Hi all,
I found something there.
In the DriverEntry() of filespy, three global UNICODE_STRING,
gVolumeString gOverrunString gPagingIoString are not correctly initialed
like this:
RtlInitUnicodeString(&gVolumeString, L"VOLUME");
RtlInitUnicodeString(&gOverrunString, L"…“);
RtlInitUnicodeString(&gPagingIoString, L"Paging IO”);
Later on, when SpyGetPathName() need to do this:
…
//
// This is an operation on the volume
//
if (FileObject->FileName.Length == 0) {
length = MINIMUM(MaxLength,
(gVolumeString.MaximumLength + volumeNameLength));
if (volumeNameLength) {
RtlCopyMemory(origNameBuffer,VolumeName->Buffer,volumeNameLength);
}
RtlCopyMemory(
&origNameBuffer[volumeNameLength/sizeof(WCHAR)],
gVolumeString.Buffer, /*** BUG CHCKED!!! *****/
length );
return length;
}
…
You’ll get a bug check with code PAGE_FAULT_IN_NONPAGED_AREA, because
gVolumeString.Buffer is not accessable.
I give my way out:
WCHAR volumeString=L"Volunme";
//declare a golbal string like gVolumnString
…
//in the DriverEntry()
RtlInitUnicodeString(&gVolumeString, volumnString);
I am using Win2K build 2195, with SoftICE 4.
xjaguar
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com