Tracking of IO without using filter driver.
in [Device Drivers]
|
From: hitesh on 22 Feb 2010 05:24 Hi all, We can see any read/write request @ filter driver stage. but is it possible to track the same @ application layer? i am just trying to capture the read write request send by any application. if you anybody knew it then plz reply me, thanks Hitesh
From: Kerem Gümrükcü on 22 Feb 2010 07:19 What you are looking for is "Hooking",...but not really recommended,... Regards Kerem -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.pro-it-education.de/software/deviceremover Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "hitesh" <hitesh.ughreja(a)gmail.com> schrieb im Newsbeitrag news:2456c756-7a25-437f-8f02-8ac425a441b6(a)s36g2000prf.googlegroups.com... > Hi all, > We can see any read/write request @ filter driver stage. > but is it possible to track the same @ application layer? i am just > trying to capture the read write request send by any application. > if you anybody knew it then plz reply me, > thanks > Hitesh
From: m on 22 Feb 2010 08:28 Search for detours. I have never used it, but have heard of some using it successfully "Kerem G�mr�kc�" <kareem114(a)hotmail.com> wrote in message news:#9o$Zl7sKHA.4920(a)TK2MSFTNGP06.phx.gbl... > What you are looking for is "Hooking",...but > not really recommended,... > > Regards > > Kerem > > -- > ----------------------- > Beste Gr�sse / Best regards / Votre bien devoue > Kerem G�mr�kc� > Latest Project: http://www.pro-it-education.de/software/deviceremover > Latest Open-Source Projects: http://entwicklung.junetz.de > ----------------------- > > "hitesh" <hitesh.ughreja(a)gmail.com> schrieb im Newsbeitrag > news:2456c756-7a25-437f-8f02-8ac425a441b6(a)s36g2000prf.googlegroups.com... >> Hi all, >> We can see any read/write request @ filter driver stage. >> but is it possible to track the same @ application layer? i am just >> trying to capture the read write request send by any application. >> if you anybody knew it then plz reply me, >> thanks >> Hitesh >
From: Don Burn on 22 Feb 2010 08:39 Detours will work, but Microsoft releases it for research purposes only. Even then this is a form of hooking and certainly not something most people would want in a commercial product. Don Burn (MVP, Windows DKD) Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr "m" <m(a)b.c> wrote in message news:#kOqmL8sKHA.5936(a)TK2MSFTNGP04.phx.gbl: > Search for detours. I have never used it, but have heard of some using it > successfully > > "Kerem G�mr�kc�" <kareem114(a)hotmail.com> wrote in message > news:#9o$Zl7sKHA.4920(a)TK2MSFTNGP06.phx.gbl... > > > What you are looking for is "Hooking",...but > > not really recommended,... > > > > Regards > > > > Kerem > > > > -- > > ----------------------- > > Beste Gr�sse / Best regards / Votre bien devoue > > Kerem G�mr�kc� > > Latest Project: http://www.pro-it-education.de/software/deviceremover > > Latest Open-Source Projects: http://entwicklung.junetz.de > > ----------------------- > > > > "hitesh" <hitesh.ughreja(a)gmail.com> schrieb im Newsbeitrag > > news:2456c756-7a25-437f-8f02-8ac425a441b6(a)s36g2000prf.googlegroups.com... > > >> Hi all, > >> We can see any read/write request @ filter driver stage. > >> but is it possible to track the same @ application layer? i am just > >> trying to capture the read write request send by any application. > >> if you anybody knew it then plz reply me, > >> thanks > >> Hitesh > > > __________ Information from ESET Smart Security, version of virus signature database 4886 (20100222) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: m on 22 Feb 2010 20:23 I agree. In this case, the OP sounds like he is trying to debug / analyze his own program, so I suggested this. I hope that when he digs into it, he will read all of the warnings about how unreliable and dangerous this is in general without me repeating them ;) "Don Burn" <burn(a)stopspam.windrvr.com> wrote in message news:#u2Z0R8sKHA.1796(a)TK2MSFTNGP02.phx.gbl... > Detours will work, but Microsoft releases it for research purposes only. > Even then this is a form of hooking and certainly not something most > people would want in a commercial product. > > > Don Burn (MVP, Windows DKD) > Windows Filesystem and Driver Consulting > Website: http://www.windrvr.com > Blog: http://msmvps.com/blogs/WinDrvr > > > > "m" <m(a)b.c> wrote in message news:#kOqmL8sKHA.5936(a)TK2MSFTNGP04.phx.gbl: > >> Search for detours. I have never used it, but have heard of some using >> it >> successfully >> >> "Kerem G�mr�kc�" <kareem114(a)hotmail.com> wrote in message >> news:#9o$Zl7sKHA.4920(a)TK2MSFTNGP06.phx.gbl... >> >> > What you are looking for is "Hooking",...but >> > not really recommended,... >> > >> > Regards >> > >> > Kerem >> > >> > -- >> > ----------------------- >> > Beste Gr�sse / Best regards / Votre bien devoue >> > Kerem G�mr�kc� >> > Latest Project: http://www.pro-it-education.de/software/deviceremover >> > Latest Open-Source Projects: http://entwicklung.junetz.de >> > ----------------------- >> > >> > "hitesh" <hitesh.ughreja(a)gmail.com> schrieb im Newsbeitrag >> > news:2456c756-7a25-437f-8f02-8ac425a441b6(a)s36g2000prf.googlegroups.com... >> >> >> Hi all, >> >> We can see any read/write request @ filter driver stage. >> >> but is it possible to track the same @ application layer? i am just >> >> trying to capture the read write request send by any application. >> >> if you anybody knew it then plz reply me, >> >> thanks >> >> Hitesh >> >> > > > > __________ Information from ESET Smart Security, version of virus > signature database 4886 (20100222) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > >
|
Next
|
Last
Pages: 1 2 Prev: Isoch resources problem x64 win7 1394 bus driver Next: out of order packets |