Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Minifilter communication with user app

kriankrian Member Posts: 5

Hello, I'm trying to communicate my Minifilter with a user application to send and process some messages,

I'm doing this with the FltCreateCommunicationPort routine and sending messages from the user with FilterSendMessage routine.

I know this is working because I can see the message printed but I am unable to copy the InputBuffer into a local PCHAR to work with, My MessageNotifyCallback is:

NTSTATUS MiniRecieveSend(PVOID PortCookie, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG Reference) {
    NTSTATUS status;
    KdPrint(("DEBUG_CONN: Message recieved from user: %s \r\n"), (PCHAR)InputBuffer); //This prints the correct message
    KdPrint(("DEBUG_CONN: Buffer Length: %d \r\n"), InputBufferLength); //This prints the correct length of the message, that it is like 131
    KdPrint(("DEBUG_CONN: Buffer Length: %d \r\n"), InputBufferLength); //this prints a random number, always between 30-50
}

However, with this implementation:

NTSTATUS MiniRecieveSend(PVOID PortCookie, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG Reference) {
    NTSTATUS status;
    PCHAR UserMessage= (PCHAR) ExAllocatePoolWithTag(NonPagedPool, 512, "1gaT");
    RtlCopyMemory(UserMessage, InputBuffer, InputBufferLength);

    KdPrint(("DEBUG_CONN: Message recieved from user: %s \r\n"), (PCHAR)InputBuffer); //This prints "DEBUG_CONN: Message recieved from user: „»tÕÿÿÀo»tÕÿÿ "
    KdPrint(("DEBUG_CONN: Buffer Length: %d \r\n"), InputBufferLength); //This prints a number like if `InputBufferLength` was Null (sometimes it is 32042389193792 and other times -123193429)
    KdPrint(("DEBUG_CONN: Buffer Length: %d \r\n"), InputBufferLength); //this prints a random number (from 30 to 50)
}

If I try to use the buffer after printing it for the first time, I cannot copy it succesfully

Can anyone help me with this error, why I am not able to copy the buffer into a local variable, is there something that I am missing?

Thank you very much for your time

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE