I have been already googling and looking arond in here already.
I found no similar question/answer regarding this topic.
I also think,this is not possible. But I could be wrong.
History :
Out if simple interest I just started to study an good old fashioned book by g. hoglund. It is called rootkits - subverting the windows kernel.
I just wanted to learn more about windows internals, but most important for me was, that I would like to get started somewhere to develop drivers and also learn about the history of driver development.
Status:
I decided and already started to write a nice ui tool with win32 api to load, register and unload my "out of the tutorial "legacy nt drivers for wxp on my virtual machine.
Now I also thought about the possibility, not only to select a driver and load it to see its debug outputs, but also issue some commands, to invoke the major functions.
And I saw : You can define more than one device inside the source file(s).( this is surely not widely used, but it is possible ).
Question:
I would like to know, whether anybody ever made an attempt to read any of the DeviceObjects declared globally inside the .sys file and if this person succeeded.
THX in advance.
Related
Well, I wrote a code for File I/O with Win32 API.
(I'm using Visual studio 2013)
It just gets two file name(one for source, one for destination) and duplicate one to another.
I used CreateFile, ReadFile, WriteFile.
It's functionally simple. It's not problem. But..
I wanna SEE the system call in these function being called in debugger.
How can I do this?
with Call stack? Disassembler?
So you want to be able to debug not only your own code but also the API itself.
There are different ways to do that.
At the simplest level, just use the debugger from VS2013. You won't be able to trace into kernel code, but all the user level code in the API. But of course as you will use a non debug version of Windows with no symbol table you will only see low-level machine code (*).
If you really want to go deeper, you will have to use the Debugging Tools for Windows. As you say you want to debug system calls, my advice would be to use the Windows Driver Kit, the Windows Symbols, and if you really go down to kernel mode the Windows Remote Debugging Client for Windows (all those tools are available from Windows Dev Center).
All those tools integrate nicely in VisualStudio, but be prepared to hard low level work :-)
(*) You can also use the Microsof Symbol Server to access windows symbolic information - thanks to IInspectable for his comment. But I've never tested.
Language: C
OS: Windows
My application is framed with nt level apis and has to manipulate file and directory handles.
On a Zwopenfile or zwcreate file, I get a HANDLE as a result. Usually the values for the HANDLE are like 0x00000024, 28,2c... etc.
When I cast it as a LPBYTE to view the contents. Visual studio shows "Expression could not be evaluated". I understood from that the HANDLE returned from create/open file apis are not pointers to a memory location. However, windows uses the value and performing file operations.
Ntquerydirectory object supplies me the infomation about handles. However, how windows have implemented this functionality is unknown.
Can anyone throw light on it.
That's a so-called "opaque value" which means "it's completely up to Windows how it is done inside. For example, it could be an index in some global table that is not accessible directly to your program - Windows just knows how to get there and you shouldn't even think of doing it.
Handles are stored in a table accessible only from kernel code. If you are interested in how Windows kernel works, you may find Mark Russinovitch blog or driver development interesting.
The last book I know of that was a good reference for this kind of stuff was Inside Windows 2000 by Mark E. Russinovitch and David A. Solomon. While clearly out of date, a lot of that book is still relevant. Google for "Inside Windows 7" for links to videos of talks by Russinovitch and some other books that I can't vouch for, but seem on topic.
HANDLE is actually a pointer to a struct that contains various fields, often they point to some kernel object. HANDLES are generally used when programming in C to have a notion of object oriented programming.
When debugging with WinDbg you have an extension called !handle that can display various information about a given handle.
The book Windows Internals (by Mark Russinovich) goes into great detail about this and many other Windows' mechanisms.
Perhaps you will find this discussion useful: What is a Windows Handle?
Also check out this blog post by Mark: http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx. It contains alot of information which could help you answer your question.
I need to make application which gathers basic data about system, like OS version, processor & memory type, data about installed programs...
Application will be written in c and will work on Win Server 2000 and 2003. So first thing on my mind was WinApi, but i can not find any tutorials for these things, every tutorial i found is about UserInterfaces and i do not need that.
So any help would be appreciated.
EDIT: Couple of things are answered below, and i will use WMI with WinApi, but still i dont know how to get detailed properties from any .exe program on windows??
WMI is likely what you need for some stuff. Not a fun API. The tool Hans refers to would be useful - even if you have to port the generated C# code back to C.
