[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

CreateFile to open a filter driver

Posted on 2004-03-25
6
Medium Priority
?
1,728 Views
Last Modified: 2013-12-03
Hi,
I am using the Filemon code available on net and I am trying to write an application, of
my own to make IOCTL calls into the Filemon driver. When my application calls CreateFile()
i get an error ERROR_FILE_NOT_FOUND

   if((SysHandle = CreateFile( "\\\\.\\FILEMON",  // lpFileName        GENERIC_READ | GENERIC_WRITE,            // dwDesiredAccess
                             FILE_SHARE_READ | FILE_SHARE_WRITE,      // dwShareMode
  NULL,       // lpSecurityAttributes
OPEN_EXISTING,       // dwCreationDistribution
FILE_ATTRIBUTE_NORMAL,             // dwFlagsAndAttributes
  NULL      // hTemplateFile
    )) == INVALID_HANDLE_VALUE


Could someone please help !!

Regards,
Lib
----
0
Comment
Question by:lib7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 48

Accepted Solution

by:
AlexFM earned 500 total points
ID: 10676582
As I remember, all applications from SysInternals which are using their own drivers, keep driver .sys file inside of resources. When program starts, it extracts driver from resources, saves to hard disk and registers it. After this driver is available for CreateFile function.
Does your program have all this stuff?
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 500 total points
ID: 10678443
>>i get an error ERROR_FILE_NOT_FOUND

AlexFM is correct about the resource issue. Furthermore, after extracting the driver, you will have to install and load it, e.g.

#define UNICODE 1
#include <windows.h>
#include <stdlib.h>
#include <string.h>

BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice );
BOOL UnloadDeviceDriver( const TCHAR * Name );



BOOL
InstallDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName,
    IN LPCTSTR    ServiceExe
    );

BOOL
StartDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );

BOOL
OpenDevice(
    IN LPCTSTR    DriverName, HANDLE * lphDevice
    );

BOOL
StopDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );

BOOL
RemoveDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );



/****************************************************************************
*
*    FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *)
*
*    PURPOSE: Registers a driver with the system configuration manager
*      and then loads it.
*
****************************************************************************/
BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice )
{
     SC_HANDLE     schSCManager;
     BOOL          okay;

     schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );

     // Ignore success of installation: it may already be installed.
     InstallDriver( schSCManager, Name, Path );

     // Ignore success of start: it may already be started.
     StartDriver( schSCManager, Name );

     // Do make sure we can open it.
     okay = OpenDevice( Name, lphDevice );

      CloseServiceHandle( schSCManager );

     return okay;
}


/****************************************************************************
*
*    FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR)
*
*    PURPOSE: Creates a driver service.
*
****************************************************************************/
BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe )
{
    SC_HANDLE  schService;

    //
    // NOTE: This creates an entry for a standalone driver. If this
    //       is modified for use with a driver that requires a Tag,
    //       Group, and/or Dependencies, it may be necessary to
    //       query the registry for existing driver information
    //       (in order to determine a unique Tag, etc.).
    //

    schService = CreateService( SchSCManager,          // SCManager database
                                DriverName,           // name of service
                                DriverName,           // name to display
                                SERVICE_ALL_ACCESS,    // desired access
                                SERVICE_KERNEL_DRIVER, // service type
                                SERVICE_DEMAND_START,  // start type
                                SERVICE_ERROR_NORMAL,  // error control type
                                ServiceExe,            // service's binary
                                NULL,                  // no load ordering group
                                NULL,                  // no tag identifier
                                NULL,                  // no dependencies
                                NULL,                  // LocalSystem account
                                NULL                   // no password
                                );
    if ( schService == NULL )
        return FALSE;

    CloseServiceHandle( schService );

    return TRUE;
}


/****************************************************************************
*
*    FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Starts the driver service.
*
****************************************************************************/
BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;

    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );
    if ( schService == NULL )
        return FALSE;

    ret = StartService( schService, 0, NULL )
       || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;

    CloseServiceHandle( schService );

    return ret;
}



/****************************************************************************
*
*    FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *)
*
*    PURPOSE: Opens the device and returns a handle if desired.
*
****************************************************************************/
BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice )
{
    TCHAR    completeDeviceName[64];
    HANDLE   hDevice;

    //
    // Create a \\.\XXX device name that CreateFile can use
    //
    // NOTE: We're making an assumption here that the driver
    //       has created a symbolic link using it's own name
    //       (i.e. if the driver has the name "XXX" we assume
    //       that it used IoCreateSymbolicLink to create a
    //       symbolic link "\DosDevices\XXX". Usually, there
    //       is this understanding between related apps/drivers.
    //
    //       An application might also peruse the DEVICEMAP
    //       section of the registry, or use the QueryDosDevice
    //       API to enumerate the existing symbolic links in the
    //       system.
    //

    wsprintf( completeDeviceName, TEXT("\\\\.\\%s"), DriverName );

    hDevice = CreateFile( completeDeviceName,
                          GENERIC_READ | GENERIC_WRITE,
                          0,
                          NULL,
                          OPEN_EXISTING,
                          FILE_ATTRIBUTE_NORMAL,
                          NULL
                          );
    if ( hDevice == ((HANDLE)-1) )
        return FALSE;

     // If user wants handle, give it to them.  Otherwise, just close it.
     if ( lphDevice )
          *lphDevice = hDevice;
     else
         CloseHandle( hDevice );

    return TRUE;
}


/****************************************************************************
*
*    FUNCTION: UnloadDeviceDriver( const TCHAR *)
*
*    PURPOSE: Stops the driver and has the configuration manager unload it.
*
****************************************************************************/
BOOL UnloadDeviceDriver( const TCHAR * Name )
{
     SC_HANDLE     schSCManager;

     schSCManager = OpenSCManager(     NULL,                 // machine (NULL == local)
                                        NULL,                 // database (NULL == default)
                                             SC_MANAGER_ALL_ACCESS // access required
                                        );

     StopDriver( schSCManager, Name );
     RemoveDriver( schSCManager, Name );
     
     CloseServiceHandle( schSCManager );

     return TRUE;
}



/****************************************************************************
*
*    FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Has the configuration manager stop the driver (unload it)
*
****************************************************************************/
BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE       schService;
    BOOL            ret;
    SERVICE_STATUS  serviceStatus;

    schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS );
    if ( schService == NULL )
        return FALSE;

    ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus );

    CloseServiceHandle( schService );

    return ret;
}


/****************************************************************************
*
*    FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Deletes the driver service.
*
****************************************************************************/
BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;

    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );

    if ( schService == NULL )
        return FALSE;

    ret = DeleteService( schService );

    CloseServiceHandle( schService );

    return ret;
}

(code taken from an earlier filemon which credits the above to the DDKs instsvr sample)
0
 

Author Comment

by:lib7
ID: 10684467
Hi ,
  Thanx for your replies.

  I am using the entire code of filemon as it is !
  I am just writting an application of my own which will make IOCTL calls into the filemon driver. To communicate with the driver i am getting the handle to it through the CreateFile() call.

To test the application -- i am first running the Filemon.exe  (GUI part) which should install the driver.  And then i am running my application. And i am getting the error code 5 this time ie ACCESS DENIED.!  

Is it true that two applications cannot get a handle to the same driver at the same time?
This could be happening in this case ?

Lib7
-----
0
 
LVL 86

Expert Comment

by:jkr
ID: 10688801
>>Is it true that two applications cannot get a handle to the same driver at the same time?

Depends on the driver design. In case of FileMon, it would make sense. So, I suggest you load and start filemon.sys from your own application.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question