I have a little problem with my virtual disk device in Windows Explorer.
After sending IOCTL_VCRYD_MOUNT_VOLUME to device driver, I want it to show up in explorer. My device successfully mounts (if I kill explorer.exe process in Task Manager and then run it again, I'm able to see my device in drives list), but i can't see it in Windows Explorer (if I don't perform an operation described above).
I haven't found anything appropriate in Kernel Mode, so I tried to use SHChangeNotify(SHCNE_DRIVEADD, SHCNF_PATH, mydrivestring, NULL); with mydrivestring in different formats in User Mode application. But this doesn't help.
So how can i notify Windows Explorer about new disk drive added?
You can make this by calling WinAPI BroadcastSystemMessage function
But if someone can tell me how to use SHChangeNotify, I'd be grateful.
Related
I am writing an application for LPC4330 microcontroller, that will allow the user to update the firmware using USB DFU class. I wrote all of the code and I wanted to test it using dfu-util software. But when I try to do it few errors appear:
When I list the USB devices, two elements with the same parameters (vendor id, device id, configuration and interface) appear. The situation changes when I make a breakpoint in the application, in place where interrupt process function is called. Then only one device appears on the list.
I cannot detach the device because I get error "No USB device is DFU capable". Even when only one device is listed by dfu-util.
When only one device is listed I can start performing upload/download operation, but the application sends me an error, that interface cannot be claimed.
What could be a reason of these problems? Could it be connected with LPC4330 feature allowing user to flash the programme to the memory using dfu?
Thank you in advance for your answer!
You write your own DFU that is fine. Can I get to know from which mode you are trying to do firmware upgrade? Like downstream or upstream.
And if you are trying from any one of the mode please make sure that you are creating the device for particular mode only.
Detach will work, only when your DFU should have in run time mode. So please make sure that you are in run time mode or DFU mode. And before Detach try to reset your device by using software command
I want to monitor all file changes in windows using BIOS interrupts in c++ but don't know how to do that.Can someone help me with that?
I tried Windows API but that's not able to monitor all file changes in windows.It just monitors file changes in a special directory.
In Windows it is not really practical to monitor hard drive changes in interrupt level because the Windows core takes care of it and it is not open.
You can alternatively monitor all processes and their changes to the hard drive. Take a look at: http://yaprocmon.sourceforge.net/ Its open source so you can try to learn from it.
Windows sends notification about file changes using native API. And it does not necessarily use the BIOS.
Give a look to http://msdn.microsoft.com/en-us/library/windows/desktop/aa365261(v=vs.85).aspx
Is there a way to create a user-mode process from kernel-mode on Windows NT platform (XP-W7)?
EDIT: I must install only the driver. This is a specific of the project.
To create a valid win32 process the driver must communicate with CSRSS (what is completely undocumented). So I ended up by queuing a user-mode APC and allocating virtual memory for the APC code in the context of the existing win32 process (that code will call CreateProcess and do the job).
It is a tricky way but it works.
I don't know an easier way to achieve this. But what about having a Windows service running which makes an overlapped DeviceIoControl into your driver? On return the service could examine the data it has received from the driver and start the according application.
This can't be directly done - Creating a win32 process requires some set up by the user mode part of CreateProcess, not just creating the process object in kernel mode.
You need some user mode code here - either a service, a desktop app, or so on, to launch the your user mode application.
I'm writing some software that automatically connects a Bluetooth device using the Windows Bluetooth API. When it connects, Windows automatically starts installing the Bluetooth HID device driver, as expected:
This takes about 10-15 seconds, after which Windows displays the familar "ready for use" message:
The problem is that BluetoothSetServiceState() returns as soon as the driver install begins, not when the device is actually ready for use. This causes some problems for my code, because it invokes a separate library for device communication as soon as it's "connected". The first few calls fail because the drivers haven't finished installing, and making those connection attempts appears to interfere with the driver installation, because if I try to use the communication library before the driver installation has finished Windows wants to restart before the device can be used.
What I'm looking for is a way to hook that "ready to use" event, when driver installation has actually finished, so I don't make my communication library calls prematurely. Is there some Windows API call I can use to either register a function callback or directly polling the state of driver installation?
I'm writing this in vanilla C/C++, no .NET. Thanks for your help!
You might want to have a look at
this sample code and RegisterDeviceNotification function. I'm not sure for 100%, but it seems to work if you specify correct guid for your device class.
Here is what I would do:
Download Winspector (or use Spy++)
Start up Winspector, and begin watching for Window Messages
Install your driver
Watch for WM's indicative of a completed driver installation
I wish I could be more descriptive on #4, but I'm not familiar with the specific window message you need. Have a look here for possible Window Messages to expect.
However, once you determine the correct window message to look for, then programmatically have your program wait for (and handle) this WM. CodeProject has an excellent write up on how to do this in C++. Personally, I'd prefer to do it in Delphi.
If it is a network binding then RNDIS sends a message when it completes installation as per RNDIS Driver Implemenation guide
and definition of RNDIS
or
You can install or query the device list programatically through Devcon utility (source code is available with MSDN ) as given in Examples
From kernel mode in Windows I'm able to intercept and monitor virtually all actions performed on a particular disk. When a file is opened for any purpose I get an event.
Now I want to trace which application that opened it. I think this should be possible but don't know how.
I'm using the standard file management functions in Windows Win32 API.
Thanks in advance.
/Robert
Sysinternals Filemon (free) does this, and better yet they describe how they did it:
For the Windows 9x driver, the heart
of FileMon is in the virtual device
driver, Filevxd.vxd. It is dynamically
loaded, and in its initialization it
installs a file system filter via the
VxD service,
IFSMGR_InstallFileSystemApiHook, to
insert itself onto the call chain of
all file system requests. On Windows
NT the heart of FileMon is a file
system driver that creates and
attaches filter device objects to
target file system device objects so
that FileMon will see all IRPs and
FastIO requests directed at drives.
When FileMon sees an open, create or
close call, it updates an internal
hash table that serves as the mapping
between internal file handles and file
path names. Whenever it sees calls
that are handle based, it looks up the
handle in the hash table to obtain the
full name for display. If a
handle-based access references a file
opened before FileMon started, FileMon
will fail to find the mapping in its
hash table and will simply present the
handle's value instead.
-Adam
Sysinternals did a so good job at doing it and explaining it, that some source code of old version are still available here for instance, and the code is well documented (imho). It could be a good start as well.
I would use the "handle.exe" app from Sysinternals.
Or, are you actually trying to do this programmactically?
Just use Win32 N.API to get the pid from the File handle.
It's a FAQ for 15 years...