|
Hello!
I have a few questions concerning drivers. I don't know if this is the right board to post this kind of problems but here they are:
1. I want to create a keyboard filter driver. Is there any method that can ensure no other filter driver (keylogger) will attach to the keyboard driver (between the keyboard driver and my filter driver) ?
2. I want to create another filter driver that will be installed nearest to a specified application (so that no other filter driver can get between this filter driver and the application). If this is possible, could anyone help me with a few links to documentation involving this kind of issues?
3. Is there any API which I can use to check whether a driver is digitally signed?
Thanks in advance!
modified on Tuesday, January 29, 2008 4:50:54 PM
|
|
|
|
|
Eikthrynir wrote: 1. I want to create a keyboard filter driver. Is there any method that can ensure no other filter driver (keylogger) will attach to the keyboard driver (between the keyboard driver and my filter driver) ?
The only thing I can think of is modifying the EAT of ntoskrnl and hooking IoCreateDevice. You would need to block devices of type FILE_DEVICE_KEYBOARD from being created. Perhaps the same could be accomplished later by hooking IoAttachDeviceToDeviceStack.
Eikthrynir wrote: 2. I want to create another filter driver that will be installed nearest to a specified application (so that no other filter driver can get between this filter driver and the application). If this is possible, could anyone help me with a few links to documentation involving this kind of issues?
Your ring-3 application will need to communicate with the keyboard filter driver through an IOCTL dispatch interface. You could obfuscate or encrypt communication with the driver, and/or from within the driver you should verify the sender by checksum of its PE image or whatever clever scheme you can think of.
Eikthrynir wrote: 3. Is there any API which I can use to check whether a driver is digitally signed?
Perhaps you should read some Microsoft documentation about kernel driver signing.
http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx[^]
Best Wishes,
-David Delaune
|
|
|
|
|
At the second question I forgot to mention that the application I want to communicate with is not created by me. So it's impossible for me to modify it. I'm searching for a solution involving the modification of the driver only...
|
|
|
|
|
Am having difficulty getting C++ 2008 to LINK to the strcopy function. I get compiler errors on other function calls too, but they all get resolved by the linker .. all but strcopy.
I am clueless .. here is the compiler/linker output. Thanks for looking.
--Roger
-----------------
1>------ Build started: Project: GuessingGame, Configuration: Debug Win32 ------
1>Compiling...
1>GuessingGame.c
1>r:\guessinggame\guessinggame\guessinggame.c(18) : warning C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
1> c:\program files\microsoft visual studio 9.0\vc\include\stdio.h(306) : see declaration of 'scanf'
1>r:\guessinggame\guessinggame\guessinggame.c(20) : warning C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
1> c:\program files\microsoft visual studio 9.0\vc\include\stdio.h(306) : see declaration of 'scanf'
1>r:\guessinggame\guessinggame\guessinggame.c(22) : warning C4013: 'time' undefined; assuming extern returning int
1>r:\guessinggame\guessinggame\guessinggame.c(26) : warning C4013: 'strcopy' undefined; assuming extern returning int
1>r:\guessinggame\guessinggame\guessinggame.c(39) : warning C4013: 'getch' undefined; assuming extern returning int
1>Linking...
1>GuessingGame.obj : error LNK2019: unresolved external symbol _strcopy referenced in function _main
1>R:\GuessingGame\Debug\GuessingGame.exe : fatal error LNK1120: 1 unresolved externals
1>Build log was saved at "file://r:\GuessingGame\GuessingGame\Debug\BuildLog.htm"
1>GuessingGame - 2 error(s), 5 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
|
|
|
|
|
You could try removing the o from strcopy()
"Undefined" warnings mean what they say - the compiler doesn't know
how the symbol is defined.
