Hi all!
I have a custum IOCTL in my file system filter driver which function is to
send an irp to NTFS. I decided to test it with IRP_MJ_FLUSH_BUFFERS, but it
crashes with Blue screen’s NTFS_FILE_SYSTEM error.
The following is my procedure that I am calling after receiving the custom
IOCTL.
BOOLEAN
SendIrp()
{
PIRP irp;
IO_STATUS_BLOCK ioStatus;
KEVENT event;
NTSTATUS status;
WCHAR filename = L"\DosDevices\E:";
UNICODE_STRING fileNameUnicodeString;
OBJECT_ATTRIBUTES objectAttributes;
PFILE_OBJECT fileObject;
HANDLE ntFileHandle;
PDEVICE_OBJECT fileSysDevice;
PIO_STACK_LOCATION irpStack, nextIrpSp;
RtlInitUnicodeString( &fileNameUnicodeString, filename );
InitializeObjectAttributes(&objectAttributes,
&fileNameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL );
status = ZwCreateFile( &ntFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes, &ioStatus, NULL,
0,FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0 );
if( !NT_SUCCESS( status ) ) return FALSE;
status = ObReferenceObjectByHandle( ntFileHandle, FILE_READ_DATA,
NULL, KernelMode,
(PVOID*)&fileObject, NULL );
if( !NT_SUCCESS( status )) {
ZwClose( ntFileHandle );
return FALSE;
}
fileSysDevice = IoGetRelatedDeviceObject( fileObject );
if ( ! fileSysDevice ) {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
if ((irp = IoAllocateIrp(fileSysDevice->StackSize, FALSE)) != NULL) {
PIO_STACK_LOCATION currentIrpSp =IoGetCurrentIrpStackLocation(irp);
PIO_STACK_LOCATION nextIrpSp = IoGetNextIrpStackLocation(irp);
KeInitializeEvent(&event, NotificationEvent, FALSE);
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->Tail.Overlay.OriginalFileObject = fileObject;
irp->RequestorMode = KernelMode;
currentIrpSp->MajorFunction = IRP_MJ_FLUSH_BUFFERS;
currentIrpSp->DeviceObject = fileSysDevice;
currentIrpSp->FileObject = fileObject;
RtlMoveMemory(nextIrpSp,currentIrpSp,sizeof(PIO_STACK_LOCATION ) );
IoSetCompletionRoutine(irp, TestMountCompletion, &event, TRUE,
TRUE, TRUE);
if ((status=IoCallDriver(fileSysDevice,irp))== STATUS_PENDING) {
KeWaitForSingleObject(&event, Executive, KernelMode,
TRUE, NULL);
}
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
if( !NT_SUCCESS( irp->IoStatus.Status ))
{IoFreeIrp(irp);return FALSE;}
else {IoFreeIrp(irp);return TRUE;}
}
else {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
}
I read an answer before that it can be because I should initialize the top
level irp field. How can I do it ?
Do you have any other ideas ?
Thanks
Get Your Private, Free Email at http://www.hotmail.com