You've GOTTA check out this cool new utility! IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations.
Use it as a learning tool if you're wondering how different devices/drivers interact or handle certain typs of I/O. Or, use it as a debugging tool (i.e. why does this I/O request succeed, but this one fails?). "Supported" on?XP?through Windows 7.
What's new in IrpTracker V2.20
Fixed Win7 crash when tracking NTAPI calls
What's new in IrpTracker V2.19
Added support for Windows 7 as well as SCSI Request Block decoding in the IRP details view for IRP_MJ_SCSI requests.
What's new in IrpTracker V2.18
Added support for Windows Vista RC1
What's new in IrpTracker V2.1
IrpTracker now includes the ability to track Native API calls that can result in IRPs being sent to a device stack. When the NTAPI option is enabled and a device near the top of a device stack is selected, IrpTracker will show the user mode application's Native API calls that generate the IRPs being sent to the stack.
Added the ablitity to track devices by driver name. This allows you to enter a driver name in before the driver is loaded and automatically track the devices that the driver subsequently creates.
Added Windows Server 2003 SP1 support
Please send any of your likes, dislikes, bugs, requests and rants to firstname.lastname@example.org.
What's new in IrpTracker V1.3
Added the ability to save the display contents to a file
IrpTracker now comes with a WinDBG extension DLL that allows you to dump the driver's in memory tracking records in the event of a system crash
What's new in IrpTracker V1.2
IrpTracker now tracks completion routine processing! Completion routines now show up in the main application window labeled as "CompRoutine". The amount of data collected while the IRP travels up the stack is minimal, so a full view of the IRP is not available by double clicking a "CompRoutine" entry (This information is still available on all "Call" and "Comp" rows).
IrpTracker is now compatible with Driver Verifier. The tracking data displayed for a device is now fully correct when Verifier is running on any driver in the system
Various UI bug fixes
Fixed reported load error bug
||Windows XP, Server 2003, Windows Vista, Windows 7|
?IrpTracker V2.20 x86 Zip Archive, 194KB
Number Of Downloads
This utility has been downloaded 30909 times.
Rate this utility and tell the community how well you like it. Is it a worthwhile download? Does it work as described?? Does it help you in your job as a driver writer or tester?
Click Here To Post Your Comment
"Win 8 and Later and ARM Not Supported"
We're aware that this utility doesn't work on Win8 and later... and that it also doesn't work on ARM.
This is a diagnostic utility that does uses some pretty serious hacks to enable it to work without using a filter driver (which is a major goal for the utility). Those hacks require that we work around Patch Guard, and Patch Guard is becoming increasingly effective at preventing exactly the sorts of things that this utility does.
We don't have any immediate plans to update this utility. We may do so, but as of now we hope you enjoy using it on Win7.
14-Oct-15, Peter Viscarola
New to OSR...is there some way that source code is provided?
02-Sep-11, Akshay Kadam
Why OSR does not want to make this valuable utility working on 64-bit system? 64-bit Windows has been installed on more and more computers.
09-Aug-11, Michael Zhu
"RE: Print IoControlCode for DEVICE_CONTROL?"
If you double click the IRP entry in the display we'll tell you what the device control is (we even interpret it and look up the constant value). Having it in the display itself would be a good feature though.
11-Jul-11, Scott Noone
"Print IoControlCode for DEVICE_CONTROL?"
Is it possible to print IoControlCode for DEVICE_CONTROL requests? Would be totally awesome!
11-Jul-11, Alex S
Lots of folks have asked about 64-bit support. The answer is: We have no plans for a 64-bit version of this utility at the present time.
01-Sep-10, Peter Viscarola
"IrpTracker for AMD64"
Hi, it's really a cool utility - but: is there a version available which supports AMD64/x64 architecture?
I would need this tool on a Server 2008 R2 box. And this OS is no longer available in a 32 bit version.