Check the documentation for each undefined function and make sure you're
#including the header file containing the definition.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
LOL ... <<huge BLUSH>> ... thanks for the 'o', Mark
|
|
|
|
|
hi all ,
i want to write a simple programm for cell phone ( Mobile ) programm application , for e.g. i want to unlock or remove password when a user forgot his password for his mobile . for this in visual c++ 2005 , is there help for me , how can i start to mobile programming like this i mention. my model mobile is samsung .
thanx for any help .
urs
mostafa
s_mostafa_h
|
|
|
|
|
I am trying to use a VB/DLL in a C++ application
when I '#import' the dll and call a function from it
the compiler gives the following error C2352:
"illegal call of non-static member function"
I seem to be going in the wrong direction can
someone turn me around and point me in the right direction?
some code snippets:
#import "AutoMove.dll"
.
.
.
MTAutoMover::_AutoMover::Put_EmployeeID();
.
.
Thanks for any help
|
|
|
|
|
The problem seems to be that you are not instantiating the variable before calling it's member function.
Without knowing the class or type, perhaps try something like:
MTAutoMover::_AutoMover in;
in.Put_EmployeeID();
Hope this helps.
|
|
|
|
|
Hi there,
I have an application that sends/ receives messages via sockets and logs all the messages for future inquiry. I need to check a particular message and count the number of message I received every day. SO I need a timer that resets everyday (say 00:00:00) and restart the timer.
I appreciate any ideas
Thanks,
|
|
|
|
|
In the logger, use a counter to count, and check if the day-value changes.
Maxwell Chen
|
|
|
|
|
Maybe use SetTimer() to create a periodic timer, set to an interval
appropriate for the accuracy you desire.
On each WM_TIMER message, use GetLocalTime() or GetSystemTime() to
check for the wall clock time you want to do the reset at.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
Thanks for the tip, but as I am new in this area, I am not sure how to check for the time in my application. like if time (00:00:00 set counter to zero)...
Regards,
|
|
|
|
|
Mark Salsbery wrote: ...use GetLocalTime() or GetSystemTime()...
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
You can lead a horse to water but you can't make him fish
led mike
|
|
|
|
|
Mark Salsbery wrote: SetTimer() to create a periodic timer, set to an interval
appropriate for the accuracy you desire.
There would be the first thing to do for SetTimer solution: To precisely seed the timer right at the point at 00:00:00 (as in the OP mentioned). It takes effort.
Then another thing to concern: When the user or NTP service adjust the time (let's say 5 minutes fast, originally 19:28:02 --> new time 19:33:02), the next timeout event will be fired at 00:05:00, not the original configuration 00:00:00.
Maxwell Chen
|
|
|
|
|
Of course...It really didn't sound like it needed that kind of accuracy.
Checking once a minute for 00:00 might be sufficient. Or check every second
and catch the first midnight rollover.
Or it could sit in a busy loop monitoring the atomic clock
in Colorado.
I just threw the option out there
Cheers,
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
Türkçe-Ingilizce translator programini yazmaya gönüllüyüm ve sizden izin istiyorum. Güzel bisey görmek isteyenlere ve software sirketlerine duyrulur. Yok bana microsoft'un çalinti minicik kütüphanesiyle oynamak hosuma gidiyor diyenlere bi sözüm olamaz.
[Malum özürlüyüz]
modified on Tuesday, January 29, 2008 1:55:31 PM
|
|
|
|
|
In English, please!
Maxwell Chen
|
|
|
|
|
I can be willing in developing a translator (turkish-English) software. This is the permission from you, i want to do something superb. If you say with the stolen and tiny library of the microsoft to play becoming sufficient, you know.
|
|
|
|
|
Mr. Surprise wrote: can be willing in developing a translator (turkish-English) software. This is the permission from you, i want to do something superb.
Please do if you have spare time. You don't need my permission. I am not your supervisor.
Maxwell Chen
|
|
|
|
|
It seems English is far more concise than Turkish.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
[my articles]
|
|
|
|
|
Actually, speaking in Turkish is not complete meaning be written in English just as but the Turkish expression be caused writing very long expresses in English. I think, this job very wrong be done. Because, the idioms and expressions are showing difference beetwen two languages and cultures.
|
|
|
|
|
Well, you need grammatical analysis, syntactic analysis, dictionaries, all in both languages.
good luck, it's not an easy task.
|
|
|
|
|
Yes so. It's necessary not forgot the filter. Thanks
|
|
|
|