Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Driver patching / filter driver (https://forum.exetools.com/showthread.php?t=9378)

aldente 03-19-2006 07:56
Driver patching / filter driver
 
Hello!

I have an USB-device driver with "SurpriseRemovalOK" improperly NOT set to true. So there is always this "Safely remove hardware"-Icon in the traybar which REALLY pisses me off :mad:

As far as I understand, there are two ways to solve that problem:

1. Patch the driver.
2. Write a filter driver.

As I am not a driver expert, I wonder if someone in this board has an idea how to do one of the two ways.

The driver can be found here:
http://www.dlink.com.au/tech/drivers/files/usb/dsbr100_XP.zip

More information on that topic:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q298504
http://www.osronline.com/lists_archive/ntdev/thread2518.html


Any ideas will be appreciated :)

cAtA 03-19-2006 12:53
If you know what to patch, patch it.
If is a signed driver you'll get an annoying message when you'll reinstall it.
But the only operation you have to do to make work after patching is to correct header CRC.

See below how to do it:

unit UpdateCRC;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;

type
TForm1 = class(TForm)
Edit1: TEdit;
Button1: TButton;
OpenDialog1: TOpenDialog;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;

var
Form1: TForm1;
oldsum:dword;
ImageHlpHandle: THandle;
CheckSumMappedFile: function(BaseAddress: Pointer; FileLength: DWORD;
var HeaderSum: DWORD; var CheckSum: DWORD): PImageNtHeaders; stdcall;

implementation

{$R *.dfm}
function CalcChecksum(const FileHandle: THandle): DWORD;
var
Size: DWORD;
H: THandle;
M: Pointer;
//OldSum: DWORD;
begin
Size := GetFileSize(FileHandle, nil);
H := CreateFileMapping(FileHandle, nil, PAGE_READONLY, 0, Size, nil);
if H = 0 then
RaiseLastOSError;
try
M := MapViewOfFile(H, FILE_MAP_READ, 0, 0, Size);
if M = nil then
RaiseLastOSError;
try
Win32Check(CheckSumMappedFile(M, Size, OldSum, Result) <> nil);
finally
UnmapViewOfFile(M);
end;
finally
CloseHandle(H);
end;
end;

procedure UpdateChecksum(const FileHandle: THandle;CRC:dword);
var
DosHeader:PImageDosHeader;
NtHeader:PImageNtHeaders;
_lfanew:dword;
Size: DWORD;
H: THandle;
M: Pointer;
begin
Size := GetFileSize(FileHandle, nil);
H := CreateFileMapping(FileHandle, nil, PAGE_READWRITE, 0, Size, nil);
if H = 0 then
RaiseLastOSError;
try
M := MapViewOfFile(H,FILE_MAP_ALL_ACCESS, 0, 0, Size);
if M = nil then
RaiseLastOSError;
try
with PImageDosHeader(M)^ do begin
if not e_magic = IMAGE_DOS_SIGNATURE then begin
ShowMessage('unrecognized file format');
exit;
end;
NTHeader := PIMAGENTHEADERS(dword(M) + _lfanew);
end;
with NTHeader^ do begin
if Signature <> IMAGE_NT_SIGNATURE then begin
ShowMessage('Not a PE (WIN32 Executable');
exit;
end;
NTheader.OptionalHeader.CheckSum:=CRC;
end;
finally
UnmapViewOfFile(M);
end;
finally
CloseHandle(H);
end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
FileName:string;
hFile:dword;
CheckSum:dword;
begin
ImageHlpHandle := LoadLibrary('imagehlp.dll');
if ImageHlpHandle = 0 then begin
ShowMessage('Can''t load imagehlp.dll');
exit;
end;
CheckSumMappedFile := GetProcAddress(ImageHlpHandle, 'CheckSumMappedFile');
if @CheckSumMappedFile = nil then begin
ShowMessage('Can''t find function');
exit;
end;
OpenDialog1.InitialDir:='C:\a';
if OpenDialog1.Execute then begin
FileName:=OpenDialog1.FileName;
Edit1.Text:=FileName;
hFile:=FileOpen(FileName,fmOpenReadWrite);
CheckSum := CalcChecksum(hFile);
ShowMessage(Format('CRC=%X, old=%X',[checksum,oldsum]));
UpdateChecksum(hFile,CheckSum);
CheckSum := CalcChecksum(hFile);
ShowMessage(Format('CRC=%X, old=%X',[checksum,oldsum]));
FileClose(hFile);
end;

end;

end.

aldente 03-19-2006 19:48
Hmm, the main problem is, I don't know WHAT to patch :(

It is a kernel-mode driver, so I can't debug it and I don't know, where this "SurpriseRemovalOK"-information is stored...

JuneMouse 03-21-2006 01:39
i assume you are on windows 2000
how are installing the driver
are you using the inf file provided along to install the driver ?

if yes can you reply back if this helps ?

open the .inf and add this entry

Code:
[USBRADIO_AddReg_HW_Removal_Policy]
HKR,,"RemovalPolicy",0x00010001,3
also you can use the commandline utility devcon (avl for download from ms)
to set the device capabilities i think though i have used devcon to disable some network card via commandline i am not sure and dont have access to w2k to play with this driver :)

XanSama 03-21-2006 04:43
Well it's not a patch or a filter driver, but it is some code I whipped up when I had the same problem.

The following are delphi formatted calls to the sendmessage API to hide and show the safely remove hardware icon.

SendMessage(FindWindow('SystemTray_Main', NIL), $4DC, 2, 0); //Hide
SendMessage(FindWindow('SystemTray_Main', NIL), $4DC, 2, 1); //Show

Not eaxctly the cleanest way to do it, but it serves its purpose.


All times are GMT +8. The time now is 02:47.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX