1

Topic: NT-kernel: That it is possible to intercept legally (without ) and that

And what restrictions? Files and folders - it is precisely possible, the official method is called File System Minifilter Drivers, and I personally did it, there is a possibility and to change "traffic", special restrictions did not watch (the same functional, as at  SSDT), test silt on Win10 x64 on  a notebook (only disconnecting check of signatures), Secure boot is precisely included. The network traffic - like too, official method is called Kernel Network Redirector, but personally did not do. And what with the register? The keypad (at kernel level)? The USB-traffic? A picture on the screen? A video stream from the Web-chamber, an audio stream from its microphone? An output audio stream on earphones \columns? The reason of creation of such subject: it would be desirable to know on the future, but time to study each question now is not present. Who wants, can answer. Who does not want, it is not necessary is better.

2

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, sergey77666, you wrote: S> a NT-kernel: That it is possible to intercept legally (without ) and that I think in frames "legally" better to speak not about interception, and a filtration. Blessing MS gave enough means. Therefore it is possible to "filter" practically all that that you enumerated in a question, the main thing to do it correctly. Judging by your posts, you like mad, run to carry out the job for "a good money" not especially reflecting on consequences, therefore to begin with esteem at least book W.Oney Windows Driver Model, there you will find answers "that is possible, and that it is impossible" and "as".

3

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, _f_b_i _, you wrote: ___> Hello, sergey77666, you wrote: S>> a NT-kernel: That it is possible to intercept legally (without ) and that ___> I think in frames "legally" better to speak not about interception, and a filtration. Blessing MS gave enough means. ___> therefore it is possible to "filter" practically all that that you enumerated in a question, the main thing to do it correctly. Judging by your posts, you like mad, run to carry out the job for "a good money" not especially reflecting on consequences, ___> therefore to begin with esteem at least book W.Oney Windows Driver Model, there you will find answers "that is possible, and that it is impossible" and "as". I always "run". For this reason of the book very much I do not love. For slowly. For answers to these questions would search Google, researches of source codes, etc. But to ask at a forum even faster and is easier (though and is much worse). Someone decides that I lazy. They see so that at me as much tasks, how many at them, simply I want to solve them faster, and during remained time to kick big_smile Anything similar, released time needs to be made something else. Money too in the core is put in operation. About reliability it is not necessary. If needed I can make is even more substantial, than those who uses only books as I will know what they will not be. Gradually all at me types reliability. And the specific customer receives exactly so much, how many paid, what periods gave, etc.

4

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, sergey77666, you wrote: S> a NT-kernel: That it is possible to intercept legally (without ) If short: the Filtration of calls to file systems: File System Minifilter Drivers File System Filter Drivers the Filtration of calls to a disk (on a low level) Storage Filter Drivers the Network: Windows Filtering Platform Callout Drivers TDI Filters NDIS (IM/LWF) the Register: CmRegisterCallback Processes, flows, loading of units: PsSetCreateProcessNotifyRoutine PsSetLoadImageNotifyRoutine PsSetCreateThreadNotifyRoutine an access Filtration to processes, flows and desktops (Win10): ObRegisterCallbacks For effective interception of the screen recommended mirror drivers earlier, but with output Windows Vista and new model of display drivers (WDDM on changeover XDDM) it is possible to consider it become outdated (and not always possible because of problems with Aero/DWM). In Windows it is possible to fulfill 8 interception of the screen completely in user mode, see Desktop Duplication API. Well and access to devices it is possible  through the standard mechanisms described, for example, at Uoltera They in head "filtering drivers". I.e. to find a stack of the appropriate device and  to it the DEVICE_OBJECT. See UpperFilters, AddDevice, IoAttachDeviceToDeviceStack, etc. So it is possible to filter almost any device - USB, keypads/mice, CD-ROM etc. Or the whole class of devices (if  to the class driver). The list not full, many functions have more modern versions, but for  should suffice.

5

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, okman, you wrote: Thanks. And in more details it is possible? At least where it is possible to modify, and where only . Whether correctly I understood, what ObRegisterCallbacks allows to forbid process end? And generally can hide? Also it is sad that it is accessible only with Vista (on MSDN it is written)

6

Re: NT-kernel: That it is possible to intercept legally (without ) and that

S> I always "run". S> For this reason of the book very much I do not love. For slowly. The programmer the cowboy on classification of the NATO to this article the Author: Jericho113 Date: 26.11.07 I too such was, but then evolved in something reminding lazy . Books  too especially did not read. But there are things which it is necessary to understand as work ' haughtily ', without details, and they  is better are described __ in books. Thus a main point which always needs to be set to itself not "as?", and "why?". And then already banal deduction allows if needed to the necessary details almost most to guess, without   in heaps of the code blindly.

