Hi. Coders and also Reversers...

I am coding a kernel hook for cd-dvd system driver for monitoring that device.

I need all functions that deal and work with this device...

I have (and know some) functions but maybe incomplete...

functions like: deviceiocontrol , getdrivetype , ...

Regards...

Edited October 31, 201113 yr by Mr.reCoder

createfile, readfile, setfilepointer, deviceiocontrol, aspi interface (not so common), getdrivetype etc..

@evlncrn8

thanks friend...

i need more functions...

Edited October 26, 201113 yr by Mr.reCoder

@evlncrn8

thanks friend...

i need more functions...

Why not search on MSDN ? I think all you need can be found there...

how about listing the functions you found?..

the ones i listed are the only interfaces available in ring 3, the most commonly used being spti access using deviceiocontrol with ioctl requests or pass thru cdbs..

i have a feeling you dont know what you are asking about

i want to know all functions that deal with cd - dvd rom device; like : GetDriveTypeA/W - DeviceIoControl - GetVolumeInformations and etc...

i will program a kernel hook!! (i know it is ring 0!)

i want the name (and the address) of function in the module! BTW i can know which function calls the kernel function...(i mean after return from kernel function where i will be...)

yes! i searched msdn and many more webs!! but i think it is not complete!!!

the reversers and crackers know many more functions!!!

i hope i was clear!!! (sorry for my bad english... )

regards...

Edited October 31, 201113 yr by Mr.reCoder

lol..you are a joke..nice editing...

forget any help from me, you just proved yourself to be what i thought you were, amateur to say the least....

@evlncrn8

i do NOT know what you mean!!!

yes! i edited my post! coze this not my orginal language! it may have many grammar errors! this does not mean that i am amateur!!!

answer the question if you want please do NOT SPAM!!

ok!?

Edited November 1, 201113 yr by Mr.reCoder

if you really want to do it in ring 0 then you need to. do it in a different way, by hooking the device drivers and interceptig (and handling) the ioctl packets sent to and from them from the deviceiocontol api interface, hooking cdrom.sys for example, to do it successfully you would to have a very good knowledge of the mmc spefications (the cdbs etc) and the ioctl commands too,....

do you really need to go ring 0? ring 3 is much easier...

if you must do ring 0 then you will need to research a lot..perhaps reverse engineering something like gamejackal (maploml.sys, maplomh.sys or maplom.sys) from slysoft may be a good start..

what is it you are trying to do exactly?

and by amateur i meant you dont really know what you are asking or what is actually involved

Edited November 1, 201113 yr by evlncrn8

@evlncrn8

tank you! nice comment(s)!!!

hi ...

is this list complete... ?

your comments maybe helpful!

DefineDosDevice

DeleteVolumeMountPoint

FindFirstVolume

FindFirstVolumeMountPoint

FindNextVolume

FindNextVolumeMountPoint

FindVolumeClose

FindVolumeMountPointClose

GetDriveType

GetLogicalDrives

GetLogicalDriveStrings

GetVolumeInformation

GetVolumeInformationByHandleW

GetVolumeNameForVolumeMountPoint

GetVolumePathName

GetVolumePathNamesForVolumeName

QueryDosDevice

SetVolumeLabel

SetVolumeMountPoint

regards...

Edited November 3, 201113 yr by Mr.reCoder

those are ring 3 apis..i thought you were doing ring 0 (where api hooking is overkill, for ring 0 you need to use a different approach),

i think you need to seriously think about how to do things in a safe and good way...

@evlncrn8

i will use ring 3 to hook this api's! (now it is easy and safe!)

but i will program another tool to hook cdrom.sys!

thanks ....

err hooking cdrom.sys would not be all you need to do...

again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?

because it really looks like you do not know what you are doing...first you talk about hooking ring 3 apis in ring 0, then you change your mind.....

explain what you are trying to do and then i can help you pick the best approach..

again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?

yes! that is exactly true! i want to do this!

thnx for nice comments...

any particular protection?

are you aware of how much work is involved or exactly what is involved? there is a reason there are not a lot of protection emulators out theren..the reason? its damn hard and requires a lot of technical knowledge...a lot...especially with hardware, timing...

honest advice.. after what i have seen in your replies...you need to do a hell of a lot more research, you clearly do not realise the size of the task...

yes! i know hooking sys file is hard! but i wana to do it.

in fact when i can not trace ring 3 functions because of protectors problem (like themida!!!); there is one way to do it in kernel mode!

i know there is a good way to hook ring 3 functions that i listed above post but this functions are very common and more protectors did not use them! instead they use kernel functions ... when i wait in cd-rom INPUT BUS i can rip data and many things to find out what is the protector doing!!!

that is only reason for me to write kernel hook!!!

for examle i used a common api monitor to monitor this functions i a cd rom ptotector but this protector had been protected with themida (this packer has anti moninitoring features) and when I unpacked it; the codes that treat with cd rom functions has been stolen by protector and i could not find them!!!

thnx for your nice comments...

Edited November 9, 201113 yr by Mr.reCoder

still, emulation is tricky, there's timing involved (rmps for example), handling of specific ioctls, and what about the protection using drivers to interface to the cd/dvd directly such as tages and starforce?.. it is not an easy task, and definately not a task for just one person..

also the analogy of themida to commercial games / apps protection is a bad one.. they are at entirely different levels...

seriously, rethink things.. its not an easy task and you definately do not appear to have the experience to pull it off, that is evident from your posts.. nice idea doing it, but others have tried and failed before you, which is why there aren't too many iso protection emulators out there... surely you realise that?

i will do it!

so if you think it is hard! please hint me another way?! is ring 3 hook suitable for protectors like themida, armadillo, ...??

thnx for your nice comments...

Sure hooking ring3 usually works fine on such protectors. You might have to tinker a bit but it's a lot easier than emulating tages/starforce.

@ quosego

thank you! I will do it in ring 3! because of your nice comments...

if there is any hints or point please tell me...

Edited November 11, 201113 yr by Mr.reCoder

hints...pay attention to timing and maybe do some research

nice! I am working...

what protection are you planning to handle first?

first of all I want to hook and handle the most common functions like GetDriveTypeA/W!

But there is a problem with DeviceIoControl ! I do not know how phrase the "dwIoControlCode" argument to the type of device for the given IOCTL!! i mean after assemble the combination of the type of device for the given IOCTL is a hexadecimal number and i want to phrase the number to device types that are defined by the system...

thanks for comment...