Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Monthly Seminars at OSR Headquarters

East Coast USA
Windows Internals and SW Drivers, Dulles (Sterling) VA, 9 April 2018

Writing WDF Drivers I: Core Concepts, Manchester, NH, 7 May 2018

Kernel Debugging & Crash Analysis for Windows, Manchester, NH, 21 May 2018


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
20 Apr 17 11:32
Peter Scott
xxxxxx@kerneldrivers.com
Join Date: 17 Feb 2012
Posts To This List: 49
Re[2]: Windows Driver/Rootkit Development - function pointer - STATUS_INVALID_PARAMETER

As I said, make your patch routine very simple, do nothing other than pass the parameters onto the real API. If the system works fine, then move on to logging information. As for the name mangling, you could, for=20 example, pass in a name such as "MyDriverName_(path to file)" Then in your patch routine recognize the "MyDriverName_", remove it and pass the=20 rest on to the real function. Again, this sort of thing is really ugly and not supported in any way but it can work. Pete -- Kernel Drivers Windows File System and Device Driver Consulting www.KernelDrivers.com 866.263.9295 ------ Original Message ------ From: xxxxx@hotmail.com To: "Windows System Software Devs Interest List" <xxxxx@lists.osr.com> Sent: 4/20/2017 9:21:22 AM Subject: RE:[ntdev] Windows Driver/Rootkit Development - function pointer - STATUS_INVALID_PARAMETER >What I'm currently doing in each hooked function is very simple. I just=20 >log that the function was called and which process it was called by and=20 >then call the original function. I don't understand what you mean by >"name mangling", could you provide a more concrete example? How do I >recognise that my code is calling the logger (or vice versa) as my code=20 >(inc logger) is running as a driver, so the process making the call >will appear as svchost.exe surely. > >--- >NTDEV is sponsored by OSR <...excess quoted lines suppressed...>
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 17:00.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license