How to obtain the handle to a device?

  • Thread starter Thread starter A.T.
  • Start date Start date
A

A.T.

Hi all,
First of all, sorry if my post may be off-topic, I thought
that you were the right people for the subject anyway.

I would like to make some experiments accessing directly
Windows 2000/XP devices from user mode, preferably using
only the NT native API, to gain experience and knowledge
about NT internals, and because I love to dive into the
lowest-levels of an OS. It's not for production code, but
I'm still very passionate about it, and would like to try
this approach with (more or less) all kind of devices.
Here is a description of my work, so far:

I get a list of devices of a certain kind, using the
SetupAPI DLL.

For example, if I'd like to access a keyboard device
directly, I obtain its SPDRP_PHYSICAL_DEVICE_OBJECT_NAME,
which (in the case of my system) happens to be:

"\Device\00000014"

I use that string on CreateFile() to get a handle for the
subsequent calls to DeviceIoControl (e.g. to turn on and
off the keyboard leds), ReadFile and WriteFile (I'm not
sure the latter will apply to the keyboard device of this
example), but CreateFile() fails. I've tried and experimented
every idea I had, but I cannot get a valid handle. Googling
around, I saw a program (complete with source code) that
turns on and off the keyboard leds, but it uses a system
call that (if I'm not mistaken) has to do with MSDOS, i.e.
DefineDosDevice(), so I avoided it.

To make another example, I successfully got an handle to my
CDROM (e.g. to eject the disc via IOCTL_STORAGE_EJECT_MEDIA)
passing "\\.\D:" to CreateFile(), but when I try to use the
SPDRP_PHYSICAL_DEVICE_OBJECT_NAME, which in my system happens
to be "\Device\Ide\IdeDevice\P1T1L0-c" again I cannot get a
valid handle from CreateDevice().

For the finalities of my project, I'd like to get access
to a device NOT using the "\\.\<x>:" form, also because
that would limit me to just the storage ones.

So, how can I obtain a handle to a device (for then using
on it DeviceIoControl(), ReadFile() and WriteFile()), once
I obtained its SPDRP_PHYSICAL_DEVICE_OBJECT_NAME (assuming
it's the string I need).

Thanks a lot!
Andrea
 
I haven't worked with drivers for a very long time but hope this helps
anyway. For the keyboard device specifically I think the error message you
would have received if you used CreateFile would probably have been acess
denied. For security reasons some devices choose to check if a IRP_MJ_CREATE
I/O (the one that gets sent down to the driver when somebody does a
CreateFile on an associated device) comes from kernel mode which and reject
the request if it comes from user mode. The keyboard class driver I know for
certain does that just to ensure integrity of SAS (ctrl+alt+delete).
 
Back
Top