Prev: Problem with mapping more than one page using ZwMapViewOfSection u
Next: DTM:Error occurs during receiving the list of machines in Default
From: Kid on 28 Apr 2008 19:18
Hi

Is there any magic tool that we can monitor all or some Windows drivers IRP,
IO control code and data if they do not dump message , can WinDbg do this ?

Thank you .
From: heinz on 29 Apr 2008 05:39
> Is there any magic tool that we can monitor all or some Windows drivers IRP,
> IO control code and data if they do not dump message , can WinDbg do this ?  

A few tools below. I believe there are others as well:

Irp Tracker: http://www.osronline.com/article.cfm?article=199

Bus Hound: http://www.perisoft.net/bushound
From: chris.aseltine on 29 Apr 2008 09:14
On Apr 28, 6:18 pm, Kid <K...(a)discussions.microsoft.com> wrote:

> Is there any magic tool that we can monitor all or some Windows drivers IRP,
> IO control code and data if they do not dump message , can WinDbg do this ?

To understand how to dump the data (meaningfully) for a given IOCTL,
you need to understand the IOCTL. Therefore, I don't know if a
"generic" tool is necessarily going to help you.

A lightweight KMDF filter driver, installed as a lower or upper
filter, can be used here to inspect IRPs.
 | 
Pages: 1
Prev: Problem with mapping more than one page using ZwMapViewOfSection u
Next: DTM:Error occurs during receiving the list of machines in Default