Monitoring calls from Z.exe to foo() in Y.sys, a driver

  • Thread starter Superposed_Cat
  • Start date
In summary: I think the Visual Studio debugger is the most common one used these days.In summary, the conversation discusses how to find and return the name of a specific function in a driver for a USB device. The solution involves using a debugger and setting a breakpoint at the beginning of the function. The conversation also mentions resources for debugging tools and asks for confirmation on their current support.
  • #1
Superposed_Cat
388
5
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
 
Technology news on Phys.org
  • #2
Superposed_Cat said:
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.
Since you wrote the code for Y.sys (or is it mydriver.sys?), can't you put a debugger breakpoint at the first line in foo()? I don't have any experience debugging drivers, so this might not be the advice you're looking for.
 
  • #3
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
 
  • #4
Superposed_Cat said:
I did not write it myself, it came with the device, I seek to mod a specific function in the driver,
Do you have the source code? If so, build your project in a debugger, with a breakpoint at the beginning of the function you're interested in.
 
  • #6
Tom.G said:
There at least used to be a way using Windows debuggers, don't know if it is still supported.
I'm pretty sure those debuggers are still supported.
 

1. How does monitoring calls from Z.exe to foo() in Y.sys work?

Monitoring calls from Z.exe to foo() in Y.sys involves setting up a system to intercept and track the communication between the two components. This can be done through various methods such as using debugging tools or creating custom monitoring software.

2. Why is it important to monitor these calls?

Monitoring calls from Z.exe to foo() in Y.sys can provide valuable insights into the behavior and performance of the driver. It can also help identify any potential issues or bugs that may arise from the interaction between the two components.

3. What tools are commonly used for monitoring calls in a driver?

There are various tools and techniques that can be used for monitoring calls in a driver, including debugging tools such as WinDbg and Visual Studio, as well as custom monitoring software specifically designed for this purpose.

4. Can monitoring calls from Z.exe to foo() in Y.sys impact system performance?

In most cases, monitoring calls from Z.exe to foo() in Y.sys should not have a significant impact on system performance. However, if the monitoring process is not optimized or the system is already under heavy load, it may cause a slight decrease in performance.

5. How can the data collected from monitoring calls be used?

The data collected from monitoring calls can be used for various purposes, such as troubleshooting issues, optimizing system performance, and identifying potential security vulnerabilities. It can also be used for research and analysis purposes to gain a better understanding of the communication between the driver and the executable.

Similar threads

Unknown USB Device (Device Descriptor Request Failed) No Drive Letter
    • Programming and Computer Science
Replies
2
Views
833
System call in operating systems
    • Programming and Computer Science
Replies
3
Views
1K
I am getting an error Import "_frozen_importlib" could not be resolved
    • Programming and Computer Science
Replies
5
Views
9K
Help printing to a Zebra label printer from Tcl or C please
    • Programming and Computer Science
Replies
2
Views
2K
Do you want to build a website?
    • Programming and Computer Science
Replies
15
Views
1K
Having trouble setting up mern in Visual Studio code
    • Programming and Computer Science
Replies
16
Views
1K
Find Free Software to Log Disk Usage & Monitor Processes
    • Computing and Technology
Replies
30
Views
2K
Fortran Linking fortran libraries with g95 in Windows Powershell
    • Programming and Computer Science
Replies
12
Views
3K
Create a binary search tree in python with the support of variables
    • Programming and Computer Science
Replies
13
Views
4K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
    • Programming and Computer Science
Replies
8
Views
2K

Hot Threads

Recent Insights

Back
Top