Let me point out that all of the user mode ways of doing this are not acceptable because I need the DLL to be injected before any user code executes in the target process, including TLS callbacks.
Have you experimented with the CreateProcess function[^] and the DEBUG_PROCESS and DEBUG_ONLY_THIS_PROCESS flags combined with CREATE_SUSPENDED? This should give you access to the process before anything as executed including TLS callbacks.
Is there a specific reason why you believe that you need to use a device driver? Are you trying to avoid the TLS callbacks and process initialization for a single process or system-wide?
From usermode you can use the Application Compatibility Toolkit[^] to load a DLL into any process system-wide immediately after kernel32/user32 is loaded and before any usermode code has executed.
I'm looking to implement something very much like this: API Monitor[^]
Yes I have tried CreateProcess with DEBUG_PROCESS and CREATE_SUSPENDED, but that doesn't work for my purposes, and here's why:
Once my hook DLL is inside a process, I need it to be injected into all child processes as well. This means hooking any API's that create processes. I have found that some programs use the DEBUG_PROCESS and CREATE_SUSPENDED trick as well. And I haven't yet figured out a way to inject my DLL and return the child process to the calling program in the state that it expects it to be in. What usually happens is a crash of the child process, because the calling program couldn't do what it wanted to do with the child process before any user code executed. Did you follow that?
That is why I think I need a driver to accomplish this, because I have tried every user-mode way of doing it and just couldn't make it work.
The difficult we do right away...
...the impossible takes slightly longer.
That's an impressive body of work by Rohitab Batra. However I see a lot of problems with that software suite. The XML files that contain the API structs, interface and other definitions will not match on some operating systems... depending on update/patch level. If you ran his software on 10,000 computers 'in the wild' you would find that a certain percentage of those may not completely match his XML descriptions. It would be much better if he downloaded symbols from the Microsoft symbol server and used the Debug Interface Access SDK[^] to extract that data from the PDB symbol files.
It is still an impressive piece of software and looks very useful for malware analysis and other debugging scenarios.
Microsoft has made some private symbols available to some ISV and partner programs after signing NDA and some special agreements. There is also the 'https://codepremium.msdn.microsoft.com/symbols' private symbol server made available through the shared source initiative[^].
I took a brief look at his software package and was immediately impressed. It would be a great tool for sandbox automated malware analysis. However it is severely lacking in one single area... the function signatures in his XML files will not match on all operating systems. To make matters worse... he does't even mention which OS/Patch level those definitions match.
If he would author a tool for generating those function and type definitions using the Debug Interface Access SDK[^] it would be a much better tool. It would allow his software to perfectly match the machine it is running on regardless of Update/Patch level.
When it makes strange noises it is most probably a mechanic problem which can't be repaired. The only part of hard drives that can be repaired is replacing the electronics board. But that is usually more expensive than buying a new drive and makes only sense when you need to get some data from the drive.
I suggest to replace it immediately.
If you need to rescue data don't power it any more (plugout power and SATA connectors) and install a new drive. You may then connect the old drive it to another system and use a disk imager to create a low level copy of the drive. This might be transferred to the new drive but with the risk of already existing data corruption. The safe method would be installing your system from scratch. You can then mount the image and try to restore data.
When not using a disk imager you can also try to reconnect the disk and copy the data. But this will stress the drive more than using a disk imager.
Start with the simplest configuration that "works".
By your own words, you are starting out with at least 3 devices of unknown condition; you have no "baseline" to compare to in terms of success (which usually means at least "2" configurations: one that you can revert to when things stop working; and the other being the "work in progress").
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
I have a pair of speakers (max power input: 250W, nominal power output: 30W) connected to a class-D amplifier (TDA7492, 2x50W) powered by a 12V 72W power supply.
Playing music on this setup is way too loud.
I have already tried to place a resistor between the amp and each speaker which actually lowers the volume, but I think this is quiet a waste of energy, isn't it?
I want to play music from a raspberry pi later on and I guess it would be better to let the raspberry pi control the volume with a digital potentiometer, instead of controlling it in the music player of the raspberry. So, would a digipot be the answer to my problem?
If you use an additional digital potentiometer, isn't that the same as placing resistors to the connection, either before or after the amplifier. After all those are typically resistor bridges. So the output level on the Pi would still be the same.
I would guess that controlling the volume in the Pi, before D/A converter, would lead to smallest energy consumption needed.
Also note that the components in the connections affect the quality of the sound.
I have an app that needs to be able to write and image to a removable device. This usually means a Compact Flash or a CFast card. Up to this point, the application restricted drive selection to only removable drives - GetDeviceInfo returned this information reliably. Enter CFast cards which seem to be mounted as a SCSI device, and Windows sees them as a generic disk drive or removable, depending on the whims of the CFast card reader.
I've been perusing system call after system call, disk utilities, and what not, and I have not yet found a system call that will return to me any ID information from the removable disk.
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Last Visit: 31-May-20 10:35 Last Update: 31-May-20 10:35