how can i observe interaction/communication between a process (user land) and a driver in windows

Question

I tried to trace some known network API functions in some Sysinternals tools in order to observe/capture the interaction between a process and a driver (say for example arp.exe interaction with the network adapter driver?, what IOCTL is used etc.. ) I was wondering if there is any suitable way to do that besides debugging a program

thanks in advance!

Set a breakpoint on the function in your debugger if you already know its name? — Anders, Feb 10 '22 at 03:31

score 0 · Answer 1 · answered Feb 18 '22 at 08:13

0

You can use IRP Logger of Windows Driver verifier to get basic information about IRP coming to the driver. (Including from user space)

answered Feb 18 '22 at 08:13

Baget

3,318
1
24
44

how can i observe interaction/communication between a process (user land) and a driver in windows

1 Answers1