Device Filter

Device Filter allows you to monitor all I/O request packets (IRP’s) on your system, fast I/O requests and capture each request input and output data. It shows you all kernel-mode drivers installed on your Windows NT/2000/XP/2003 system and device objects created by these drivers. It also allows you to hook any of these devices (not more than 10 simultaneously by default) and monitor all requests to the selected devices that are delivered to their dispatch table. Please, note that it hooks a selected device, but not the one which can be above this device. This approach allows you to see the IRP path down the device stack, for example, to check if it was blocked by an upper level filter. All request input and output data are converted into a request-associated structures or represented as a hexadecimal data dump.

System Requirements

Windows NT 4.0 Windows XP
Windows 2000 Widows Server 2003

Product features

  • Provides detailed information about intercepted I/O operation
  • Provides detailed information about driver and device objects on your system
  • Advanced filtering engine
  • Decodes SRB (SCSI), URB (USB) and IRB (IEEE1394)
  • Easy-to-use interface

Applicability

You can use it as a learning tool if you’re wondering how different devices/drivers interact or handle certain types of I/O. Or, use it as a debugging/troubleshooting tool, tracking your own driver’s activity on a live system with no need in setting up the kernel debugger.

How it works

For an enumeration of drivers utility uses undocumented Object API functions exported by ntdll.dll (NtOpenDirectoryObject, NtQueryDirectoryObject and etc..). Kernel-mode component devflt.sys gets driver object by its name and enumerates all devices associated with it, it is also responsible for hooking specified device and tracing all requests to it.

Download

You can download the demo version of Device Filter in order to test and evaluate the reliability and performance of our software. The DEMO version is limited to hooking single device object and intercepting no more then 10 I/O requests per boot.

Device Filter (demo) 2.2 24.06.2003 1.7MB Download

How to install

Unzip and run dflt_demo.zip.

Price & licensing

Local Network Monitor is a try before buy software, so If you use and like it, please support its development by buying a license to do so.

License type Price (USD) Online Order
Device Filter 2.2 Full Lifetime 99.95 Buy Now

Registration Benefits:

  • No demo limitations
  • Full version never expires
  • One year technical support via e-mail
  • Lifetime free upgrade

License Note:
On payment approval (usually, in one business day), we’ll send you the registration key and download link for the full version of Device Filter. If you will not get your registration key within a reasonable amount of time (two business days for credit card payments or two weeks for other payments), please notify us about that at support@ntkernel.com. We are very sorry for any inconvenience caused by those delays.

Disclaimer

Device Filter software is supplied AS-IS, without warranties of any kind.