13-Apr-10, Andreas Dietrich
"IrpTracker 2.20 Error"
I'm using win 2OOO SP4 and have "Not a valid win32 application" message and "can't load objinf driver" message when using V2.18
25-Feb-10, ahmed morjane
"RE: Monitor newly created devices?"
There already is an option to do this, albeit not exactly what you're looking for.
If you go to the "Track Driver" option under the File menu, then you can enter the name of a driver that you want to track all of the devices for. This works even if the driver isn't loaded yet.
30-Nov-09, Scott Noone
"Monitor newly created devices?"
It would be great if this tool could monitor newly created devices instead of just existing ones. Here's an example of why it would be useful: I have a malware sample that loads a driver as soon as it executes. The driver creates a device, and then the user mode components starts communicating with the driver using IRPs. I would like to start IrpTracker, launch the malware, and observe which IRPs it sends.
Are there any plans to add a feature that can automatically add new devices to the monitoring queue?
28-Nov-09, michael hale
"RE: IrpTracker V2.18 on Windows7"
Version 2.19 now supports Windows 7
12-Nov-09, Scott Noone
It will be greate thing to implement CMI for this tool!
25-Nov-08, Andrey Prirez
"Timestamps saved in log?"
Is it just me, or has anyone else noticed that the Timestamp displayed in the UI is not saved in the log file? If this is a bug (not just me), is there any possibility of a fix?
16-Jul-07, John Garrett
"RE: IrpTracker V2.18 Error"
You need to be running an up to date version of Win2K (SP4+Hotfixes)
05-Dec-06, Scott Noone
"IrpTracker V2.18 Error"
IrpSys.sys cannot find insertion point for PsGetProcessImageFileName in ntoskrnl.exe (message box repeated two times)
Error Unable to load device driver! :(
I'm using Windows 2000 pro 5.00.2195 (italian Nls) with SP3 on a PIII (900MHz) machine. In the spare time, could you tell me what's wrong ? FLOC
For Love Of Completeness...thank in advance and best regards
29-Nov-06, Hackeronte de Bugger
"Filter by process name"
The tool is great. I was wondering whether it is possible to filter the irptracker by process name or id.
15-Feb-06, eran borovik
"IrpTracker on win2003 SP1"
Nice tool, use it on win2003 system, wasn't able to run it on win2003 SP1 I got "Unable to initialize device driver!"
23-May-05, Radu Vines
"IRPTracker for Win98SE"
Ah...there *may* be, but it surely wouldn't be something developed by OSR.
17-Nov-04, Daniel Root
"RE: Filesystem driver objects"
Yup, you're right, it's only checking the \Driver\ namespace. I'll get this fixed in the next release. Thanks!
03-Sep-04, Scott Noone
"Filesystem driver objects"
I can't get output for newly created device objects for file system drivers. Probably IrpTracker scans only Driver Object Manager subdirectory. Could you add scanning for file system drivers in FileSystem subdirectory in such case?
03-Sep-04, Oleksiy Shatylo
"How to enumerate the Driver tree"
What API's are used to enumerate the driver tree as in which drivers are present in what stacks on the system. The tool is a great one..
21-Jun-04, Sunil Pandita
"RE: Port to NTV4 or Win2K?"
Absolutely no plans, ever, to make this run on NTV4.
If there were enough people who begged, pleaded, and whined we might consider a Win2K port. Maybe. But that's definitely not in our current plans, and would require SNoone to be in a particularly good mood and have nothing more pressing to do.
Sorry, but ports of this utility to down-rev platforms would require real work.
18-Mar-04, Peter Viscarola
"Support for legacy OS's"
Any plans to port this for NT4 or Win2K?
18-Mar-04, Delmont Fredricks
Is there any utility like this for Win2K?
03-Mar-04, Steve Jones
"Selecting a Device"
This is a great utility. I like that fact that it does not disturb the PnP Manager.
To be useful in what I'm doing at the moment, I would need a way to select a device that I know is going to be plugged into the PC so that PnP IRPs occuring because of a new event could be monitored. If that is possible now, I don't know how to do it.
12-Aug-03, David Voeller