Monitoring calls from Z.exe to foo() in Y.sys, a driver

  • Thread starter Thread starter Superposed_Cat
  • Start date Start date
Click For Summary
SUMMARY

This discussion focuses on monitoring API calls from a program Z.exe to a driver function foo() located in Y.sys for a USB device X. The user seeks methods to identify calls to mydriver.sys and retrieve the function name, particularly when foo() is not a built-in Win32 library call. Suggestions include setting a debugger breakpoint at the start of foo() if the source code is available, and utilizing Windows debugging tools for this purpose. The conversation emphasizes the importance of debugging techniques in driver development.

PREREQUISITES
  • Understanding of Windows driver architecture
  • Familiarity with debugging tools for Windows, such as WinDbg
  • Knowledge of API call monitoring techniques
  • Basic programming skills in C/C++ for driver development
NEXT STEPS
  • Learn how to set breakpoints in WinDbg for driver functions
  • Research API monitoring tools specific to Windows drivers
  • Explore the Microsoft documentation on debugging tools for drivers
  • Investigate modifying existing driver functions safely and effectively
USEFUL FOR

Developers working with Windows drivers, software engineers interested in debugging techniques, and anyone involved in modifying or monitoring USB device drivers.

Superposed_Cat
Messages
388
Reaction score
5
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
 
Technology news on Phys.org
Superposed_Cat said:
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
Since you wrote the code for Y.sys (or is it mydriver.sys?), can't you put a debugger breakpoint at the first line in foo()? I don't have any experience debugging drivers, so this might not be the advice you're looking for.
 
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
 
Superposed_Cat said:
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
Do you have the source code? If so, build your project in a debugger, with a breakpoint at the beginning of the function you're interested in.
 
Tom.G said:
There at least used to be a way using Windows debuggers, don't know if it is still supported.
I'm pretty sure those debuggers are still supported.
 

Similar threads

System call in operating systems
  • · Replies 3 ·
Replies
3
Views
2K
I am getting an error Import "_frozen_importlib" could not be resolved
  • · Replies 5 ·
Replies
5
Views
15K
Having trouble setting up mern in Visual Studio code
  • · Replies 16 ·
Replies
16
Views
2K
Making a sysytem file monitor, how ?
  • · Replies 2 ·
Replies
2
Views
2K
Fortran Linking fortran libraries with g95 in Windows Powershell
  • · Replies 12 ·
Replies
12
Views
4K
Python Create a binary search tree in python with the support of variables
  • · Replies 13 ·
Replies
13
Views
4K
Find Free Software to Log Disk Usage & Monitor Processes
  • · Replies 30 ·
2
Replies
30
Views
3K
Close Calls from Falling Objects Out of High Rises
  • · Replies 6 ·
Replies
6
Views
2K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
  • · Replies 8 ·
Replies
8
Views
4K
Baez's polynomials and OpenGL graphics
  • · Replies 2 ·
Replies
2
Views
2K