Getting the name of a driver from the device object - windows

I'm wondering if it's possible to get the name of a driver from the device that it created. Let's say I have a symbolic link that points to a device, \.\RTF64 -> \Device\RTF64. Is there any way to get the driver name (.sys) using just this information. Either I have to use some undocumented functions exported by ntdll.dll or write a driver which retrieves the information I want. Is it even possible to do?.
I've looked trough various functions exported by ntdll.dll but have not found anything yet.

In user mode you can use SetupDi* functions to enumerate all the devices and interfaces then use SetupDiGetDeviceInterfaceDetail to get the device path.
Then use something like SetupDiGetDriverInfoDetail to get details about the driver.
Edit: As mentioned in the comments it only works if the driver registered an interface for the device object, which is not possible in some cases (control device objects)

Related

How to get the hardware info without using WMI?

I am programming an activation code for my application, I need to provide the key file with information about the licensed computer, I need to retrieve information about some devices like processor ID and DiskDrive Serial number, and the BIOS Serial as well ,, and so on with some devices, but these are the major ones.
I need to combine the method with another application programmed by another language so I cannot use WMI, but I can use winapi.
is there a way to fetch the physical data using winapi?if so, then how?
If you are able to call Windows API functions, then you can use WMI. After all, the WMI interface is part of the Windows API.
Take a look at the Win32_BIOS class and the PROCESSOR_POWER_INFORMATION structure.
Accessing motherboard information without WMI seems not to be doable with current means. Here you can find a similar question:
Access Motherboard information without using WMI

Unable to open usb interface on Mac, error e000002c5

I am newbie to Mac development, working on USB communication.
I am referring to this sample.
When the code executes "USBOpenInterfaceOpen()", error code "e00002c5" is received, which means error while opening for exclusive access.
Solution which I found was to add kext, but I think it requires device specific information such as Vendor Id, Product Id etc to be written in plist file. If this is the case then It is not possible to support multiple devices having different Product Id and Vendor Id.
Is there any way, where I can access the device without using kext ?
Thanks.
I believe the error you are seeing is saying another driver is currently accessing the device. you can take control from the current owner with the USBDeviceOpenSeize function. If that doesn't work try running your tool as root. If that doesn't work you may have to create a dummy kext that matches the device in question and keeps it available for your user land driver. HTH

how to load driver?

I want to develop one driver so i have create one service and one .sys file for driver to be display now i do not know how to attach that two file or how to register my driver to windows.
so just tell me the step which i should follow.
Thanks and hoping for positive response.
You can load driver by using StartService API. And you can also use ZwLoadDriver. It's a native API. You can find more information about them in MSDN.
Depends on the driver you write. If it's a device driver it's automatically loaded once the system needs it for the previously defined device classes.
For drivers which don't need devices you need a special driver service. See this CodeProject example - section "Dynamically Loading and Unloading the Driver"
Basically the most straightforward is using the following apis (in that order). I think it should be pretty straight forward.
http://msdn.microsoft.com/en-us/library/ms684323%28v=VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms682450%28v=VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms686321%28v=VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms682028%28v=VS.85%29.aspx

Publishing information from IOKit KEXT on OS X

I have an IOKit-based kernel extension on Mac OS X, a subclass of IOService. When this service loads i need to publish additional specific runtime information from it and i need it to be accessible from user space without making some specific IOUserClient requests. The information in question is basically field\value pairs and it's format is shared between the KEXT and it's user-space wrapper library. The contents will change over time on some specific events inside the service when it is active.
On Linux i would have accomplished this with a file in the /proc file system. Can you advise a similar strategy on OS X? Maybe something related to IORegistry?
Thank you.
Well this turned out to be pretty easy.
Your IOKit service is (eventially) inherited from IOService class, which in turn is inherited from IORegistryEntry, which represents an instance of your service's entry in IORegistry and provides a family of setProperty\getProperty methods to add\change\remove your own fields in IORegistry entry for your service.
The IORegistry in an in-memory database that is of course programmatically accessible from user space where you search it for you service's entry and read information published by it.

Windows process structure: How to store user information?

I want to store some information in the EPROCESS structure of the process in windows NT kernel. My aim is that when winlogon is called I want to assign a unique value to the next process based on which user logs in. But I do not know where to store this unique ID. I have tried and succeeded in modifying some information (like the tokens) in the EPROCESS block of a process by the method of Direct kernel object modification and I wonder if there is any structure in this EPROCESS block where some other information can be stored.
p.s. For modifying the EPROCESS block I used a device driver.
The EPROCESS structure is opaque and undocumented, meaning you shouldn't be messing with its internals. Doing so requires you, among other things, to test on every OS version and service pack you plan on supporting.
Do not modify EPROCESS. It will bring you great sorrow.
Furthermore, if you do, do not install it on anyone elses machine. It is absolutely wrong to impose such a profoundly damaging, system destabilizing change on another persons computer. How would like it if I gave you tuberculosis?

Resources