A WinDBG tip, and a question

NTDEV
1

This is not the same question that I posted to WinDBG, but it’s related. It
is the same tip.

First the tip:
I want to display the contents of memory referenced by a local pointer
variable. Since the pointer is changing frequently, its far easier to deref
the pointer in the memory window than to copy the address and paste it into
the offset. If I paste the name of the pointer variable into the offset, I
get the contents of the local, which is the address of the memory I want to
see. It doesn’t get deref’d. So to deref the pointer, I used
poi(pVariable), and it worked. Cool! Caused a bazillion “Unable to verify
Timestamp” warnings, though.

Now the question:
My driver is the boot ATAPI driver, replacing atapi.sys, and I am trying to
open a file from the disk during initialization, which is the only time I am
ever called at any IRQL < DIRQL, so it’s the only time I *can* open a file.
I only want to read it, and only once. Since my driver is the system disk
driver, the runtime file system isn’t initialized yet, because it is waiting
for my driver to startup properly. So far, I have confirmed that
ZwCreateFile, ends up in NtCreateFile, which subsequently calls
IoCreateFile, which I very highly suspect will eventually try to call my
driver. I have not yet determined whether IoCreateFile will use the boot
file loader, since the disk driver isn’t initialized yet, but I doubt it,
based on information in Inside Windows 2000 and some communications from the
WinDBG guys at Microsoft. With enough time, which I don’t really have, I
can trace through IoCreateFile, and all the calls it makes, and eventually
confirm my suspicions, or (remote possibility) be pleasantly surprised.

Instead of continuing to chug through kernel assembly, I’d like to know if
anyone knows conclusively that IoCreateFile will or will not call the boot
file loader during initialization. Further, since I think calling any of
the kernel mode file routines is a fool’s errand, since they are dependent
on my initialization succeeding, I am wondering if there is any way to use
the existing boot file loader to find the file I need to load.

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Phil,

I strongly suspect that this technique is going to be problematic. As
you’ve noted, you are trying to open a file. The file system hasn’t started
yet, though, because your driver isn’t even ready to run at the moment.

You insist that this MUST be done in your driver entry function. Can I ask
why? There are lots of techniques I can think of that would allow you to
run at passive level after the boot file system has loaded. Did you try a
reinitialization routine, for example? Or a work item that stalls until the
operation works (or until one of the boot file systems has loaded?) Or is it
imperative before anything on the disk is read that you can access this
configuration file?

If it is the latter, then I’d suggest the only safe place to store this
information is in the registry.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Barila, Phil [mailto:xxxxx@intel.com]
Sent: Thursday, April 05, 2001 3:54 PM
To: NT Developers Interest List
Subject: [ntdev] A WinDBG tip, and a question

This is not the same question that I posted to WinDBG, but it’s related. It
is the same tip.

First the tip:
I want to display the contents of memory referenced by a local pointer
variable. Since the pointer is changing frequently, its far easier to deref
the pointer in the memory window than to copy the address and paste it into
the offset. If I paste the name of the pointer variable into the offset, I
get the contents of the local, which is the address of the memory I want to
see. It doesn’t get deref’d. So to deref the pointer, I used
poi(pVariable), and it worked. Cool! Caused a bazillion “Unable to verify
Timestamp” warnings, though.

Now the question:
My driver is the boot ATAPI driver, replacing atapi.sys, and I am trying to
open a file from the disk during initialization, which is the only time I am
ever called at any IRQL < DIRQL, so it’s the only time I *can* open a file.
I only want to read it, and only once. Since my driver is the system disk
driver, the runtime file system isn’t initialized yet, because it is waiting
for my driver to startup properly. So far, I have confirmed that
ZwCreateFile, ends up in NtCreateFile, which subsequently calls
IoCreateFile, which I very highly suspect will eventually try to call my
driver. I have not yet determined whether IoCreateFile will use the boot
file loader, since the disk driver isn’t initialized yet, but I doubt it,
based on information in Inside Windows 2000 and some communications from the
WinDBG guys at Microsoft. With enough time, which I don’t really have, I
can trace through IoCreateFile, and all the calls it makes, and eventually
confirm my suspicions, or (remote possibility) be pleasantly surprised.

Instead of continuing to chug through kernel assembly, I’d like to know if
anyone knows conclusively that IoCreateFile will or will not call the boot
file loader during initialization. Further, since I think calling any of
the kernel mode file routines is a fool’s errand, since they are dependent
on my initialization succeeding, I am wondering if there is any way to use
the existing boot file loader to find the file I need to load.

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab

You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

Tony,

Thanks for the response. Yes, I’ve thought about deferring the load until
after the FS is ready for it, but I haven’t had time to learn about how to
do that.

