Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

CreateFile to open a filter driver

Posted on 2004-03-25
6
1,679 Views
Last Modified: 2013-12-03
Hi,
I am using the Filemon code available on net and I am trying to write an application, of
my own to make IOCTL calls into the Filemon driver. When my application calls CreateFile()
i get an error ERROR_FILE_NOT_FOUND

   if((SysHandle = CreateFile( "\\\\.\\FILEMON",  // lpFileName        GENERIC_READ | GENERIC_WRITE,            // dwDesiredAccess
                             FILE_SHARE_READ | FILE_SHARE_WRITE,      // dwShareMode
  NULL,       // lpSecurityAttributes
OPEN_EXISTING,       // dwCreationDistribution
FILE_ATTRIBUTE_NORMAL,             // dwFlagsAndAttributes
  NULL      // hTemplateFile
    )) == INVALID_HANDLE_VALUE


Could someone please help !!

Regards,
Lib
----
0
Comment
Question by:lib7
  • 2
6 Comments
 
LVL 48

Accepted Solution

by:
AlexFM earned 125 total points
ID: 10676582
As I remember, all applications from SysInternals which are using their own drivers, keep driver .sys file inside of resources. When program starts, it extracts driver from resources, saves to hard disk and registers it. After this driver is available for CreateFile function.
Does your program have all this stuff?
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 125 total points
ID: 10678443
>>i get an error ERROR_FILE_NOT_FOUND

AlexFM is correct about the resource issue. Furthermore, after extracting the driver, you will have to install and load it, e.g.

#define UNICODE 1
#include <windows.h>
#include <stdlib.h>
#include <string.h>

BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice );
BOOL UnloadDeviceDriver( const TCHAR * Name );



BOOL
InstallDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName,
    IN LPCTSTR    ServiceExe
    );

BOOL
StartDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );

BOOL
OpenDevice(
    IN LPCTSTR    DriverName, HANDLE * lphDevice
    );

BOOL
StopDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );

BOOL
RemoveDriver(
    IN SC_HANDLE  SchSCManager,
    IN LPCTSTR    DriverName
    );



/****************************************************************************
*
*    FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *)
*
*    PURPOSE: Registers a driver with the system configuration manager
*      and then loads it.
*
****************************************************************************/
BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice )
{
     SC_HANDLE     schSCManager;
     BOOL          okay;

     schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );

     // Ignore success of installation: it may already be installed.
     InstallDriver( schSCManager, Name, Path );

     // Ignore success of start: it may already be started.
     StartDriver( schSCManager, Name );

     // Do make sure we can open it.
     okay = OpenDevice( Name, lphDevice );

      CloseServiceHandle( schSCManager );

     return okay;
}


/****************************************************************************
*
*    FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR)
*
*    PURPOSE: Creates a driver service.
*
****************************************************************************/
BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe )
{
    SC_HANDLE  schService;

    //
    // NOTE: This creates an entry for a standalone driver. If this
    //       is modified for use with a driver that requires a Tag,
    //       Group, and/or Dependencies, it may be necessary to
    //       query the registry for existing driver information
    //       (in order to determine a unique Tag, etc.).
    //

    schService = CreateService( SchSCManager,          // SCManager database
                                DriverName,           // name of service
                                DriverName,           // name to display
                                SERVICE_ALL_ACCESS,    // desired access
                                SERVICE_KERNEL_DRIVER, // service type
                                SERVICE_DEMAND_START,  // start type
                                SERVICE_ERROR_NORMAL,  // error control type
                                ServiceExe,            // service's binary
                                NULL,                  // no load ordering group
                                NULL,                  // no tag identifier
                                NULL,                  // no dependencies
                                NULL,                  // LocalSystem account
                                NULL                   // no password
                                );
    if ( schService == NULL )
        return FALSE;

    CloseServiceHandle( schService );

    return TRUE;
}


/****************************************************************************
*
*    FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Starts the driver service.
*
****************************************************************************/
BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;

