OSRLogo
OSRLogoOSRLogoOSRLogo x Subscribe to The NT Insider
OSRLogo
x

Everything Windows Driver Development

x
x
x
GoToHomePage xLoginx
 
 

    Tue, 23 Oct 2018     118021 members

   Login
   Join


 
 
Contents
  Online Dump Analyzer
OSR Dev Blog
The NT Insider
Downloads
ListServer / Forum
  Express Links
  · The NT Insider Digital Edition - May-June 2016 Now Available!
  · Windows 8.1 Update: VS Express Now Supported
  · HCK Client install on Windows N versions
  · There's a WDFSTRING?
  · When CAN You Call WdfIoQueueP...ously

Identifying Unusual IOCTL Device Types

You may have seen some strange IOCTLs pass through your driver, and tried to figure out where they're from. You break down the IOCTL, and you find the DeviceType field doesn't match one of the many listed FILE_DEVICE_xxx values, as you expected it would. For example, you see DeviceType values of 0x66, 0x56, or even 0x4d and 0x6d.

You need to be a bit creative to decode these. For example, 0x66 is the ASCII code for "f". If you look at \ddk\inc\ntddft.h you'll see that this the device type used by the NTFT driver. You'll find the same thing holds true for 0x56 ("V") the device type for volumes. Device type "M" and "m" are both used by the mount point manager.

Related Articles
Fun with IOCTLs - Defining Custom I/O Control Codes

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
Post Your Comment

"Cool"
Cool! Now I know what is IOCTL 0x004D0008 means. ty

Rating:
01-Aug-05, Vladislav Ogol


Post Your Comments.
Print this article.
Email this article.
bottom nav links