Accessing a namespace oriented device file from DOS command prompt

Hello all,

I’ve set up a \DosDevices namespace for a hardware device driver I’m writing. Before getting into the gory details, I’d mention that it actually works properly and cleanly when I run a plain test application. The thing is that I want users to be able to access the device driver from the DOS command prompt. Let’s try to remember that behind the massed of info below, that’s the problem I want solved, even though general insights are mostly welcome.

The platform is Windows 7 version 6.1.7600.

First, the setting: Following the classic convention, the driver sets up an UNNAMED device (with IoCreateDevice()'s DeviceName parameter set to NULL). The interface’s name is later acquired from IoRegisterDeviceInterface()'s SymbolicLinkName. The driver’s namespace is then created by virtue of several symbolic links under \DosDevices, each pointing at the interface name given by IoRegisterDeviceInterface() appended with some “\myname” string. So when the application creates a file with the symbolic link (say, \.\hello), the symbolic link redirects the object manager to something link {…Long blob…}\hello, which in turn redirects to the actual device (\Device\NTPNP_PCI0015). As I said, this works like a charm with a test application.

I’ll also mention that in the dispatch method for Create, the driver checks how the file was created (irpstack->Parameters.Create.SecurityContext->DesiredAccess), and goes something like

if ((DesiredAccess & (FILE_WRITE_DATA | FILE_READ_DATA)) == 0)
{ … complete IRP with STATUS_INVALID_DEVICE_REQUEST … }

In other words, it rejects attempts to create a file if it’s not for either reading or writing data. When I wrote this sanity check I thought it was silly, but what did I know…

So what happens in reality? If it’s a plain application calling

CreateFile(TEXT(“\\.\hello”),
GENERIC_READ, // open for reading
0, // do not share
NULL, // no security
OPEN_EXISTING, // existing file only
FILE_ATTRIBUTE_NORMAL, // normal file
NULL); // no attr. template

The logs show a single successful attempt to open the device with DesiredAccess = 0x120089 (matching GENERIC_READ), data is read properly and all is well.

But the thing is that I want access from the DOS prompt. Linux style. This is a real use scenario for this driver. I want users to be able to get a chunk of data without having a special application for that.

So this is what happens with a DOS prompt:

C:\Users\eli>type \.\hello
The filename, directory name, or volume label syntax is incorrect.

And indeed, no access was made to the device. Why “type” refuses to access device files is beyond me. So I tried something else:

C:\Users\eli>copy \.\hello delme
Incorrect function.

DesiredAccess was 0x0080 (FILE_CREATE_TREE_CONNECTION, I believe) so it failed.

How about redirection?

C:\Users\eli>type > \.\hello
Incorrect function.

This was actually correct behavior, because the device is read only. And now prepare for the really weird part:

C:\Users\eli>type < \.\hello
Incorrect function.

It’s weird, because the logs show that the driver returned SUCCESS on the Create, and that the file remained open. As a matter of fact, no IRPs were sent to the driver after the IRP_MJ_CREATE.

The DOS shell merely repeats the status from the last command it got: Other tests show that if exactly the same command is given on a fresh DOS window, the prompt is given immediately as if all was OK, but in fact the file was opened, not read from at all, and left open.

The thing about repeating the status from the last command is consistent.

If I try to repeat this command,

C:\Users\eli>type < \.\hello
The requested resource is in use.

This error came from the driver itself, which detected that the specific “file” is already open, so it failed with a STATUS_DEVICE_BUSY, which was passed on to user correctly by the DOS prompt.

So basically, the DOS prompt does weird things only when the driver is cooperative.

So what’s the conclusion? That the DOS prompt gets crazy when faced with one of Window’s basic internals? And suppose that a user has a bare system (no applications), is there any way he or she could grab data from the device, using only what comes with the system? The DOS prompt doesn’t look very promising.

And of course, the first thing I looked at was how the IRP is completed, in case I forgot to set IoStatus.Status or something. But it goes:

Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = status;
IoCompleteRequest (Irp, IO_NO_INCREMENT);

return status;

which is, as far as I know, the official way.

And for the sake of curiosity I also tried it with Cygwin. This works properly (file is opened, data is read):

$ cat \\.\hello

But surprisingly, there are two failed attempts on CreateFile before the successful one, having DesiredAccess set to 0x00020088 and 0x00020000 (both failing on the sanity check showed above, as they don’t require FILE_READ_DATA nor FILE_WRITE_DATA). It’s the third call to CreateFile, with access flags 0x00120089 (generic read) that does the work.

What is even more weird, is that AFTER the successful open (and a couple of failed QUERY_INFO requests, who cares), the device gets another CreateFile with a zero-length file name and DesiredAccess=0x100001 (I suppose FILE_RESERVE_OPFILTER | FILE_DIRECTORY_FILE). The thing is that all symbolic links the driver creates have this “\something” tail, so the last CreateFile didn’t go through one of these. According to IrpTracker it was cat.exe initiating this after it had finished reading and reached end of file. How did it get around the symbolic links, and why did it bother doing that after the data had been read?