I also know about stuffing a binary into the registry, and that is something
I’m seriously considering. It just feels like registry abuse. However, it
does solve the problem in the short-term, and maybe in the long-term, as
well. Actually, it just occurred to me that it would be a single solution
for both the NT and the Win9X systems, so maybe I just decided to prefer to
use the registry.

Thanks again!

Phil

-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Thursday, April 05, 2001 1:12 PM
To: NT Developers Interest List
Subject: [ntdev] RE: A WinDBG tip, and a question

Phil,

I strongly suspect that this technique is going to be problematic. As
you’ve noted, you are trying to open a file. The file system hasn’t started
yet, though, because your driver isn’t even ready to run at the moment.

You insist that this MUST be done in your driver entry function. Can I ask
why? There are lots of techniques I can think of that would allow you to
run at passive level after the boot file system has loaded. Did you try a
reinitialization routine, for example? Or a work item that stalls until the
operation works (or until one of the boot file systems has loaded?) Or is it
imperative before anything on the disk is read that you can access this
configuration file?

If it is the latter, then I’d suggest the only safe place to store this
information is in the registry.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Barila, Phil [mailto:xxxxx@intel.com]
Sent: Thursday, April 05, 2001 3:54 PM
To: NT Developers Interest List
Subject: [ntdev] A WinDBG tip, and a question

This is not the same question that I posted to WinDBG, but it’s related. It
is the same tip.

First the tip:
I want to display the contents of memory referenced by a local pointer
variable. Since the pointer is changing frequently, its far easier to deref
the pointer in the memory window than to copy the address and paste it into
the offset. If I paste the name of the pointer variable into the offset, I
get the contents of the local, which is the address of the memory I want to
see. It doesn’t get deref’d. So to deref the pointer, I used
poi(pVariable), and it worked. Cool! Caused a bazillion “Unable to verify
Timestamp” warnings, though.

Now the question:
My driver is the boot ATAPI driver, replacing atapi.sys, and I am trying to
open a file from the disk during initialization, which is the only time I am
ever called at any IRQL < DIRQL, so it’s the only time I *can* open a file.
I only want to read it, and only once. Since my driver is the system disk
driver, the runtime file system isn’t initialized yet, because it is waiting
for my driver to startup properly. So far, I have confirmed that
ZwCreateFile, ends up in NtCreateFile, which subsequently calls
IoCreateFile, which I very highly suspect will eventually try to call my
driver. I have not yet determined whether IoCreateFile will use the boot
file loader, since the disk driver isn’t initialized yet, but I doubt it,
based on information in Inside Windows 2000 and some communications from the
WinDBG guys at Microsoft. With enough time, which I don’t really have, I
can trace through IoCreateFile, and all the calls it makes, and eventually
confirm my suspicions, or (remote possibility) be pleasantly surprised.

Instead of continuing to chug through kernel assembly, I’d like to know if
anyone knows conclusively that IoCreateFile will or will not call the boot
file loader during initialization. Further, since I think calling any of
the kernel mode file routines is a fool’s errand, since they are dependent
on my initialization succeeding, I am wondering if there is any way to use
the existing boot file loader to find the file I need to load.

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab

You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@intel.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

There’s the tried and true (and ugly) solution of building the
configuration into your driver binary, that is, relinking the driver each
time the configuration info is updated. Or you could build the information
into a dummy driver, if it is possible to specify that driver A (the dummy)
is to be loaded before driver B (the real thing), when both are boot-time
drivers; B would look at A for the info. But I don’t know if it’s possible
to specify order dependene for boot-time drivers.

James Antognini
IBM Research

Internet address – antognini@us.ibm.com
Notes address – James Antognini/Watson/xxxxx@IBMUS

Phone – external: 914-784-7258; tieline: 863-7258

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

5

I currently link the changeable part into the driver for NT and derivatives.
Multiple drivers is making the problem worse. Tony’s reminder that this is
what the REG_BINARY is for is right on target.

Thanks,

Phil

-----Original Message-----
From: James Antognini [mailto:antognini@us.ibm.com]
Sent: Thursday, April 05, 2001 1:51 PM
To: NT Developers Interest List
Subject: [ntdev] RE: A WinDBG tip, and a question

There’s the tried and true (and ugly) solution of building the
configuration into your driver binary, that is, relinking the driver each
time the configuration info is updated. Or you could build the information
into a dummy driver, if it is possible to specify that driver A (the dummy)
is to be loaded before driver B (the real thing), when both are boot-time
drivers; B would look at A for the info. But I don’t know if it’s possible
to specify order dependene for boot-time drivers.

James Antognini
IBM Research

Internet address – antognini@us.ibm.com
Notes address – James Antognini/Watson/xxxxx@IBMUS

Phone – external: 914-784-7258; tieline: 863-7258

You are currently subscribed to ntdev as: xxxxx@intel.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com