DeviceFilter 2.2

DevFilter is a universal software bus analyzer for capturing device I/O that allows you to monitor all I/O request packets (IRP's) on your system, fast I/O requests and capture each request input and output data. It shows you all kernel-mode drivers installed on your Windows NT/2000/XP/2003 system and device objects created by these drivers. It also allows you to hook any of these devices (not more than 10 simultaneously by default) and monitor all requests to the selected devices that are delivered to their dispatch table. Please, note that it hooks a selected device, but not the one which can be above this device. This approach allows you to see the IRP path down the device stack, for example, to check if it was blocked by an upper level filter. All request input and output data are converted into request-associated structures or represented as a hexadecimal data dump.

System requirements:

Windows NT 4.0, 2000, XP, 2003 Server.

Product Features:

• Provides detailed information about intercepted I/O operation
• Provides detailed information about driver and device objects on your system
• Advanced filtering engine
• Decodes SRB (SCSI), URB (USB) and IRB (IEEE1394)
• Easy-to-use interface (see screenshots)

Applicability:

You can use it as a learning tool if you’re wondering how different devices/drivers interact or handle certain types of I/O. Or, use it as a debugging/troubleshooting tool, tracking your own driver’s activity on a live system with no need in setting up the kernel debugger.

How it works:

For enumeration of drivers utility uses undocumented Object API functions exported by ntdll.dll ( NtOpenDirectoryObject, NtQueryDirectoryObject and etc..). Kernel-mode component devflt.sys gets driver object by its name and enumerates all devices associated with it, it is also responsible for hooking specified device and tracing all requests to it.

The DEMO:

You can download the demo version of Device Filter 2.2 in order to test and evaluate the reliability and performance of our software. The DEMO version is limited to hooking single device object and intercepting no more then 10 I/O requests per boot.

Download:

Device Filter 2.2 (demo)

How to install:

Unzip and run installation program. Then restart your system (required for version 2.2).

Price & licensing:

DeviceFilter is not free software no more. If you use it, please support its development by buying a licence to do so. DeviceFilter 2.2 registration fee is 99.95$.

Registration Benefits:

• No capture limitations
• One year technical support via e-mail
• One year of free upgrade
• Product notification by e-mail
• Beta testing for newest version

Order DeviceFilter 2.2 online now and we will ship you fully functional software and registration info within 48 hours.