Driver Introspection with DriverMon

Saturday, November 18, 2017

In the past few weeks I've been working in my non-existent spare time on DriverMon - a driver monitoring tool for Windows. The tool is far from complete, but it's already quite useful. In this post I'll describe how to use it and some of the challenges of building such a tool. Initially I wanted to be able to track every I/O Request Packet (IRP) targeted to monitored devices. The term "devices" here is important, as the Windows I/O system is device-centric rather than driver-centric. That is, requests are delivered to devices, not drivers. A device can be thought of...
no comments