Mr.reCoder Posted October 24, 2011 Share Posted October 24, 2011 (edited) Hi. Coders and also Reversers...I am coding a kernel hook for cd-dvd system driver for monitoring that device.I need all functions that deal and work with this device...I have (and know some) functions but maybe incomplete...functions like: deviceiocontrol , getdrivetype , ...Regards... Edited October 31, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted October 25, 2011 Share Posted October 25, 2011 createfile, readfile, setfilepointer, deviceiocontrol, aspi interface (not so common), getdrivetype etc.. Link to comment
Mr.reCoder Posted October 26, 2011 Author Share Posted October 26, 2011 (edited) @evlncrn8thanks friend...i need more functions... Edited October 26, 2011 by Mr.reCoder Link to comment
Krisler12 Posted October 26, 2011 Share Posted October 26, 2011 @evlncrn8thanks friend...i need more functions...Why not search on MSDN ? I think all you need can be found there... Link to comment
evlncrn8 Posted October 27, 2011 Share Posted October 27, 2011 how about listing the functions you found?..the ones i listed are the only interfaces available in ring 3, the most commonly used being spti access using deviceiocontrol with ioctl requests or pass thru cdbs..i have a feeling you dont know what you are asking about Link to comment
Mr.reCoder Posted October 31, 2011 Author Share Posted October 31, 2011 (edited) i want to know all functions that deal with cd - dvd rom device; like : GetDriveTypeA/W - DeviceIoControl - GetVolumeInformations and etc... i will program a kernel hook!! (i know it is ring 0!) i want the name (and the address) of function in the module! BTW i can know which function calls the kernel function...(i mean after return from kernel function where i will be...) yes! i searched msdn and many more webs!! but i think it is not complete!!! the reversers and crackers know many more functions!!! i hope i was clear!!! (sorry for my bad english... ) regards... Edited October 31, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted October 31, 2011 Share Posted October 31, 2011 lol..you are a joke..nice editing...forget any help from me, you just proved yourself to be what i thought you were, amateur to say the least.... 1 Link to comment
Mr.reCoder Posted November 1, 2011 Author Share Posted November 1, 2011 (edited) @evlncrn8i do NOT know what you mean!!!yes! i edited my post! coze this not my orginal language! it may have many grammar errors! this does not mean that i am amateur!!!answer the question if you want please do NOT SPAM!!ok!? Edited November 1, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted November 1, 2011 Share Posted November 1, 2011 (edited) if you really want to do it in ring 0 then you need to. do it in a different way, by hooking the device drivers and interceptig (and handling) the ioctl packets sent to and from them from the deviceiocontol api interface, hooking cdrom.sys for example, to do it successfully you would to have a very good knowledge of the mmc spefications (the cdbs etc) and the ioctl commands too,....do you really need to go ring 0? ring 3 is much easier...if you must do ring 0 then you will need to research a lot..perhaps reverse engineering something like gamejackal (maploml.sys, maplomh.sys or maplom.sys) from slysoft may be a good start.. what is it you are trying to do exactly?and by amateur i meant you dont really know what you are asking or what is actually involved Edited November 1, 2011 by evlncrn8 Link to comment
Mr.reCoder Posted November 1, 2011 Author Share Posted November 1, 2011 @evlncrn8tank you! nice comment(s)!!! Link to comment
Mr.reCoder Posted November 3, 2011 Author Share Posted November 3, 2011 (edited) hi ...is this list complete... ?your comments maybe helpful!DefineDosDeviceDeleteVolumeMountPointFindFirstVolumeFindFirstVolumeMountPointFindNextVolumeFindNextVolumeMountPointFindVolumeCloseFindVolumeMountPointCloseGetDriveTypeGetLogicalDrivesGetLogicalDriveStringsGetVolumeInformationGetVolumeInformationByHandleWGetVolumeNameForVolumeMountPointGetVolumePathNameGetVolumePathNamesForVolumeNameQueryDosDeviceSetVolumeLabelSetVolumeMountPointregards... Edited November 3, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted November 3, 2011 Share Posted November 3, 2011 those are ring 3 apis..i thought you were doing ring 0 (where api hooking is overkill, for ring 0 you need to use a different approach),i think you need to seriously think about how to do things in a safe and good way... Link to comment
Mr.reCoder Posted November 6, 2011 Author Share Posted November 6, 2011 @evlncrn8i will use ring 3 to hook this api's! (now it is easy and safe!)but i will program another tool to hook cdrom.sys!thanks .... Link to comment
