Now, let's revisit the interaction between the user-mode component and the kernel-mode component. We will get back to our example of the null.sys driver and trigger a write operation to it's device (\Device\Null) from the user-mode and monitor the IRP sent to the null.sys driver. To monitor the IRP packets sent to the driver, we can use the IrpTracker tool (https://www.osronline.com/article.cfm?article=199). To monitor launch the IrpTracker as an Administrator, click on File | Select Driver and enter the name of the driver (in this case, null), as shown in the following screenshot, and select the OK button:

Now, to trigger the I/O operation, you can open the Command Prompt and type the following command. ...