Identifying Unusual IOCTL Device Types
(By: Hector J. Rodriguez | Published: 31-Jul-01| Modified: 09-Oct-02)
You may have seen some strange IOCTLs pass through your driver, and tried to figure out where they're from. You break down the IOCTL, and you find the DeviceType field doesn't match one of the many listed FILE_DEVICE_xxx values, as you expected it would. For example, you see DeviceType values of 0x66, 0x56, or even 0x4d and 0x6d.
You need to be a bit creative to decode these. For example, 0x66 is the ASCII code for "f". If you look at \ddk\inc\ntddft.h you'll see that this the device type used by the NTFT driver. You'll find the same thing holds true for 0x56 ("V") the device type for volumes. Device type "M" and "m" are both used by the mount point manager.
was printed from OSR Online http://www.osronline.com
Copyright 2017 OSR Open Systems Resources, Inc.