Read .txt file using FltReadFile() from minifilter

santidediego

I am trying to read a config.txt file that contains a list of paths separated by ";" from a minifilter.

config.txt file looks like:

\\Device\\HarddiskVolume2\\path1;\\Device\\HarddiskVolume2\\path2

Then, in instance_setup() method I do:

     HANDLE fileHandle = NULL;
     OBJECT_ATTRIBUTES objectAttributes;
     PVOID result;
     result = ExAllocatePool(NonPagedPool, 65536);
     PFILE_OBJECT fileObject = NULL;
     UNICODE_STRING myUnicodeStr;
     RtlInitUnicodeString(&myUnicodeStr, config_file_path);
     InitializeObjectAttributes(&objectAttributes, &myUnicodeStr, OBJ_CASE_INSENSITIVE | OBJ_OPENIF, NULL,NULL);
     IO_STATUS_BLOCK ioStatus;
     FltCreateFile(flt_objects->Filter, flt_objects->Instance, &fileHandle, GENERIC_READ, &objectAttributes, &ioStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN, FILE_SEQUENTIAL_ONLY, NULL, 0, 0);
     ObReferenceObjectByHandle(fileHandle, GENERIC_READ, NULL, KernelMode, &fileObject, NULL);
     ULONG bytes_read;
     FltReadFile(flt_objects->Instance, fileObject, NULL, 65536, result, FLTFL_IO_OPERATION_DO_NOT_UPDATE_BYTE_OFFSET, &bytes_read, NULL, NULL);
     FltClose(fileHandle);

    //result should have the content of file

I am getting a blue screen when starting the minifilter. I´ve tested that the code works properly until FltCreateFile (I am able to get a proper fileHandler). I do not see what I am doing wrong after this.

rod_widdowson

More data needed:

• What does the BSOD say.
• What is the stack when you catch it in the debugger?
• What does analyze -v say?
• Why are you ignoring all the possible failures (pool allocation, file opening, file object creation)?

I'll also observer that ExAllocatePool is deprecated and that there is a variant FltCreateFile which sets up an FO for you.

santidediego

I can provide for the moment just this data because I am not using a debugger:

• Error BSOD: SYSTEM THREAD EXCEPTION NOT HANDLED in FLTMGR.SYS
• FltCreateFile() works as I can get a handler and actually create a file in the filesystem, then discarding file opening and file object creation problems
• Same error with ExAllocatePool2()

Dejan_Maksimovic

Where do you initialize the NULL file object?

Dejan_Maksimovic

And note that ; is a valid file name character.

santidediego

@Dejan_Maksimovic said:
Where do you initialize the NULL file object?

Missed this. I´ve allocated space for PFILE_OBJECT with ExAllocatePool2(), but same blue screen.

@Dejan_Maksimovic said:
And note that ; is a valid file name character.

Yes, but the .txt file is generated by other application that does not use ; but for separation, not for filenames.