7

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Not only. Still I TheTheoretician and TheParatrooper. Likely, all these 3 are interconnected.

8

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, sergey77666, you wrote: S> For this reason of the book very much I do not love. For slowly. S> for answers to these questions would search Google, researches of source codes, etc. S> But to ask at a forum even faster and is easier (though and is much worse). Certainly, let the people at a forum on you works, and the board for operation entirely is received by you. In forums it is accepted to respect community, instead of to use it as the fast free adviser. You do not respect not only local community, but also users of systems in whom your software for with the "running" approach inevitably produce glitches will work. Reasonings about "" on this background look especially cynically.

9

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, Evgenie Muzychenko, you wrote: I eat> Hello, sergey77666, you wrote: S>> For this reason of the book very much I do not love. For slowly. S>> for answers to these questions would search Google, researches of source codes, etc. S>> But to ask at a forum even faster and is easier (though and is much worse). I eat> Certainly, let the people at a forum on you works, and the board for operation entirely is received by you. I eat> In forums it is accepted to respect community, instead of to use it as the fast free adviser. You do not respect not only local community, but also users of systems in whom your software for with the "running" approach inevitably produce glitches will work. Reasonings about "" on this background look especially cynically. At all I do not know what to answer your attack. Like something also would be desirable to answer, but  repeats, "I to you will not select a word, it of that is not necessary, to sleep go". About the adviser - if the problem was really in money would not complain, and simply offered answers for a board - before or upon. But it not in money, and in any your emotions, like xenophobia, whether that. Users of systems? Here you protect the person, at all without seeing it. And how many he pays, and what work it is necessary to knock out from it it. About reliability. Any paranoia at you. For some reason I see enough bugs in not my software that it was impossible to tell precisely that I have more of them. Though those people (occasionally was specific I see that it for people) like would not hurry up anywhere, but at them a reverse problem - laziness. But I do not have hellish heap of delirium on  (type to remove the button Start-up) which is created by firms like MS, in quiet conditions and with long-term experience in a subject, however without brains which do not allow to invent something not simply brand new for the reporting, and real. Or it is simple from dullness. The documentation here often make absolutely without ability to look at it from the stranger. So it is not known, what exactly from all this zoo will enrage the user actually and who cares of it more more

10

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, sergey77666, you wrote: S> Hello, Evgenie Muzychenko, you wrote: S> About reliability. Any paranoia at you. For some reason I see enough bugs in not my software that it was impossible to tell precisely that I have more of them. Though those people (occasionally was specific I see that it for people) like would not hurry up anywhere, but at them a reverse problem - laziness. S> but I do not have hellish heap of delirium on  (type to remove the button Start-up) which is created by firms like MS, in quiet conditions and with long-term experience in a subject, however without brains which do not allow to invent something not simply brand new for the reporting, and real. Or it is simple from dullness. The documentation here often make absolutely without ability to look at it from the stranger. S> So it is not known, what exactly from all this zoo will enrage the user actually and who cares of it I more I think to you want to tell more what to write the driver it differs from writing of a normal software a little. The error price in a kernel and application, know on many orders varies. Yes, in any software there are holes, glitches which sometimes name features, and. Etc. But falling of application from the writer of "Vasi" hardly spoils a database or deletes your house archive of photo-images and still that that. Driver falling can lead to heavier consequences: the system simply stops performance in that point where there was a discomfiture, and further already as carries: suddenly the software from "Mishi" started to update a database and made which what changes to heading structures - and a body was not in time, and at the following loading tells to you:" And  you on me what that a basis scrap palm off - I such I do not know ", well I exaggerate certainly. That is more insulting: the miscalculation or not attentiveness in one place in the driver code - can cause failure absolutely in other place, and at all in your code and then the pattern turns out: the user installed your software (driver), and took off in BSOD the network adapter driver - the user: who is guilty? - It is finite writers of the network adapter, at them embarkation... Though those programmers can be at all at affairs, who is simple that impaired a little life of their driver. Therefore please be in earnest about writing of drivers more! Therefore as from for errors admitted in your driver absolutely other people can suffer.

11

Re: NT-kernel: That it is possible to intercept legally (without ) and that

Hello, _f_b_i _, you wrote: ___> suddenly the software from "Mishi" started to update a database and made which what changes to heading structures - and a body was not in time Well, NTFS and transactions though rescue from corrupting most , the register and critical system bases.