Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


FilterGetMessage trunck my array

bob45bob45 Member Posts: 1
in NTFSD

Hello,

I try to Get Message from my minifilter with FilterGetMessage.

I manage to recover a structure. But as soon as I put an array in my structure it no longer works. For example if I declare an array of 128 CHAR and initialize all the boxes at 'c'. Once received this table is truncated. I only get 111 instead of 128 ..

Userland.c :

typedef struct _SCANNER_NOTIFICATION {
    int someData;
    LONGLONG  ScanId;
    ULONG  ScanThreadId;
   CHAR MessageBuffer[128];   /* message text */
} SCANNER_NOTIFICATION;

typedef struct _SCANNER_MESSAGE {
    FILTER_MESSAGE_HEADER MessageHeader;
    SCANNER_NOTIFICATION Notification;
} SCANNER_MESSAGE, * PSCANNER_MESSAGE;
#define SCANNER_MESSAGE_SIZE   (sizeof(FILTER_MESSAGE_HEADER) + sizeof(SCANNER_NOTIFICATION))
PSCANNER_MESSAGE message;
message = (PSCANNER_MESSAGE)HeapAlloc(GetProcessHeap(), 0, sizeof(SCANNER_MESSAGE));

FillMemory(&message->Ovlp, sizeof(OVERLAPPED), 0);
CHAR* string;
 HRESULT hr = NULL;

while(1)
{
hr = FilterGetMessage(port,
            &message->MessageHeader,
           SCANNER_MESSAGE_SIZE,
            NULL);

 if (hr == S_OK) {
            string = message->Notification.MessageBuffer;
            sprintf_s(buffer, "%d | %s  \n", strlen(string), string);
            OutputDebugStringA(buffer);
        }
}

And Kernel code :

typedef struct _SCANNER_NOTIFICATION {
    int someData;
    CHAR MessageBuffer[128];   /* message text */
    INT iLengthContents;
    LONGLONG  ScanId;
    ULONG  ScanThreadId;
} SCANNER_NOTIFICATION;

SCANNER_NOTIFICATION notification = { 0 };

memset(notification.MessageBuffer, tag, 128);
memcpy(&notification.MessageBuffer, MsgToCopy, strlen(MsgToCopy) - 1);
notification.MessageBuffer[sizeof(notification.MessageBuffer) - 1] = 0x00;
status = FltSendMessage(Data.FilterHandle, &DataClientPort, &notification, sizeof(SCANNER_NOTIFICATION), NULL, NULL, &timeout);

Anyone have an idea please?

· Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA

Categories