Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page IRP loop back
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-19-2005, 20:02
willii
 
Posts: n/a
Smile
Two method:
1. Add a special flag on you call to zwCreateFile/zwCloseFile so that your driver can distinct them.
2. Create file and close file directly use IRP to lower driver. You must construct IRP that you want to use. It is very difficult because many things is undocument. But it may be work.
Reply With Quote
  #2  
Old 01-21-2005, 23:32
just4urim
 
Posts: n/a
You're right! i know if i can create the IRP for create/close file and call "IoCallDriver" to pass the IRP to the lower driver , my problem is solved .
but setting all of the IRP fields correctly is a bit difficult !
and about flagging the IRP , what do u mean ? change the input param of ZwCreateFile/ZwClose ?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hi there~ Im back.. OrionOnion General Discussion 3 01-03-2014 05:29
Come Back LOUZEW General Discussion 12 10-01-2013 18:55
decompiling back to C++? Rhodium General Discussion 44 10-11-2004 08:30


All times are GMT +8. The time now is 11:43.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )