trying to convert kbfiltr sample to a class level filter driver
in [Device Drivers]
|
Prev: Building an Embedded Device/System? Tell VDC about your experience for a chance to WIN!
Next: SignerSign fails with internal error
From: unclepauly on 18 May 2010 11:07 hello, i am using the kbfiltr example from the WDK (7600) as a template for my keyboard filter driver. the purpose of the driver (at the moment) is just to enable/disable all keyboard input. i have got this working by modifying the KbFilter_ServiceCallback so that it drops all packets if required. i need to be able to send the driver IOCTLs from a user app and have got this working as well using this sample. but of course the sample only works for a single ps/2 keyboard and i need it to apply to all keyboards. so, i modified the registry so that the keyboard is installed at class-level, ie i changed the UpperFilters key to be "kbfiltr\kbclass" (also tried "kbfiltr\0kbclass\0\0"). however after rebooting the machine, the keyboard did not work at all. i am sure this is because the sample driver needs to implement IRP_RJ_READ ? i am also sure that the KbFilter_ServiceCallback does not get called at the class level ? so what i *think* i need to do, before even thinking about getting the driver at class level, is to implement the IRP_RJ_READ. so i changed the sample code to be as follows: at the bottom of DriverEntry, before i return status : DriverObject->MajorFunction[IRP_MJ_READ] = Example_Read; then the Example_Read function : NTSTATUS Example_Read(__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp) { NTSTATUS NtStatus = STATUS_SUCCESS; UNREFERENCED_PARAMETER(DeviceObject); DbgPrint("Enter Example_Read\r\n"); Irp->IoStatus.Status = NtStatus; IoCompleteRequest(Irp, IO_NO_INCREMENT); return NtStatus; } however after installing the driver (as a single driver via device manager), i can see that the ServiceCallback is being called but the Example_Read is not. yes i know i have probably made some rookie mistake but i have only been doing this for a week. what i am after please, is for someone to tell me 1) if i am right in the first place for thinking that i need to hook IRP_MJ_READ. 2) if so, have i hooked it correctly ? 3) if so why cant i see the Example_Read being hit (using dbgview) ? thank you.
From: Doron Holan [MSFT] on 18 May 2010 15:06
when you modified the registry value at the class level, did you literally put the "\" in the string? if you are using regedit, just put bkfiltr on the first line in the edit box and kbdclass in the 2nd line, that's it. no need to embed your own nulls or anything like that d "unclepauly" wrote in message news:A1E3025F-3248-4D06-B7BE-94F3F694B424(a)microsoft.com... hello, i am using the kbfiltr example from the WDK (7600) as a template for my keyboard filter driver. the purpose of the driver (at the moment) is just to enable/disable all keyboard input. i have got this working by modifying the KbFilter_ServiceCallback so that it drops all packets if required. i need to be able to send the driver IOCTLs from a user app and have got this working as well using this sample. but of course the sample only works for a single ps/2 keyboard and i need it to apply to all keyboards. so, i modified the registry so that the keyboard is installed at class-level, ie i changed the UpperFilters key to be "kbfiltr\kbclass" (also tried "kbfiltr\0kbclass\0\0"). however after rebooting the machine, the keyboard did not work at all. i am sure this is because the sample driver needs to implement IRP_RJ_READ ? i am also sure that the KbFilter_ServiceCallback does not get called at the class level ? so what i *think* i need to do, before even thinking about getting the driver at class level, is to implement the IRP_RJ_READ. so i changed the sample code to be as follows: at the bottom of DriverEntry, before i return status : DriverObject->MajorFunction[IRP_MJ_READ] = Example_Read; then the Example_Read function : NTSTATUS Example_Read(__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp) { NTSTATUS NtStatus = STATUS_SUCCESS; UNREFERENCED_PARAMETER(DeviceObject); DbgPrint("Enter Example_Read\r\n"); Irp->IoStatus.Status = NtStatus; IoCompleteRequest(Irp, IO_NO_INCREMENT); return NtStatus; } however after installing the driver (as a single driver via device manager), i can see that the ServiceCallback is being called but the Example_Read is not. yes i know i have probably made some rookie mistake but i have only been doing this for a week. what i am after please, is for someone to tell me 1) if i am right in the first place for thinking that i need to hook IRP_MJ_READ. 2) if so, have i hooked it correctly ? 3) if so why cant i see the Example_Read being hit (using dbgview) ? thank you. |