The following Win32 APIs are likely to help you:
OS Version: GetVersionEx and OSVERSIONINFOEX
CPU Info: cpuid (either write it in assembly, or call the compiler intrinsic)
Alternate CPU Info: Just look at the registry key in HKLM\Hardware\DESCRIPTION\System\CentralProcessor (1 subkey for each logical processor, each key is a cache of what cpuid returns + processor speed is listed as well).
Memory: GlobalMemoryStatusEx
This isn't covered by the Winapi, you need WMI (Windows Management Instrumentation). To get started on the kind of queries you can run, experiment with the WMI Code Creator tool. It can auto-generate the code you need. Not in C, you'll find that quite an awkward language for WMI.
You probably also want to know about the book Windows Internals, from the same folk who make a wide range of cool utilities for poking under the hood.
For Processor Information call
GetLogicalProcessorInformation.
Be Aware that this is not supported on all machines. So its better to call the DLL dynamically. Otherwise your program wont run on such machines. This example show how to do this
This is my first embedded project, so bear with my ignorance. I've been asked to implement Remote NDIS over USB, using the ColdFire USB-Lite stack by CMX. I've been searching for a long time now, and can't find any clear documentation for this stack.
It comes with some woefully documented sample code and the only useful resource I've been able to find online is this Application Note (PDF) by Eric Gregori.
What I really want is an explanation of all the functions in the API. I can work out how to use them. Does this exist? Can someone point me to it?
EDIT: Nevermind.
After tracing the execution across 14 half-documented source files (from the example program) and scrutinizing a bunch of undocumented variables and buffers, and doing a diff between corresponding files in different projects, I think I finally get it. So I guess stackoverflow.com taught me patience... or something.
The link you referred to doesn't work for me, but the name of the file made me look at the Freescale pages, and if that's not the document you intended to link to, it might be the documentation you need.
I'm trying to find a basic example, tutorial, or blog post on how to write a printer port monitor. I downloaded the Windows DDK and dug through localmon, but it appears that this sample is much more complex than just the nuts and bolts basics and from my understanding it is a bit different than an OEM port monitor because of how it handles the registry key and port enumeration. Does anyone know of a blog post, tutorial, or even book that walks the reader through the basic code to get one up and going? I've found a few links talking about the conceptual stuff, but nothing that is hands on code.
I can recomend http://www.codeproject.com/KB/printing/wpa.aspx, which describes how to write a printer driver and also has good hints about what's necessary to build a port monitor.
But my opinion is that a good tutorial in this area is not available on the Internet (I would be glad to find somebody who can show me that I'm wrong). So, when I had to deal with this task I was forced to do it the hard way: I've read carefully the MSDN explanations starting from this point: http://msdn.microsoft.com/en-us/library/ff561109.aspx. In parallel with reading MSDN I also checked the code in DDK you mentioned and try to understand it. I'm sure this solution could also work for you.
I wrote mine from the specs, there aren't really that many API's to implement.
The one thing that regularaly trips people up is EnumPorts, the spooler allocates enough memory for ALL the ports, not just yours. So you need to make sure you fill any strings from the end of the spoolers buffer, don't put them straight after your structures.
It doesn't say so in the specs but you can safely put the UI and Server functions in the same DLL.
It's also possible to create a single port monitor that supports NT and the later Windows 2000 type port monitors.
The code in RedMon is much easier to read than the localmon example, it's worth looking at before you start. It's quite nice because you can compile it in VS, you don't need to use the DDK to build it.
I have been over that exact same territory for a serial printer. About the best example I found was this article in Dr Dobbs Journal. The good part is that both a serial port driver and the user-space control program are covered and the project can also be used as an example of how to set up Visual Studio to compile a driver. This is also something a little difficult to find information about. The article discusses an old NT style driver, which worked well for me on XP.
There are quite a few good articles on CodeProject about writing drivers and programs to interact with them. They include source code and most deal with the newer WDM and WDF style drivers.
OSROnline is another good source, especially for discussion of specific issues and common mistakes. They also have some great utilities you will need.
Some of the most clearly written and understandable driver code I came across was Mark Russinovich's sample code. Although Microsoft withdrew all of the source when they purchased Sysinternals, some of the best examples can still be found cached here and there.
Drivers are pretty interesting. Whatever else you do though, do it in a virtual machine. Really.