This week I haven’t spent much time on project, I was passing yearly final exams in my university.
Learning About NTFS
I spent most of the week studying NTFS in-depth, and really learning about some of the things I glossed over before. This is something I had to do make meaningful progress with increasing file sizes. This involved (re-re-re-)reading the three relevant chapters in File System Forensic Analysis.
In week 3, I discovered a lot more about how data is being passed around.
After more in depth inspection of the memory, I realized that Winsock was passing on the correct IP address; I just wasn't aware of the data structure it was using. After modifying my driver to correctly extract the IP address from the IRP, my test server and client performed a successful TCP connection hand shake, with my client program exiting correctly. However, when I attempted to run the client program again, the operating system crashes.
In the first week I gained enough knowledge to kick start the coding part. I started implementation with minimal featured design idea i.e. started implementation of non-optional routines first and in order they are being called by Storport/OS. Listed below
The second week of coding period I spend on testing and debugging.
As you may remember from previous post, there were all fails in UHCI test spreadsheet. This week I've done same tests with all ROS's usb stack injected along with "usbuhci.sys" but this also not helped. So we can assume that UHCI is not working under 2k3. Also I've found bug (crash) in UHCI driver uninstall flow. In case of EHCI, it is normally denying removal, but in case of UHCI I'm seeing system crash coming from "hub.sys". Now debugging of this issue is in process.