 02:18
Had to chuckle.

My tired eyes originally read the Tread Title as: "Driver Training."

Boy that was a LOOOONG time ago for me.

Carry on, pardon the sidetrack.

Regards,