Questions tagged [irp]
I/O request packets (IRPs) are kernel mode structures that are used by Windows Driver Model (WDM) and Windows NT device drivers to communicate with each other and with the operating system.
22
questions
1
vote
0
answers
34
views
Why IRP_MJ_WRITE not trigger when do the file compressing?
I am devleoping the file filter driver on windows.
I want to detect the compressing operation on windows , so i listen the IRP_MJ_WRITE in my minifilter dirver and calculate the entropy to determine ...
- 103
0
votes
0
answers
23
views
How does meitools driver write structure information into intel ME (PCI device)?
I came across a Github repository: meitools. It is a forked repository from the original repository, which was built by some researchers that discovered a vulnerability within intel ME. Here there's a ...
0
votes
0
answers
168
views
How to solve the driver hanging on sending IRPs to delete EXE files which require Administrator authority?
I want to delete files by sending IRP via a WDK driver. It works well for deleting all files no matter *.pdf or *.pptx, except some EXEs which require Administrator to run, such as EXE installer and ...
- 1,273
0
votes
1
answer
682
views
copying data from user app to kernel driver via memcpy
ok i will just make things simple , how could i send and receive data from my user mode app to my kernel driver using shared memory . with an actual mutex to indicate whether my request is finished or ...
- 13
0
votes
1
answer
2k
views
Can i find out symbolic link of opened device, when process IRP_MJ_READ?
I have driver, that construct and return some data on IRP_MJ_READ request.
I use some symbolic link to open and read device, associated with driver.
The symbolic link is something like \\DosDevice\\...
- 1,293
-1
votes
1
answer
392
views
Windows IRP function call for opening and saving files
I'm currently working on a minifilter driver, and I need to intercept this kind of events :
Listing files inside a folder
Opening a file in an application
Closing this file
Modify and save the file
...
- 89
0
votes
0
answers
930
views
IRP_MJ_DEVICE_CONTROL — how to?
Coding a app using serial port, when debugging, I have been compelled to work with low level (link control) protocol.
And here my problems begun.
Sniffer gives me values:
IOCTL_SERIAL_SET_BAUD_RATE 80 ...
- 689
1
vote
0
answers
310
views
Keyboard Filter Driver BSOD
I do not understand why my source code is not working properly.
My source code is just a simple driver that just drops the IRP.
#include <wdm.h>
typedef struct
{
...
- 67
0
votes
1
answer
126
views
FS Development - KMDF Windows Driver [closed]
I am new here and am trying to develop a concept fs driver for the tar 'filesystem' (mount tar). My question is, how does the OS detect that a partition has the TAR filesystem and automatically load ...
1
vote
0
answers
35
views
I/O request flow, are APCs used for blocking requests as well?
I'm trying to fully understand the I/O request flow that happens when e.g. ReadFile is invoked. I'm aware of how the I/O-Manager creates an IRP and passes it down the driver-stack. Once the data has ...
- 463
1
vote
1
answer
660
views
How to view which IRP's handled by mini filter driver?
We register mini file system filter driver with fltmgr i.e filter manager in windows,and we register IRP for callbacks (preoperation and postoperation callbacks) in that.
As if we know its up-to us to ...
- 80
2
votes
1
answer
674
views
Windows File Filter Driver IRP callbacks not getting called
I have a file filter driver that is not receiving callbacks to the IRPs registered in DriverEntry. Has anyone had the problem where their PreOperation and PostOperation callbacks, registered with ...
- 65
0
votes
1
answer
2k
views
ST-LINK V2 USB driver WinUSB Access Denied
I have a Win7/64 development machine configured (by someone else I can't contact) to develop/debug an embedded project using an ST-LINK/V2 dongle. The PC detects and installs the dongle Ok but no ...
- 1
0
votes
1
answer
959
views
Renaming a file that will be deleted in a minifilter drivers IRP_MJ_CLEANUP preop callback
My goal is to overwrite a files contents and name just before it is deleted - wiping deleted files.
I am trying to use a minifilter driver and the pre-cleanup callback routine that gets called just ...
- 946
3
votes
1
answer
2k
views
How can I make IOCTL calls from a driver to another driver (not in the same stack) (on windows)
I want to make IOCTL call from a driver to another one which is totally different (not on the same stack)
I have checked on the net, but they only talk about how to send IOCTL to a lower driver, but ...
- 35