About VrtuleTree

VrtuleTree is an utility the purpose of which is to display various information about running drivers, their devices and device chains. So. the utility serves similar purpose as good old DeviceTree does, however, it should be more stable on newer versions of Windows (Windows Vista, Windows 7, Windows 8). VrtuleTree was created with stability and portability in mind, hence it uses only documented methods to accomplish its task. The only exception from this rule is usage of ObReferenceObjectByName function that is not documented in MSDN.

General Overiew

GUI of VrtuleTree can be seen in picture below. The left side of the window is occupied by a tree every node of which represents one driver (driver nodes) or device (device nodes). To be more precise, the root nodes represent drivers and their childs devices that are related to the parent driver node in some way.

You can notice that text of some device nodes contain LOW or UPP prefix. The prefix indicates that given device is placed in the device stack at lower (or upper) position than the device of the driver represented by the parent driver node. Device nodes which text does not contain the LOW or UPP prefix represent devices belonging to the driver represented by the parent driver node.

To get things more clear, look at driver node that represents \Driver\Disk driver. You can see that the driver has two devices: \Device\harddisk0\DR0 and \Device\DeviceHarddisk0\DR1. The first device is attached to a device named *** and owned by *** driver. There is an unnamed device created by the partmgr driver, attached to the first device. Similarly, the second device is attached to a device *** owned by the USBSTOR driver. Also in this case, the partmgr driver attached his unnamed device above the second device.

VrtuleTree GUI

The rest of the window is occupied by a page control that either displays information about driver or device the node of which is selected in the driver and device tree (Driver and Device tabs), or allows to view and edit program settings (Log Settings tab).

VrtuleTree displays the following information about drivers:

  • address of driver object structure,
  • driver name in the namespace of Object Manager,
  • image base, image size and image file name
  • ,

  • flags of the driver object,
  • devices created and owned by the driver,
  • DriverEntry, DriverUnload and StartIo routines,
  • dispach routines.

In case of devices, the following information is shown:

  • address of device object structure,
  • device name in namespace of Object Manager,
  • information about driver that owns the device,
  • device type, flags and characteristics,
  • address of disk device object (used by the filesystem devices),
  • Plug&Play information (friendly name, description, manufacturer, device class, device location, enumerator, extension flags, device ID, instance ID, hardware IDs, compatible IDs, ejection and removal relations, device capabilities).

Creating Logs

VrtuleTree allows the user to information shown by the utility to a log file. Only export to plain text is supported at the present. The Log Settings tab of the page control cna be used to configure what information should be included in the log file. The log file can be created by selecting File | Create log menu.

Comments are closed.