    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );
    if ( schService == NULL )
        return FALSE;

    ret = StartService( schService, 0, NULL )
       || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;

    CloseServiceHandle( schService );

    return ret;
}



/****************************************************************************
*
*    FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *)
*
*    PURPOSE: Opens the device and returns a handle if desired.
*
****************************************************************************/
BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice )
{
    TCHAR    completeDeviceName[64];
    HANDLE   hDevice;

    //
    // Create a \\.\XXX device name that CreateFile can use
    //
    // NOTE: We're making an assumption here that the driver
    //       has created a symbolic link using it's own name
    //       (i.e. if the driver has the name "XXX" we assume
    //       that it used IoCreateSymbolicLink to create a
    //       symbolic link "\DosDevices\XXX". Usually, there
    //       is this understanding between related apps/drivers.
    //
    //       An application might also peruse the DEVICEMAP
    //       section of the registry, or use the QueryDosDevice
    //       API to enumerate the existing symbolic links in the
    //       system.
    //

    wsprintf( completeDeviceName, TEXT("\\\\.\\%s"), DriverName );

    hDevice = CreateFile( completeDeviceName,
                          GENERIC_READ | GENERIC_WRITE,
                          0,
                          NULL,
                          OPEN_EXISTING,
                          FILE_ATTRIBUTE_NORMAL,
                          NULL
                          );
    if ( hDevice == ((HANDLE)-1) )
        return FALSE;

     // If user wants handle, give it to them.  Otherwise, just close it.
     if ( lphDevice )
          *lphDevice = hDevice;
     else
         CloseHandle( hDevice );

    return TRUE;
}


/****************************************************************************
*
*    FUNCTION: UnloadDeviceDriver( const TCHAR *)
*
*    PURPOSE: Stops the driver and has the configuration manager unload it.
*
****************************************************************************/
BOOL UnloadDeviceDriver( const TCHAR * Name )
{
     SC_HANDLE     schSCManager;

     schSCManager = OpenSCManager(     NULL,                 // machine (NULL == local)
                                        NULL,                 // database (NULL == default)
                                             SC_MANAGER_ALL_ACCESS // access required
                                        );

     StopDriver( schSCManager, Name );
     RemoveDriver( schSCManager, Name );
     
     CloseServiceHandle( schSCManager );

     return TRUE;
}



/****************************************************************************
*
*    FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Has the configuration manager stop the driver (unload it)
*
****************************************************************************/
BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE       schService;
    BOOL            ret;
    SERVICE_STATUS  serviceStatus;

    schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS );
    if ( schService == NULL )
        return FALSE;

    ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus );

    CloseServiceHandle( schService );

    return ret;
}


/****************************************************************************
*
*    FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Deletes the driver service.
*
****************************************************************************/
BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;

    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );

    if ( schService == NULL )
        return FALSE;

    ret = DeleteService( schService );

    CloseServiceHandle( schService );

    return ret;
}

(code taken from an earlier filemon which credits the above to the DDKs instsvr sample)
0
 

Author Comment

by:lib7
ID: 10684467
Hi ,
  Thanx for your replies.

  I am using the entire code of filemon as it is !
  I am just writting an application of my own which will make IOCTL calls into the filemon driver. To communicate with the driver i am getting the handle to it through the CreateFile() call.

To test the application -- i am first running the Filemon.exe  (GUI part) which should install the driver.  And then i am running my application. And i am getting the error code 5 this time ie ACCESS DENIED.!  

Is it true that two applications cannot get a handle to the same driver at the same time?
This could be happening in this case ?

Lib7
-----
0
 
LVL 86

Expert Comment

by:jkr
ID: 10688801
>>Is it true that two applications cannot get a handle to the same driver at the same time?

Depends on the driver design. In case of FileMon, it would make sense. So, I suggest you load and start filemon.sys from your own application.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Save copy of document in Word 4 88
Event ID 10010 3 69
Importing Special Characters in Dynamics GP Through Integration Manager 3 82
Best way to accomplish this task? 3 88
If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question