ZwReadFile causes fsdk exception in IRP_MJ_CREATE dispatch routine for PicaDriveRedirector

ZwReadFile causes an fsdk exception in my filter driver in IRP_MJ_CREATE dispatch routine for PicaDriveRedirector files (Citrix redirector).
I’m getting the IRP_MJ_CREATE irp and want to open the file in the dispatch routine to read the first chars. For that, I use IoCreateFileSpecifyDeviceObjectHint, ObReferenceObjectByHandle, ObOpenObjectByPointer and then ZwReadFile. IoCreateFileSpecifyDeviceObjectHint and the Ob… functions succeed and all return valid objects and a valid file handle. But the following ZwReadFile throws the fsdk exception:

452a0080: ExAllocatePoolWithTag NonPagedPool for read file successful, idcharbuf = 0x43e75830


*** FSDK DEBUGGING: Caught exception in FSDK Code ***
*** THIS IS AN EXPECTED CONDITION BEING HANDLED ***
*** FSDK DEBUGGING: Caught exception in FSDK Code ***


*** You should execute the following windbg commands: **



*** .exr 0xFFFF82078ED7F1D0 ; .cxr 0xFFFF82078ED7F270 ; kv ***



*** (this is current as of WinDBG 6.5.3.7) ***
*** For current versions please see ***
*** http://www.microsoft.com/whdc/ddk/debugging ***




*** FSDK DEBUGGING: Continued past breakpoint. ***


452a0080: IRP_MJ_CREATE ZwReadFile Error: Status=c0000008, IoStatusBlock.Status=0, Handle=800022e4

It looks like the handle becomes invalid somehow during read. And I do not know why. This all happens when I’m filtering the \device\picadriveredirector files.

Any help is appreciated. Thank you.

Does anybody know how this can happen? I run in this exception above only when I’m trying to read a picadriveredirector file. For all other file filtering in the IRP_MJ_CREATE dispatch routine, read succeeds.

What is “FSDK” ?

If it is something of yours then you have the fix in your hands. If not then one assumes it is in picadriveredirector and given the lack of response here I would assume that their developers don’t hang out here - you should probably reach out to them.

I assume it is the OSR Windows File System Development Kit (FSDK) that they (the Citrix picadriveredirector team) is using. The exception is raised by one of the lower level drivers in the stack when my routine is calling ZwReadFile (with a valid handle), probably the picadriveredirector driver. In the meantime, I’ve created the read IRP by myself and sent it down, to bypass ZwReadFile, same problem… You probably right, I’m afraid I need to reach out to the picadriveredirector team.

I suppose you could set a breakpoint where the dbgprint happens (I’d set an access breakpoint on the text) and do what it says…

I assume it is the OSR Windows File System Development Kit (FSDK) that they (the Citrix picadriveredirector team) is using

To be entirely clear: This is not an OSR support forum.

I need to reach out to the picadriveredirector team.

That’s what I would do.

Oh, as a side note… your output shows this:

this is current as of WinDBG 6.5.3.7

That version of WinDbg is, oh, more than 15 years old.

Peter

“I suppose you could set a breakpoint where the dbgprint happens (I’d set an access breakpoint on the text) and do what it says”
@rod_widdowson: I struggle with setting up the bp statement you proposed correctly. Maybe you can help. Thank you

The inspiration comes from this article

That shows you how to find a specific long word (for instance the text string (for instance “D CON”) in a driver. Then set a break point on access

kd> ba r 1 0X1234567'87654321

But I’d listen to what @“Peter_Viscarola_(OSR)” says. He’s the guy from OSR after all,

Thank you, let’s see how far I can get with it. It is kind of weird. Sometimes the ZwReadFile succeeds and can read the data correctly from the file, in other cases (most of the cases) the ZwReadFile throws the exception above and the handle got invalid.

Is there some reason you’re not simply filing a bug with the people who make/market this product?

Peter

That’s what I do. Let’s see what they come back with.