Monitoring calls from Z.exe to foo() in Y.sys, a driver

  • Thread starter Thread starter Superposed_Cat
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around monitoring API calls from a program (Z.exe) to a driver (Y.sys) that contains a specific function (foo()). Participants explore methods to intercept these calls and identify the function being invoked, particularly when it is not part of standard Win32 library calls.

Discussion Character

  • Technical explanation
  • Debate/contested
  • Experimental/applied

Main Points Raised

  • One participant inquires about methods to monitor calls from Z.exe to the driver Y.sys and specifically return the name of the function foo().
  • Another participant suggests placing a debugger breakpoint at the start of foo() to monitor its invocation, although they express uncertainty due to lack of experience with driver debugging.
  • A participant clarifies that they did not write the driver themselves and are looking to modify a specific function within it.
  • There is a suggestion that if the source code is available, building the project in a debugger with a breakpoint could be a viable approach.
  • One participant mentions that there used to be methods using Windows debuggers to achieve this, questioning if those methods are still supported and providing a link to Microsoft’s debugging tools.
  • Another participant expresses confidence that the debuggers are still supported, despite uncertainty about the current methods.

Areas of Agreement / Disagreement

Participants express varying levels of familiarity with debugging drivers, and while some suggest practical approaches, there is no consensus on the best method to monitor the API calls or the current state of debugging tools.

Contextual Notes

There are limitations regarding the availability of source code and the specific capabilities of current debugging tools, which remain unresolved in the discussion.

Who May Find This Useful

This discussion may be useful for developers working with USB device drivers, those interested in debugging techniques, and individuals looking to modify existing driver functions.

Superposed_Cat
Messages
388
Reaction score
5
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
 
Technology news on Phys.org
Superposed_Cat said:
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
Since you wrote the code for Y.sys (or is it mydriver.sys?), can't you put a debugger breakpoint at the first line in foo()? I don't have any experience debugging drivers, so this might not be the advice you're looking for.
 
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
 
Superposed_Cat said:
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
Do you have the source code? If so, build your project in a debugger, with a breakpoint at the beginning of the function you're interested in.
 
Tom.G said:
There at least used to be a way using Windows debuggers, don't know if it is still supported.
I'm pretty sure those debuggers are still supported.
 

Similar threads

System call in operating systems
  • · Replies 3 ·
Replies
3
Views
2K
I am getting an error Import "_frozen_importlib" could not be resolved
  • · Replies 5 ·
Replies
5
Views
16K
Having trouble setting up mern in Visual Studio code
  • · Replies 16 ·
Replies
16
Views
3K
Making a sysytem file monitor, how ?
  • · Replies 2 ·
Replies
2
Views
2K
Fortran Linking fortran libraries with g95 in Windows Powershell
  • · Replies 12 ·
Replies
12
Views
4K
Python Create a binary search tree in python with the support of variables
  • · Replies 13 ·
Replies
13
Views
5K
Find Free Software to Log Disk Usage & Monitor Processes
  • · Replies 30 ·
2
Replies
30
Views
3K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
  • · Replies 8 ·
Replies
8
Views
4K
Baez's polynomials and OpenGL graphics
  • · Replies 2 ·
Replies
2
Views
2K
How can I clone a USB drive to a VFD file for use in Windows?
  • · Replies 14 ·
Replies
14
Views
4K