evlncrn8 Posted November 6, 2011 Share Posted November 6, 2011 err hooking cdrom.sys would not be all you need to do...again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?because it really looks like you do not know what you are doing...first you talk about hooking ring 3 apis in ring 0, then you change your mind.....explain what you are trying to do and then i can help you pick the best approach.. Link to comment
Mr.reCoder Posted November 9, 2011 Author Share Posted November 9, 2011 again..what exactly are you trying to do? are you trying to do some super tool that will defeat some copy protection?yes! that is exactly true! i want to do this!thnx for nice comments... Link to comment
evlncrn8 Posted November 9, 2011 Share Posted November 9, 2011 any particular protection? are you aware of how much work is involved or exactly what is involved? there is a reason there are not a lot of protection emulators out theren..the reason? its damn hard and requires a lot of technical knowledge...a lot...especially with hardware, timing...honest advice.. after what i have seen in your replies...you need to do a hell of a lot more research, you clearly do not realise the size of the task... Link to comment
Mr.reCoder Posted November 9, 2011 Author Share Posted November 9, 2011 (edited) yes! i know hooking sys file is hard! but i wana to do it.in fact when i can not trace ring 3 functions because of protectors problem (like themida!!!); there is one way to do it in kernel mode!i know there is a good way to hook ring 3 functions that i listed above post but this functions are very common and more protectors did not use them! instead they use kernel functions ... when i wait in cd-rom INPUT BUS i can rip data and many things to find out what is the protector doing!!!that is only reason for me to write kernel hook!!!for examle i used a common api monitor to monitor this functions i a cd rom ptotector but this protector had been protected with themida (this packer has anti moninitoring features) and when I unpacked it; the codes that treat with cd rom functions has been stolen by protector and i could not find them!!!thnx for your nice comments... Edited November 9, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted November 9, 2011 Share Posted November 9, 2011 still, emulation is tricky, there's timing involved (rmps for example), handling of specific ioctls, and what about the protection using drivers to interface to the cd/dvd directly such as tages and starforce?.. it is not an easy task, and definately not a task for just one person..also the analogy of themida to commercial games / apps protection is a bad one.. they are at entirely different levels...seriously, rethink things.. its not an easy task and you definately do not appear to have the experience to pull it off, that is evident from your posts.. nice idea doing it, but others have tried and failed before you, which is why there aren't too many iso protection emulators out there... surely you realise that? Link to comment
Mr.reCoder Posted November 10, 2011 Author Share Posted November 10, 2011 i will do it!so if you think it is hard! please hint me another way?! is ring 3 hook suitable for protectors like themida, armadillo, ...??thnx for your nice comments... Link to comment
quosego Posted November 10, 2011 Share Posted November 10, 2011 Sure hooking ring3 usually works fine on such protectors. You might have to tinker a bit but it's a lot easier than emulating tages/starforce. Link to comment
Mr.reCoder Posted November 11, 2011 Author Share Posted November 11, 2011 (edited) @ quosego thank you! I will do it in ring 3! because of your nice comments... if there is any hints or point please tell me... Edited November 11, 2011 by Mr.reCoder Link to comment
evlncrn8 Posted November 11, 2011 Share Posted November 11, 2011 hints...pay attention to timing and maybe do some research Link to comment
Mr.reCoder Posted November 13, 2011 Author Share Posted November 13, 2011 nice! I am working... Link to comment
evlncrn8 Posted November 13, 2011 Share Posted November 13, 2011 what protection are you planning to handle first? Link to comment
Mr.reCoder Posted November 14, 2011 Author Share Posted November 14, 2011 first of all I want to hook and handle the most common functions like GetDriveTypeA/W!But there is a problem with DeviceIoControl ! I do not know how phrase the "dwIoControlCode" argument to the type of device for the given IOCTL!! i mean after assemble the combination of the type of device for the given IOCTL is a hexadecimal number and i want to phrase the number to device types that are defined by the system...thanks for comment... Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now