Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

FltMgr not honoring modified SecurityContext::DesiredAccess in PreCreateXXX for Citri

vaibhav_langotevaibhav_langote Member Posts: 24
Problem is that when application opens any file from Network Share for Write/append mode then
my driver set FILE_READ_DATA flag of
PFLT_CALLBACK_DATA->Iopb->Parameters.Create.SecurityContext->DesiredAccess
inside PreCreateCallback(), So at the time of Cleanup driver can read file data with the help of same FO.
For all other N/W Shares successfully getting Read Desired access as modified in PreCreateXXX but only
with file opened from CITRIX published
drive i.e \Device\PicaDriveRedirector) its getting FAILED. FO only gets Write Desired access though i set Read
in my driver.
Note: I have changed ProcMon altitude assign lower altitude than my driver, Observed modified desired access too on ProcMon logs means FltSetCallbackDataDirty() working, but don't know why in PostCreate FO gets only Write access.

Does any one know what are the different possibilities that SecurityContext::DesiredAccess request may gets denied/avoid.

Comments

  • vaibhav_langotevaibhav_langote Member Posts: 24
    FltMgr not honoring modified SecurityContext::DesiredAccess in PreCreateXXX for Citrix Environment
  • NtDev_GeekNtDev_Geek Member - All Emails Posts: 115
    this is your friend here CcGetFileObjectFromSectionPtrs().i think you need to swap ur fo.
  • vaibhav_langotevaibhav_langote Member Posts: 24
    FltReadFile failed with error (0xC0000008: INVALID_HANDLE_VALUE).
    Whenever my FltReadFile failed, Observed below logs on DbgView may be due to some third party.
    Unabled to understand it, If anybody then please help.

    Anil: Ok we are in OwCommonRead
    Anil:OwCommonRead: We skipped CCReadAhead!
    Anil: Ok we are in OwCommonRead
    Anil:OwCommonRead: We skipped CCReadAhead!
    Anil:OwCommonRead: ALAS! If we come here then we are doing Cached Read
    Anil: Ok we are in OwCommonRead
    Anil:OwCommonRead: We skipped CCReadAhead!
    Anil: Ok we are in OwCommonRead
    Anil:OwCommonRead: We skipped CCReadAhead!
    Anil: Ok we are in OwCommonRead
    Anil:OwCommonRead: We skipped CCReadAhead!
    ********************************************************
    *** FSDK DEBUGGING: Caught exception in FSDK Code ***
    *** THIS IS AN EXPECTED CONDITION BEING HANDLED ***
    *** FSDK DEBUGGING: Caught exception in FSDK Code ***
    *** ***
    *** You should execute the following windbg commands: **
    *** ***
    *** ***
    *** .exr 0xFFFFF8800395D430 ; .cxr 0xFFFFF8800395D4D0 ; kv ***

    *** ***
    *** ***
    *** (this is current as of WinDBG 6.5.3.7) ***
    *** For current versions please see ***
    *** http://www.microsoft.com/whdc/ddk/debugging ***
    *** ***
    ********************************************************
    ********************************************************
    *** FSDK DEBUGGING: Continued past breakpoint. ***
    ********************************************************
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    <quote>
    FltReadFile failed with error (0xC0000008: INVALID_HANDLE_VALUE).
    Whenever my FltReadFile failed, Observed below logs on DbgView may be due to some third party.
    Unabled to understand it, If anybody then please help.
    </quote>

    Well I know the FSDK returns this in the read path when someone attempts to perform user reads on a file object that's been cleaned up.

    But that wouldn't have anything to do with security.

    Tony
    OSR
  • Jürgen_FalkJürgen_Falk Member Posts: 25

    vaibhav_langote: Did you find a solution for your problem above (read file failed with INVALID_HANDLE_VALUE). I'm running into the same fsdk exception for picadriveredirector files when trying to read. Thanks.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online