Device driver Vs NT Service

shoeb wrote:
> I am developing a devicelock project and i want to do it without device
> driver. I am planning to develop a NT service that the server will install
> on the client machines . The service will make use of Setup APIs to
> enable/disable the devices. The service will perform the following
> operations:
>
>
>
> i) Disable/enable the devices depending upon the user
>
> ii) Implement hooks for preventing users from
> enabling/disabling devices through device manager or through registry and
> uninstalling service.

You are not the first with that idea. From the lack of free tools
available i would guess that it does not work.
From my experiments i know that CM_Request_Device_Eject for USB sticks
has delays of 30 secs and more if called without dialog option for example.

> The service will perform the following operations:

> Disable/enable the devices depending upon the user

No problem here whatsoever....

> ii) Implement hooks for preventing users from
> enabling/disabling devices through device manager or through registry and
> uninstalling service.

User-mode program X just cannot deny user-mode program Y access to the
registry or to some certain API, either by "supported" means or otherwise
-although it can try, these efforts still may be fruitless, because there is
always a way to bypass your code. In order to be 100% sure, you need a
driver.

However, "good" drivers never block registry access, because the system
would not permit restricted accounts to either modify device access
permitions or uninstall services anyway, and the ones with admin privileges
should be able to do whatever they want on the target machine. The only type
of "software" that stands in admin's way is generally known as MALWARE

Anton Bassov





"shoeb" wrote:

> I am developing a devicelock project and i want to do it without device
> driver. I am planning to develop a NT service that the server will install
> on the client machines . The service will make use of Setup APIs to
> enable/disable the devices. The service will perform the following
> operations:
>
>
>
> i) Disable/enable the devices depending upon the user
>
> ii) Implement hooks for preventing users from
> enabling/disabling devices through device manager or through registry and
> uninstalling service.
>
>
>
> could anybody please tell me what are the benefits of doing this project
> using device drivers over the NT service that i am planning to implement.
>
>
>
> Client machines will be windows 2000 and above
>
>
>
> thanks
>
>
>
>
>
>
>
>
>

I am developing a devicelock project and i want to do it without device
driver. I am planning to develop a NT service that the server will install
on the client machines . The service will make use of Setup APIs to
enable/disable the devices. The service will perform the following
operations:



i) Disable/enable the devices depending upon the user

ii) Implement hooks for preventing users from
enabling/disabling devices through device manager or through registry and
uninstalling service.



could anybody please tell me what are the benefits of doing this project
using device drivers over the NT service that i am planning to implement.



Client machines will be windows 2000 and above



thanks

what if i implement the hooks in a kernel mode program and rest of the
functions in service. would it be fine? what i want is minimal or no device
driver coz i dont have the required resource. i need only a competitive
device-blocker not the one that is hardest to crack. i am planning to work
on crack-proofing in later releases
thanks


"Anton Bassov" <> wrote in message
news:F814D356-17A8-44B6-B647-...
> > The service will perform the following operations:
>
> > Disable/enable the devices depending upon the user
>
> No problem here whatsoever....
>
> > ii) Implement hooks for preventing users from
> > enabling/disabling devices through device manager or through registry
and
> > uninstalling service.
>
> User-mode program X just cannot deny user-mode program Y access to the
> registry or to some certain API, either by "supported" means or otherwise
> -although it can try, these efforts still may be fruitless, because there
is
> always a way to bypass your code. In order to be 100% sure, you need a
> driver.
>
> However, "good" drivers never block registry access, because the system
> would not permit restricted accounts to either modify device access
> permitions or uninstall services anyway, and the ones with admin
privileges
> should be able to do whatever they want on the target machine. The only
type
> of "software" that stands in admin's way is generally known as MALWARE
>
> Anton Bassov
>
>
>
>
>
> "shoeb" wrote:
>
> > I am developing a devicelock project and i want to do it without device
> > driver. I am planning to develop a NT service that the server will
install
> > on the client machines . The service will make use of Setup APIs to
> > enable/disable the devices. The service will perform the following
> > operations:
> >
> >
> >
> > i) Disable/enable the devices depending upon the user
> >
> > ii) Implement hooks for preventing users from
> > enabling/disabling devices through device manager or through registry
and
> > uninstalling service.
> >
> >
> >
> > could anybody please tell me what are the benefits of doing this
project
> > using device drivers over the NT service that i am planning to
implement.
> >
> >
> >
> > Client machines will be windows 2000 and above
> >
> >
> >
> > thanks
> >
> >
> >
> >
> >
> >
> >
> >
> >