Need Help in writing a Windows device driver
-
Hi, I am new to this device driver development field. I am asked to write a Windows device driver for capturing the kernel system calls for any particular Win32 API call. For example, There is one MFC Dialog based application which will call the Win32 API(Ex: CreateFile() with proper arguments) At the same time the device driver should capture all the Kernel system calls which are called corresponding to the CreateFile() API. Those Kernel system call I need to display on the GUI of my appllication at real time. Please share any Article or the guide me in acheiveing this. Any help will be of great help. Thanks in advance.
-
Hi, I am new to this device driver development field. I am asked to write a Windows device driver for capturing the kernel system calls for any particular Win32 API call. For example, There is one MFC Dialog based application which will call the Win32 API(Ex: CreateFile() with proper arguments) At the same time the device driver should capture all the Kernel system calls which are called corresponding to the CreateFile() API. Those Kernel system call I need to display on the GUI of my appllication at real time. Please share any Article or the guide me in acheiveing this. Any help will be of great help. Thanks in advance.
A device driver is a software that accesses a device (some kind of real or virtual hardware). What you are looking for is called API hooking or API monitoring (just search the web for these terms combined with C++ and Windows). Some links: API hooking revealed[^] EasyHook[^] Windows File Monitoring System Using Windows API Hooking[^]
-
Hi, I am new to this device driver development field. I am asked to write a Windows device driver for capturing the kernel system calls for any particular Win32 API call. For example, There is one MFC Dialog based application which will call the Win32 API(Ex: CreateFile() with proper arguments) At the same time the device driver should capture all the Kernel system calls which are called corresponding to the CreateFile() API. Those Kernel system call I need to display on the GUI of my appllication at real time. Please share any Article or the guide me in acheiveing this. Any help will be of great help. Thanks in advance.
windows - How does Microsoft Detours work and how do I use it to get a stack trace? - Stack Overflow[^] Contains references to open-source packages to achieve the same. --edit This would of course mean that extra code is processed for each hooked call, slowing down the entire OS. Also, Windows is not a real-time OS.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
windows - How does Microsoft Detours work and how do I use it to get a stack trace? - Stack Overflow[^] Contains references to open-source packages to achieve the same. --edit This would of course mean that extra code is processed for each hooked call, slowing down the entire OS. Also, Windows is not a real-time OS.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
Thanks Eddy, I tried to explore WinAPIOverride. Will this application display Kernel System calls? I doubt. It is showing some addresses in the call stack, but not the actual system calls name. Is is possible to get the names of the kernel system calls? Thanks in advance.
-
Thanks Eddy, I tried to explore WinAPIOverride. Will this application display Kernel System calls? I doubt. It is showing some addresses in the call stack, but not the actual system calls name. Is is possible to get the names of the kernel system calls? Thanks in advance.
CmyLife wrote:
Is is possible to get the names of the kernel system calls?
Those aren't included in the code. You can use "depends" to find the address of the method you're looking for. See WinApiOverride Frenquent Asked Questions[^] and Dependency Walker (depends.exe) Home Page[^]
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)