Dear all,
This is one of my very first drivers and first encounter with ZwCreatFile and ZwWriteFile. I have no clue why is it failing. I changed literally every possible variable but I don’t get it. The ZwCreateFile() succeed but writing to the file fails with the status of invalid parameter.
What I tried:
declaring the buffer as a char array and char pointer (BUFFER and *BUFFER)
Changing wcslen to sizeof
Allocating space while creating with ZwCreateFile >> gave me access violation error
set ByteOffset in ZwCreateFile to NULL, 0, 512
Used same _**and **_different IO_STATUS_BLOCK for opening the file and writing to it
I really have no clue, and can smell that it will be a very stupid small mistake some where, but have spent 3 hours reading and trying with no vain so I thought I will create an account and post a question.
Also, I am using WinDbg and have followed the driver debugging tutorial in MSDN and they don’t mention anything about figuring out which parameter is the invalid one. Is there a way to determine which parameter is the invalid one?
Thanks in advance!
Code:
OBJECT_ATTRIBUTES FileAttributes;
UNICODE_STRING FileName = RTL_CONSTANT_STRING(L"\DosDevices\C:\temp\example2.txt");
HANDLE fileHandle;
IO_STATUS_BLOCK IOStatusBlock;
IO_STATUS_BLOCK WriteIOsb;
NTSTATUS status;
WCHAR *BUFFER = L"HelloWorld!";
//ULONG strlen = RtlStringCbLengthW(&BUFFER, 20, NULL);
ULONG strlen = wcslen(BUFFER);
ULONG stLength = sizeof(BUFFER);
InitializeObjectAttributes(&FileAttributes, &FileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwCreateFile(&fileHandle, GENERIC_WRITE, &FileAttributes, &IOStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_SUPERSEDE, FILE_RANDOM_ACCESS, NULL, 0);
if (!NT_SUCCESS(status)) {
DbgPrint("Failed to open the file handle. Error: %x", status);
return status;
}
// status = ZwWriteFile(fileHandle, NULL, NULL, NULL, &IOStatusBlock, &BUFFER, wcslen(BUFFER), 0, NULL);
status = ZwWriteFile(fileHandle, NULL, NULL, NULL, &WriteIOsb, BUFFER, wcslen(BUFFER), 0, NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("Failed to write to the file handle. Error: %x", status);
status = ZwClose(fileHandle);
if (!NT_SUCCESS(status)) {
DbgPrint("Failed to close the file handle. Error: %x", status);
}
return status;
}
ZwClose(fileHandle);
}
P.S. ANY code optimization is MORE THAN WELCOME since I am just beginning to learn! Also to put this code in context: this is executed in the DriverEntry after initializing the device. Perhaps not the best place but I am just experimenting and will create a user-mode application later on (so each function correspond appropriately to an IOCTL)