Monitoring calls from Z.exe to foo() in Y.sys, a driver

Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
 
32,392
4,155
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
Since you wrote the code for Y.sys (or is it mydriver.sys?), can't you put a debugger breakpoint at the first line in foo()? I don't have any experience debugging drivers, so this might not be the advice you're looking for.
 
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
 
32,392
4,155
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
Do you have the source code? If so, build your project in a debugger, with a breakpoint at the beginning of the function you're interested in.
 

Tom.G

Science Advisor
2,511
1,345
There at least used to be a way using Windows debuggers, don't know if it is still supported.

Try this link: https://www.microsoft.com/en-us/search?q=debugging+tools

Let us know if you find how it's done these days.

Cheers,
Tom
 
32,392
4,155
There at least used to be a way using Windows debuggers, don't know if it is still supported.
I'm pretty sure those debuggers are still supported.
 

Want to reply to this thread?

"Monitoring calls from Z.exe to foo() in Y.sys, a driver" You must log in or register to reply here.

Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving
Top