Jump to content
Tuts 4 You

Need To Find All Functions That Deal With CD-DVD Rom


Recommended Posts

Hi. Coders and also Reversers...

I am coding a kernel hook for cd-dvd system driver for monitoring that device.

I need all functions that deal and work with this device...

I have (and know some) functions but maybe incomplete...

functions like: deviceiocontrol , getdrivetype , ...


Edited by Mr.reCoder
Link to comment

how about listing the functions you found?..

the ones i listed are the only interfaces available in ring 3, the most commonly used being spti access using deviceiocontrol with ioctl requests or pass thru cdbs..

i have a feeling you dont know what you are asking about

Link to comment

i want to know all functions that deal with cd - dvd rom device; like : GetDriveTypeA/W - DeviceIoControl - GetVolumeInformations and etc...

i will program a kernel hook!! (i know it is ring 0!)

i want the name (and the address) of function in the module! BTW i can know which function calls the kernel function...(i mean after return from kernel function where i will be...)

yes! i searched msdn and many more webs!! but i think it is not complete!!!

the reversers and crackers know many more functions!!!

i hope i was clear!!! (sorry for my bad english... cc_confused.gif )


Edited by Mr.reCoder
Link to comment

lol..you are a joke..nice editing...

forget any help from me, you just proved yourself to be what i thought you were, amateur to say the least....

  • Like 1
Link to comment


i do NOT know what you mean!!!

yes! i edited my post! coze this not my orginal language! it may have many grammar errors! this does not mean that i am amateur!!!

answer the question if you want please do NOT SPAM!!


Edited by Mr.reCoder
Link to comment

if you really want to do it in ring 0 then you need to. do it in a different way, by hooking the device drivers and interceptig (and handling) the ioctl packets sent to and from them from the deviceiocontol api interface, hooking cdrom.sys for example, to do it successfully you would to have a very good knowledge of the mmc spefications (the cdbs etc) and the ioctl commands too,....

do you really need to go ring 0? ring 3 is much easier...

if you must do ring 0 then you will need to research a lot..perhaps reverse engineering something like gamejackal (maploml.sys, maplomh.sys or maplom.sys) from slysoft may be a good start..

what is it you are trying to do exactly?

and by amateur i meant you dont really know what you are asking or what is actually involved

Edited by evlncrn8
Link to comment

hi ...

is this list complete... ?

your comments maybe helpful!





















Edited by Mr.reCoder
Link to comment

those are ring 3 apis..i thought you were doing ring 0 (where api hooking is overkill, for ring 0 you need to use a different approach),

i think you need to seriously think about how to do things in a safe and good way...

Link to comment

err hooking cdrom.sys would not be all you need to do...

again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?

because it really looks like you do not know what you are doing...first you talk about hooking ring 3 apis in ring 0, then you change your mind.....

explain what you are trying to do and then i can help you pick the best approach..

Link to comment

again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?

yes! that is exactly true! i want to do this!

thnx for nice comments...

Link to comment

any particular protection?

are you aware of how much work is involved or exactly what is involved? there is a reason there are not a lot of protection emulators out theren..the reason? its damn hard and requires a lot of technical knowledge...a lot...especially with hardware, timing...

honest advice.. after what i have seen in your replies...you need to do a hell of a lot more research, you clearly do not realise the size of the task...

Link to comment

yes! i know hooking sys file is hard! but i wana to do it.

in fact when i can not trace ring 3 functions because of protectors problem (like themida!!!); there is one way to do it in kernel mode!

i know there is a good way to hook ring 3 functions that i listed above post but this functions are very common and more protectors did not use them! instead they use kernel functions ... when i wait in cd-rom INPUT BUS i can rip data and many things to find out what is the protector doing!!!

that is only reason for me to write kernel hook!!!

for examle i used a common api monitor to monitor this functions i a cd rom ptotector but this protector had been protected with themida (this packer has anti moninitoring features) and when I unpacked it; the codes that treat with cd rom functions has been stolen by protector and i could not find them!!!

thnx for your nice comments...

Edited by Mr.reCoder
Link to comment

still, emulation is tricky, there's timing involved (rmps for example), handling of specific ioctls, and what about the protection using drivers to interface to the cd/dvd directly such as tages and starforce?.. it is not an easy task, and definately not a task for just one person..

also the analogy of themida to commercial games / apps protection is a bad one.. they are at entirely different levels...

seriously, rethink things.. its not an easy task and you definately do not appear to have the experience to pull it off, that is evident from your posts.. nice idea doing it, but others have tried and failed before you, which is why there aren't too many iso protection emulators out there... surely you realise that?

Link to comment

i will do it!

so if you think it is hard! please hint me another way?! is ring 3 hook suitable for protectors like themida, armadillo, ...??

thnx for your nice comments...

Link to comment

Sure hooking ring3 usually works fine on such protectors. You might have to tinker a bit but it's a lot easier than emulating tages/starforce.

Link to comment

@ quosego

thank you! I will do it in ring 3! because of your nice comments...

if there is any hints or point please tell me... flowers2.gif

Edited by Mr.reCoder
Link to comment

first of all I want to hook and handle the most common functions like GetDriveTypeA/W!

But there is a problem with DeviceIoControl ! I do not know how phrase the "dwIoControlCode" argument to the type of device for the given IOCTL!! i mean after assemble the combination of the type of device for the given IOCTL is a hexadecimal number and i want to phrase the number to device types that are defined by the system...

thanks for comment...

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...