Results 1 to 2 of 2

Thread: Help: Coding Filter Drivers on winnt/2k problem

  1. #1

    Help: Coding Filter Drivers on winnt/2k problem

    Hi everyone,
    It seems that im asking alot these days.
    All asm problems now solved and link correctly. My problem lies in something that i couldnt get from the DDK or the books that i have access to.

    Let me explain the problem:

    1- I made this filter driver and it attaches itself perfectly and detaches as well.
    2- it intercepts all the calls that I want it to.
    3- Depending on what I want, I either pass the request along to the next driver on the heirarchy or I do some processing.
    4- Sometimes when im processing I need to call the target driver/lower on the stack ( the one am attached to) to do some work for me.
    5- passing the requst down directly works fine.
    6- Completing the request myself after some processing works fine.
    7- The problem is that sometimes when im processing i need to call the attachd driver to do somework for me. And i need it to return to where i called it, not through a completion routine. The target driver does invoke IoCompleteRequest on the IRP. This doesnt work for me and i dont know why as the machine resets before emitting any bugcheck or telling that there was a problem.
    8- i did try almost everything that i can think of but no luck.

    Im using Driver::Works to do the coding and here is the psoudo code for what im doing.
    request is started as ReadFile operation(passes a buffer)
    In the filter driver:
    1 - get pointer to buffer supplied by the originator of request.(Lock buffer and map it to user space)
    2 - decrypt buffer.
    3 - if need to call target device(Im attached to it)
    UnMap buffer and unlock it.
    *IoGetNextIrpStackLocation(m_Irp) =
    call target device(target will invoke IoCompleteRequest())
    Lock/Map again.
    This doesnt work, It causes the machine to reset.
    Why does it do that? The problem doesnt occur if i dont call target device. Is the I/O manager deleting the whole IRP? I need the buffer after the changes that should have been done at the target device

    Please help if you can understand my problem.


    PS - Im willing to show the actuall code that i wrote.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    When IoCompleteRequest is called , that IRP is gone. NT nature is asyncronous , never forget that.
    My advice is to build and roll down your own IRPs , if I understoo right your problem. Also quit using Driver Works it suxs , and youll learn more about NT's nature by using DDK kit directly.
    In the future post this kind of question to NTKERNEL devel newsgroups, there you can find
    real help , here you wont really find any NT experts.

    Mail me directly and I can help you with some resources.

    Ice [UKC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Ollydbg 2 Coding help
    By ragdog in forum OllyDbg Support Forums
    Replies: 0
    Last Post: October 4th, 2011, 04:45
  2. Filter Monitor 1.0.1
    By Daniel Pistelli in forum Blogs Forum
    Replies: 4
    Last Post: October 20th, 2009, 05:26
  3. softice 4.o5 winnt and XP
    By bestobest in forum The Newbie Forum
    Replies: 0
    Last Post: January 20th, 2005, 19:02
  4. Flexlm Crypt Filter ??
    By Mark in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 15th, 2001, 20:56
  5. Coding a Trainer: Hotkey problem, please help :)
    By Predator [PC/pGC] in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: December 11th, 2000, 03:31


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts