Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

ZwReadFile causes fsdk exception in IRP_MJ_CREATE dispatch routine for PicaDriveRedirector

Jürgen_FalkJürgen_Falk Member Posts: 25

ZwReadFile causes an fsdk exception in my filter driver in IRP_MJ_CREATE dispatch routine for PicaDriveRedirector files (Citrix redirector).
I'm getting the IRP_MJ_CREATE irp and want to open the file in the dispatch routine to read the first chars. For that, I use IoCreateFileSpecifyDeviceObjectHint, ObReferenceObjectByHandle, ObOpenObjectByPointer and then ZwReadFile. IoCreateFileSpecifyDeviceObjectHint and the Ob... functions succeed and all return valid objects and a valid file handle. But the following ZwReadFile throws the fsdk exception:

452a0080: ExAllocatePoolWithTag NonPagedPool for read file successful, idcharbuf = 0x43e75830


*** FSDK DEBUGGING: Caught exception in FSDK Code ***
*** THIS IS AN EXPECTED CONDITION BEING HANDLED ***
*** FSDK DEBUGGING: Caught exception in FSDK Code ***
*** ***
*** You should execute the following windbg commands: **
*** ***
*** ***
*** .exr 0xFFFF82078ED7F1D0 ; .cxr 0xFFFF82078ED7F270 ; kv ***

*** ***
*** ***
*** (this is current as of WinDBG 6.5.3.7) ***
*** For current versions please see ***
*** http://www.microsoft.com/whdc/ddk/debugging ***
*** ***



*** FSDK DEBUGGING: Continued past breakpoint. ***


452a0080: IRP_MJ_CREATE ZwReadFile Error: Status=c0000008, IoStatusBlock.Status=0, Handle=800022e4

It looks like the handle becomes invalid somehow during read. And I do not know why. This all happens when I'm filtering the \device\picadriveredirector files.

Any help is appreciated. Thank you.

Comments

  • Jürgen_FalkJürgen_Falk Member Posts: 25

    Does anybody know how this can happen? I run in this exception above only when I'm trying to read a picadriveredirector file. For all other file filtering in the IRP_MJ_CREATE dispatch routine, read succeeds.

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,210

    What is "FSDK" ?

    If it is something of yours then you have the fix in your hands. If not then one assumes it is in picadriveredirector and given the lack of response here I would assume that their developers don't hang out here - you should probably reach out to them.

  • Jürgen_FalkJürgen_Falk Member Posts: 25

    I assume it is the OSR Windows File System Development Kit (FSDK) that they (the Citrix picadriveredirector team) is using. The exception is raised by one of the lower level drivers in the stack when my routine is calling ZwReadFile (with a valid handle), probably the picadriveredirector driver. In the meantime, I've created the read IRP by myself and sent it down, to bypass ZwReadFile, same problem.... You probably right, I'm afraid I need to reach out to the picadriveredirector team.

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,210

    I suppose you could set a breakpoint where the dbgprint happens (I’d set an access breakpoint on the text) and do what it says…

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,664

    I assume it is the OSR Windows File System Development Kit (FSDK) that they (the Citrix picadriveredirector team) is using

    To be entirely clear: This is not an OSR support forum.

    I need to reach out to the picadriveredirector team.

    That's what I would do.

    Oh, as a side note... your output shows this:

    this is current as of WinDBG 6.5.3.7

    That version of WinDbg is, oh, more than 15 years old.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jürgen_FalkJürgen_Falk Member Posts: 25

    "I suppose you could set a breakpoint where the dbgprint happens (I’d set an access breakpoint on the text) and do what it says"
    @rod_widdowson: I struggle with setting up the bp statement you proposed correctly. Maybe you can help. Thank you

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,210

    The inspiration comes from this article

    That shows you how to find a specific long word (for instance the text string (for instance "D CON") in a driver. Then set a break point on access

    kd> ba r 1 0X1234567'87654321

    But I'd listen to what @Peter_Viscarola_(OSR) says. He's the guy from OSR after all,

  • Jürgen_FalkJürgen_Falk Member Posts: 25

    Thank you, let's see how far I can get with it. It is kind of weird. Sometimes the ZwReadFile succeeds and can read the data correctly from the file, in other cases (most of the cases) the ZwReadFile throws the exception above and the handle got invalid.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,664

    Is there some reason you're not simply filing a bug with the people who make/market this product?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jürgen_FalkJürgen_Falk Member Posts: 25

    That's what I do. Let's see what they come back with.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online