The program in question uses a dynamic VxD not only for accessing the hardware in ring 0, _but_ also as a protection scheme.
From what i've seen, when the user is not registered, the fields in the DeviceIoControl are invalid or some flag is passed.
Thus the VxD does nothing.

My question:
Is there any way i could intercept the data going to & coming from the VxD. How? Is there any tool for this?
I've read several essays on VxD, but none exploits this subject.
And tool VxDMonitor only gives me what i already know.

You can use creative ways to hook into a VxD.

The routine whichs is hooked in would Log the Incoming packet, and make a call to the original routine, and upon return would then log the outgoing packet.

You'll have to learn to write VxD's.





Regards,

TGODD

Psst.

You can hook the Vxd Loader routine and check for the VxD ID.
When the correct Vxd ID is spotted you could then replace values in the Vxd's DDB.

In other words, your VxD would wait for the correct VxD to load, and once it is spotted being loaded, you can then re-vector some or all of the services.

ie. Hook the Vxd's Control, V86Service, and/or PMService.

What data you choose to log will depend on some initial reversing you'll have to do yourself.



Regards,

TGODD