Setting The IO Type For WDF Driver IOCTLS

Hi All,
I have a requirement where each WDF request will result in Read and Write of the data. We have note decided yet if we will have two pointers (one for input data and one for output data) or use the same pointer for input output data (with two size fields IN size and Out size). I know it has been advised not to use NEITHER IO for transfers. I am looking at METHOD_IN_DIRECT and METHOD_OUT_DIRECT for defining the IOCTLS.

My question is, is it possible to define IOCTLS with both the flags set at the same time? My guess is that it should be possible but I am not sure.

Any help appreciated.
Thanks
AJ–

No, it’s an enumeration, not a bitfield, but it doesn’t really matter. METHOD_IN_DIRECT and METHOD_OUT_DIRECT are identical, except that the IN version guarantees that the second buffer is readable, and the OUT version guarantees that the second buffer is writable. In practice, it’s just memory, and it will always be both readable and writable. So, just use OUT.

Remember that in both cases, the first buffer is copied to kernel, and the second buffer is mapped. There’s no other behavioral difference.

Tim,
Will the IO manager clear the input buffer to zero when I set the flag as METHOD_OUT_DIRECT, since the input data is not expected?

  • AJ

No. It’s just not that formal. The user-mode pages get mapped and locked in kernel mode. Literally the only difference is whether I/O manager does ProbeForRead or ProbeForWrite on that locked buffer.

1 Like

My driver would stop working if tomorrow security update comes and decides to zero out the “write” memory on input path and zero out the read memory on the output path.

Well you would not be alone, if that is any comfort. Using METHOD_OUT for a
read/write mdl based buffer is standard practice. However if you insist,
use the system buffer for read and the mdl for write. Note that they could
both be pointing at the same user data. The OS will copy that data to the
system buffer. Inefficient needless copy, but avoids some future
catastrophe.

Mark Roddy

2 Likes

I will stake my reputation on the assertion that Microsoft will NEVER change that behavior, until the operating system is called something other than “Windows”. Core kernel behavior just does not change, because the consequences are so dire.

2 Likes

Thanks Guys. Really appreciate the help.

METHOD_OUT_DIRECT is intended for use as output, OR as input AND output. This is by design.

It’s not a hack, it’s not a loophole, its not a coincidence that it works, it’s not a risk. It’s by design. As Mr. Roddy clearly said this is a “standard practice.” As Mr. Roberts said this will “NEVER change” until we’ve all switched to running on Fuchsia or something.

Peter

1 Like

Awesome! Will use this METHOD_OUT_DIRECT, which I wanted to in the first place. Just wanted to make sure there are no risks associated with it in anyway.