Access violation in call of TdiBuildInternalDeviceControlIrp() (in Tdi client)

NTDEV
1

I am trying to write a Tdi client to receive UDP packets. I set the
TDI_EVENT_RECEIVE_DATAGRAM event properly. Here is the piece of code of
this event handler:

static NTSTATUS ClientEventRceiveDatagram( IN PVOID EventContext,
IN LONG AddressLength,
IN PTRANSPORT_ADDRESS
TaAddress,
IN LONG OptionsLength,
IN PVOID Options,
IN ULONG ReceiveDatagramFlags,
IN ULONG BytesIndicated,
IN ULONG BytesAvailable,
OUT ULONG *BytesTaken,
IN PVOID Tsdu,
OUT PIRP *IoRequestPacket )
{

PIRP irp;
PMDL mdlBuffer;

if ( BytesIndicated >= BytesAvailable )
{
/* handle full Tsdi case here */

}

/*
* Build the TDI_RECEIVE_DATAGRAM irp for the remainder of TSDU
*/

irp = TdiBuildInternalDeviceControlIrp( TDI_RECEIVE_DATAGRAM,
deviceObject,
fileObject,
NULL,
NULL );
if ( irp == NULL )
{
ExFreePool( remainderBuf );
return STATUS_DATA_NOT_ACCEPTED;
}

/*
* Get the mdl for the remainder buffer
*/
mdlBuffer = IoAllocateMdl(
remainderBuf,
remainderLen, /* length of buffer */
FALSE, /* not secondary */
FALSE, /* don’t charge quota */
NULL ); /* don’t use irp */
if ( mdlBuffer )
{
try
{
/* probe & lock the buffer */
MmProbeAndLockPages( mdlBuffer, KernelMode, IoModifyAccess );
}
except ( EXCEPTION_EXECUTE_HANDLER )
{
IoFreeMdl( mdlBuffer );
ExFreePool( remainderBuf );
remainderBuf = NULL;
return STATUS_DATA_NOT_ACCEPTED;
}
}

TdiBuildReceiveDatagra(irp,
deviceObject,
fileObject,
PartialRecvComplete,
context, /* completeion context */
mdlBuffer, /* pointer to data (MDL) */
0,/* use the whole buffer mapped at mdlBuffer
*/
receiveInfo,
NULL,
TDI_RECEIVE_NORMAL | TDI_RECEIVE_EXPEDITED );

/* since we don’t call IoCallDriver here directly */
IoSetNextIrpStackLocation( irp );
*IoRequestPacket = irp;

return STATUS_MORE_PROCESSING_REQUIRED;

} /* ClientEventRceiveDatagram */

I got :
Access violation - code c0000005 (!!! second chance !!!)
nt!FsRtlAllocatePoolWithTag+1:
8041cb2b 897704 mov [edi+0x4],esi

In the call of TdiBuildInternalDeviceControlIrp():

My questions are:

  1. Why it crash?
  2. Is this the right way to create the irp for receiving the remainder
    tsdu?
  3. Can I use a local irp in this case?

I appreciate your help.

Lin

2

The easy way would be pre-allocating a certain number of Irps in your
driver entry and using them in your receive handler.

-Srin.

-----Original Message-----
From: Lin [mailto:xxxxx@entegrity.com]
Sent: Friday, July 11, 2003 12:06 PM
To: NT Developers Interest List
Subject: [ntdev] Access violation in call of
TdiBuildInternalDeviceControlIrp() (in Tdi client)

I am trying to write a Tdi client to receive UDP packets. I set the
TDI_EVENT_RECEIVE_DATAGRAM event properly. Here is the piece of code
of
this event handler:

static NTSTATUS ClientEventRceiveDatagram( IN PVOID EventContext,
IN LONG AddressLength,
IN PTRANSPORT_ADDRESS
TaAddress,
IN LONG OptionsLength,
IN PVOID Options,
IN ULONG
ReceiveDatagramFlags,
IN ULONG BytesIndicated,
IN ULONG BytesAvailable,
OUT ULONG *BytesTaken,
IN PVOID Tsdu,
OUT PIRP *IoRequestPacket )
{

PIRP irp;
PMDL mdlBuffer;

if ( BytesIndicated >= BytesAvailable )
{
/* handle full Tsdi case here */

}

/*
* Build the TDI_RECEIVE_DATAGRAM irp for the remainder of TSDU
*/

irp = TdiBuildInternalDeviceControlIrp( TDI_RECEIVE_DATAGRAM,
deviceObject,
fileObject,
NULL,
NULL );
if ( irp == NULL )
{
ExFreePool( remainderBuf );
return STATUS_DATA_NOT_ACCEPTED;
}

/*
* Get the mdl for the remainder buffer
*/
mdlBuffer = IoAllocateMdl(
remainderBuf,
remainderLen, /* length of buffer */
FALSE, /* not secondary */
FALSE, /* don’t charge quota */
NULL ); /* don’t use irp */
if ( mdlBuffer )
{
try
{
/* probe & lock the buffer */
MmProbeAndLockPages( mdlBuffer, KernelMode, IoModifyAccess
);
}
except ( EXCEPTION_EXECUTE_HANDLER )
{
IoFreeMdl( mdlBuffer );
ExFreePool( remainderBuf );
remainderBuf = NULL;
return STATUS_DATA_NOT_ACCEPTED;
}
}

TdiBuildReceiveDatagra(irp,
deviceObject,
fileObject,
PartialRecvComplete,
context, /* completeion context */
mdlBuffer, /* pointer to data (MDL) */
0,/* use the whole buffer mapped at
mdlBuffer
*/
receiveInfo,
NULL,
TDI_RECEIVE_NORMAL | TDI_RECEIVE_EXPEDITED
);

/* since we don’t call IoCallDriver here directly */
IoSetNextIrpStackLocation( irp );
*IoRequestPacket = irp;

return STATUS_MORE_PROCESSING_REQUIRED;

} /* ClientEventRceiveDatagram */

I got :
Access violation - code c0000005 (!!! second chance !!!)
nt!FsRtlAllocatePoolWithTag+1:
8041cb2b 897704 mov [edi+0x4],esi

In the call of TdiBuildInternalDeviceControlIrp():

My questions are:

  1. Why it crash?
  2. Is this the right way to create the irp for receiving the
    remainder
    tsdu?
  3. Can I use a local irp in this case?

I appreciate your help.

Lin

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com