A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #25195  by Vrtule
 Sun Feb 08, 2015 10:50 pm
Hello,

is there a way how to enumerate device interfaces registered for certain physical device object (PDO)? By the term "device interface" I mean the thing registreded through IoRegisterDeviceInterface routine and (de)activated via IoSetDeviceInterfaceState one.

Best regars
Vrtule
 #25200  by Vrtule
 Mon Feb 09, 2015 9:29 am
AFAIR the SetupAPI won't help me. I need to enumerate all interfaces registered for certain PDO. I looked at some interface enumeration functions and they usually require to specify the interface GUID which is exactly what I need to find (so I cannot specify it).
 #25203  by EP_X0FF
 Mon Feb 09, 2015 10:14 am
scr1.png
scr1.png (129.32 KiB) Viewed 315 times
IoRegisterDeviceInterface creates Symlink, so why not enumerate them?
 #25205  by Vrtule
 Mon Feb 09, 2015 10:36 am
Thanks. Enumerating the symbolic links will be probably enough for me. Especially if the interface GUID is part of the symlink's name (which seeems it might be).