upper filter driver for disk.sys

Discussion in 'Windows Vista Drivers' started by Nidhi Malik, Sep 3, 2007.

  1. Nidhi Malik

    Nidhi Malik Guest

    Hi all,

    I have a sample filter driver . I want it to attach as upper filter driver
    for disk.sys. Also i have to control that driver from my user application.
    So that i can attach and remove that driver in stack from my application
    only.Can anybody help me as I am very new to driver development .

    Thanks in advance
    Nidhi
     
    Nidhi Malik, Sep 3, 2007
    #1
    1. Advertisements

  2. You cannot remove from there without disabling (and re-enabling) the disk
    stack, which will usually require a reboot.

    You can only switch the filter to "do-nothing" mode.
     
    Maxim S. Shatskih, Sep 3, 2007
    #2
    1. Advertisements

  3. Is it possible to re-assign the contents of pDriverObject->MajorFunction[]
    long after DriverEntry is called? What happens if I do that?

    --
    Sincerely,
    Maruf Maniruzzaman,
    Software Engineer,
    KAZ Software Limited,
    Dhaka, Bangladesh.
    http://kaz.com.bd
    http://kuashaonline.com

    This posting is provided "AS IS", and confers no rights.
     
    Maruf Maniruzzaman, Sep 3, 2007
    #3
  4. Nidhi Malik

    Don Burn Guest

    While it is possible, there are unfortunately enought poorly written
    drivers (some of the major anti-virus firms come to mind) that will dip
    into the structure to cause problems. Instead it is better to have a
    wrapper function that redirects the calls to where you want them, this is
    safe and clean.


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Website: http://www.windrvr.com
    Blog: http://msmvps.com/blogs/WinDrvr
    Remove StopSpam to reply
     
    Don Burn, Sep 3, 2007
    #4
  5. The reassigning is not needed and it cannot be made, as there is not
    opportunity to synchronize access to the DriverObject->MajorFunction[]
    array.
    In a case when a driver should not do anything, it can simply forward
    irps down in the stack.
     
    Vladimir Zinin, Sep 3, 2007
    #5
  6. Why do I need to synchronize? Can't I assign the function pointer in an
    atomic step?

    --
    Sincerely,
    Maruf Maniruzzaman,
    Software Engineer,
    KAZ Software Limited,
    Dhaka, Bangladesh.
    http://kaz.com.bd
    http://kuashaonline.com

    This posting is provided "AS IS", and confers no rights.
     
    Maruf Maniruzzaman, Sep 3, 2007
    #6
  7. Nidhi Malik

    Don Burn Guest

    Yes theoretically, though Vladimir is basically correct. Even if you do it
    atomically, you have to worry about about potentially the need to have two
    functions swapped at the same time. That does not even count, the fact I
    mentioned in my earlier post that there are idiots who reach into the
    device object and save the pointers and do other really stupid things.

    If there was some great advantage of doing the vectoring at the device
    object array this might make sense, but there is not and the safety you
    gain by a few instruction wrapper function makes a question like this
    stupid.


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Website: http://www.windrvr.com
    Blog: http://msmvps.com/blogs/WinDrvr
    Remove StopSpam to reply
     
    Don Burn, Sep 3, 2007
    #7
  8. But if any MajorFunction pointer is cached by some system component? If
    you want to reassign this functions then it's better, as Don Burn said,
    to use a wrapper function.
     
    Vladimir Zinin, Sep 3, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.