I/O request packets (IRPs) are kernel mode structures that are used by Windows Driver Model (WDM) and Windows NT device drivers to communicate with each other and with the operating system.
Questions tagged [irp]
24 questions
3
votes
1 answer
How can I make IOCTL calls from a driver to another driver (not in the same stack) (on windows)
I want to make IOCTL call from a driver to another one which is totally different (not on the same stack)
I have checked on the net, but they only talk about how to send IOCTL to a lower driver, but it's not my case.
p.s : Both drivers are witten by…
nicoooogna
- 35
- 1
- 6
2
votes
1 answer
Send IRP read/write packets from UMDF driver to kernel-mode driver
Is it possible to create and send IRP read/write packets from UMDF driver to kernel-mode driver that represents the device?
Igor Mikushkin
- 1,250
- 16
- 25
1
vote
0 answers
Keyboard Filter Driver BSOD
I do not understand why my source code is not working properly.
My source code is just a simple driver that just drops the IRP.
#include
typedef struct
{
PDEVICE_OBJECT NextLayerDeviceObject;
} DEVICE_EXTENSION,…
SlayerBae
- 67
- 11
1
vote
0 answers
I/O request flow, are APCs used for blocking requests as well?
I'm trying to fully understand the I/O request flow that happens when e.g. ReadFile is invoked. I'm aware of how the I/O-Manager creates an IRP and passes it down the driver-stack. Once the data has been retrieved from the device, an interrupt…
thyrel
- 453
- 1
- 4
- 13
1
vote
1 answer
How to view which IRP's handled by mini filter driver?
We register mini file system filter driver with fltmgr i.e filter manager in windows,and we register IRP for callbacks (preoperation and postoperation callbacks) in that.
As if we know its up-to us to for which IRP we want callback from filter…
rpk
- 70
- 9
1
vote
1 answer
Windows File Filter Driver IRP callbacks not getting called
I have a file filter driver that is not receiving callbacks to the IRPs registered in DriverEntry. Has anyone had the problem where their PreOperation and PostOperation callbacks, registered with FltRegisterFilter, do not get called in their file…
user1966831
- 55
- 5
1
vote
0 answers
Find original IRP handler
My short question is, that if I know that a driver is IRP hooked (for example at IRP_MJ_READ), how can I restore this entry to the original one? As I see, Xuetr/Pc Hunter can tell me the "original entry" of some drivers' major functions list (e.g.…
Zoltán Várnagy
- 137
- 2
- 11
1
vote
1 answer
How much disk activity is caused by IRP_MJ_QUERY_INFORMATION?
A call to IRP_MJ_QUERY_INFORMATION is generated by functions such as Win32's GetFileInformationByHandle or the kernel-mode ZwQueryInformationFile.
Could somebody explain to me what is actually happening with this call? Assuming that I have a…
Nathan
- 1,445
- 9
- 20
0
votes
0 answers
Is it possible to send IRP packet from Android Phone to PC via USB to Remote wake up a sleeping PC (IRP_MN_WAIT_WAKE)
I have an old Android Phone that I want to be able to use to remotely wake-up a PC in my dorm (don't have ethernet to do WOL). My plan is to remote into my Android Phone, then send the IRP_MN_WAIT_WAKE packet to the PC to do the wake-up.
I've never…
Jimmy
- 51
- 3
0
votes
0 answers
Why IoGetDeviceObjectPointer return STATUS_INVALID_DEVICE_REQUEST in Minifilter?
I want to send an irp from Minifilter to another kernel driver.I want to use IoGetDeviceObjectPointer and get the fileobject of the target driver object ,and then use FltDeviceIoControlFile to send irp.
The target driver is not a Minifilter but a…
0
votes
0 answers
How to extract buffer from PFLT_PRE_OPERATION_CALLBACK on Windows kernel level minifilter IRP_MJ_WRITE?
I want to extract the contents before file write.
For example, when I open "C:\test\test.txt" and I perform write operating 'aaa'.
When I Save the file, IRP MJ WRITE packet will be transmitted User to Kernel.
So, I made minifilter and interrupt IRP…
cheon
- 1
0
votes
0 answers
How to solve the driver hanging on sending IRPs to delete EXE files which require Administrator authority?
I want to delete files by sending IRP via a WDK driver. It works well for deleting all files no matter *.pdf or *.pptx, except some EXEs which require Administrator to run, such as EXE installer and setup.exe etc. I don't know why it hangs on…
SuperBerry
- 1,193
- 1
- 12
- 28
0
votes
1 answer
copying data from user app to kernel driver via memcpy
ok i will just make things simple , how could i send and receive data from my user mode app to my kernel driver using shared memory . with an actual mutex to indicate whether my request is finished or not. and how could i call read memory function…
Frankoo
- 13
- 4
0
votes
1 answer
Can i find out symbolic link of opened device, when process IRP_MJ_READ?
I have driver, that construct and return some data on IRP_MJ_READ request.
I use some symbolic link to open and read device, associated with driver.
The symbolic link is something like \\DosDevice\\Name1.
I want to use same device to get another…
murzagurskiy
- 1,273
- 1
- 20
- 44
0
votes
0 answers
IRP_MJ_DEVICE_CONTROL — how to?
Coding a app using serial port, when debugging, I have been compelled to work with low level (link control) protocol.
And here my problems begun.
Sniffer gives me values:
IOCTL_SERIAL_SET_BAUD_RATE 80 25 00 00 means baud rate 9600. Well, 00 c2 01 00…
Олег Сидоров
- 641
- 2
- 8
- 20