Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Upcoming OSR Seminars:

Writing WDF Drivers I: Core Concepts, Nashua, NH 15-19 May, 2017
Writing WDF Drivers II: Advanced Implementation Tech., Nashua, NH 23-26 May, 2017
Kernel Debugging and Crash Analysis, Dulles, VA 26-30 June, 2017
Windows Internals & Software Driver Development, Nashua, NH 24-28 July, 2017


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
20 Apr 17 11:32
Peter Scott
xxxxxx@kerneldrivers.com
Join Date: 17 Feb 2012
Posts To This List: 44
Re[2]: Windows Driver/Rootkit Development - function pointer - STATUS_INVALID_PARAMETER

As I said, make your patch routine very simple, do nothing other than=20 pass the parameters onto the real API. If the system works fine, then=20 move on to logging information. As for the name mangling, you could, for= =20 example, pass in a name such as "MyDriverName_(path to file)" Then in=20 your patch routine recognize the "MyDriverName_", remove it and pass the= =20 rest on to the real function. Again, this sort of thing is really ugly=20 and not supported in any way but it can work. Pete -- Kernel Drivers Windows File System and Device Driver Consulting www.KernelDrivers.com 866.263.9295 ------ Original Message ------ From: xxxxx@hotmail.com To: "Windows System Software Devs Interest List" <xxxxx@lists.osr.com> Sent: 4/20/2017 9:21:22 AM Subject: RE:[ntdev] Windows Driver/Rootkit Development - function=20 pointer - STATUS_INVALID_PARAMETER >What I'm currently doing in each hooked function is very simple. I just= =20 >log that the function was called and which process it was called by and= =20 >then call the original function. I don't understand what you mean by=20 >"name mangling", could you provide a more concrete example? How do I=20 >recognise that my code is calling the logger (or vice versa) as my code= =20 >(inc logger) is running as a driver, so the process making the call=20 >will appear as svchost.exe surely. > >--- >NTDEV is sponsored by OSR > >Visit the list online at:=20 ><http://www.osronline.com/showlists.cfm?list=3Dntdev> > >MONTHLY seminars on crash dump analysis, WDF, Windows internals and=20 <...excess quoted lines suppressed...>
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 12:05.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license