[Vrtule]

Click on File - Create snapshot. The previous version of the utility did this on startup, however, I removed it when attempting to make the program compatible with ReactOS (which I failed). I forgot to change the behavior back but I probably change it in near future.

EDIT: fixed a type.

[Vrtule]

Hello,

I just made a little "update" to the utility. Well, nothing actually changed, exxcept that the drivers and executables of the recent version are now signed with a valid certificate, so there is no need of Test Singing or Debug mode.

Best regards
Vrtule

EDIT: Added the attachment.

[0xFFFF]

It's a nice little tool, I'll look at the source code just for academic reasons.

[rinn]

Hi,

A small suggestion if possible.

Please add driver owner name in the listview, where you list IRP_MJ_*. For example

Function Address Reference
Shutdown ADDRESS Driver.sys

Best Regards,
-rin

[Vrtule]

Hi,

A small suggestion if possible.

Please add driver owner name in the listview, where you list IRP_MJ_*. For example

Function Address Reference
Shutdown ADDRESS Driver.sys

Best Regards,
-rin

Hello,

thanks for the suggestion. I am planning to include this improvement in the next version which should be released during Christmas (when I probably get enough free time to finish the tool).

[wayitech]

Nice tool , Log file is useful. I need to look at the source code for some useful knowledge. Look forward to the next version.

[Vrtule]

Thanks.

I hope to release the new version within a month. It needs just some bits and pieces to be finished.

[Microwave89]

Unfortunately, I cannot check out the tool properly since it tells "Cannot create snapshot" if I click on "File" - "Create snapshot".
I'm running Windows 10 x64 Build 10240.
If I click on "File" - "Log" - "Test..." it says there has occurred an access violation and nothing happens. The tool does not crash after that.

Looking forward to the next version :)

Best regards,

Microwave89

[Vrtule]

Thanks for the report. I did not tested the tool on Windows 10 since this OS did not exist in time of tool creation.

[Vrtule]

Hello,

we all here probably know what is special about this time of every year. Yeah, it's Christmas time – a time to give something nice to people we know. I decided to give something also to people I don't know...

This is a new version of my VrtuleTree utility (v1.5). What's new:
1) New types of information are being collected:
+ extension flags
+ device ID
+ instance ID
+ device capabilities
+ removal relations
+ eject relations

2) You can specify what types of information should be displayed (see the View menu)

3) An about box has been added

4) Application & form icons

5) Doubleclick to each of these items will move you to the target driver/device
+ Driver devices
+ Major functions
+ Disk device
+ Removal/Eject relations
+ Driver name and address
+ Device name and address

Additionally, when you select a device in the treeview, you can move to its driver by clicking to the Go to driver item in the popup menu (context menu).

6) For certain information types, it is possible to instruct the driver not to collect them sicne the collection may be dangerous
+ Device ID</li>
+ Fast IO dispatch (not collected yet)
+ Devnode tree (not collected yet)
7) Added image file names when displaying Major functions of a driver object
8) Minor bugfixes in GUI and log generation

The driver is signed by a trusted certificate based on the SHA-1 digest algorithm, so even older and unpatched Windows should load it without problems. I have neither access no permission to any EV certificate so you may experience problems running VrtuleTree on Windows 10.

I tested the new version also on Windows 10 and it worked well. So if you experience any problems (not only on Windows 10), please PM me or attach a (mini)dump here.

I wish you a happy Christmas time and no BSODs in the next year!