The Cygwin issue is of less importance, of course, since things work really well with it. These extra file accesses could be a Cygwin implementation issue.

And for those who got reading this far, thanks for showing interest.

The cms prompt works with files a special names ( dos device names like com1, >2, etc). Unix is not windows, deep integration of native device names in a cmd shell is not the same. Either emulate an entire fs and implement the proper fs major functions and behaviors or give up the ghost. Or I guess pretend to be a com port

d

debt from my phone

From: xxxxx@billauer.co.il
Sent: 2/26/2012 3:40 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Accessing a namespace oriented device file from DOS command prompt

Hello all,

I’ve set up a \DosDevices<file:> namespace for a hardware device driver I’m writing. Before getting into the gory details, I’d mention that it actually works properly and cleanly when I run a plain test application. The thing is that I want users to be able to access the device driver from the DOS command prompt. Let’s try to remember that behind the massed of info below, that’s the problem I want solved, even though general insights are mostly welcome.

The platform is Windows 7 version 6.1.7600.

First, the setting: Following the classic convention, the driver sets up an UNNAMED device (with IoCreateDevice()'s DeviceName parameter set to NULL). The interface’s name is later acquired from IoRegisterDeviceInterface()'s SymbolicLinkName. The driver’s namespace is then created by virtue of several symbolic links under \DosDevices<file:>, each pointing at the interface name given by IoRegisterDeviceInterface() appended with some “\myname” string. So when the application creates a file with the symbolic link (say, \.\hello), the symbolic link redirects the object manager to something link {…Long blob…}\hello, which in turn redirects to the actual device (\Device\NTPNP_PCI0015). As I said, this works like a charm with a test application.

I’ll also mention that in the dispatch method for Create, the driver checks how the file was created (irpstack->Parameters.Create.SecurityContext->DesiredAccess), and goes something like

if ((DesiredAccess & (FILE_WRITE_DATA | FILE_READ_DATA)) == 0)
{ … complete IRP with STATUS_INVALID_DEVICE_REQUEST … }

In other words, it rejects attempts to create a file if it’s not for either reading or writing data. When I wrote this sanity check I thought it was silly, but what did I know…

So what happens in reality? If it’s a plain application calling

CreateFile(TEXT(“\\.\hello”),
GENERIC_READ, // open for reading
0, // do not share
NULL, // no security
OPEN_EXISTING, // existing file only
FILE_ATTRIBUTE_NORMAL, // normal file
NULL); // no attr. template

The logs show a single successful attempt to open the device with DesiredAccess = 0x120089 (matching GENERIC_READ), data is read properly and all is well.

But the thing is that I want access from the DOS prompt. Linux style. This is a real use scenario for this driver. I want users to be able to get a chunk of data without having a special application for that.

So this is what happens with a DOS prompt:

C:\Users\eli>type \.\hello
The filename, directory name, or volume label syntax is incorrect.

And indeed, no access was made to the device. Why “type” refuses to access device files is beyond me. So I tried something else:

C:\Users\eli>copy \.\hello delme
Incorrect function.

DesiredAccess was 0x0080 (FILE_CREATE_TREE_CONNECTION, I believe) so it failed.

How about redirection?

C:\Users\eli>type > \.\hello
Incorrect function.

This was actually correct behavior, because the device is read only. And now prepare for the really weird part:

C:\Users\eli>type < \.\hello
Incorrect function.

It’s weird, because the logs show that the driver returned SUCCESS on the Create, and that the file remained open. As a matter of fact, no IRPs were sent to the driver after the IRP_MJ_CREATE.

The DOS shell merely repeats the status from the last command it got: Other tests show that if exactly the same command is given on a fresh DOS window, the prompt is given immediately as if all was OK, but in fact the file was opened, not read from at all, and left open.

The thing about repeating the status from the last command is consistent.

If I try to repeat this command,

C:\Users\eli>type < \.\hello
The requested resource is in use.

This error came from the driver itself, which detected that the specific “file” is already open, so it failed with a STATUS_DEVICE_BUSY, which was passed on to user correctly by the DOS prompt.

So basically, the DOS prompt does weird things only when the driver is cooperative.

So what’s the conclusion? That the DOS prompt gets crazy when faced with one of Window’s basic internals? And suppose that a user has a bare system (no applications), is there any way he or she could grab data from the device, using only what comes with the system? The DOS prompt doesn’t look very promising.

And of course, the first thing I looked at was how the IRP is completed, in case I forgot to set IoStatus.Status or something. But it goes:

Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = status;
IoCompleteRequest (Irp, IO_NO_INCREMENT);

return status;

which is, as far as I know, the official way.
------------------------

And for the sake of curiosity I also tried it with Cygwin. This works properly (file is opened, data is read):

$ cat \\.\hello

But surprisingly, there are two failed attempts on CreateFile before the successful one, having DesiredAccess set to 0x00020088 and 0x00020000 (both failing on the sanity check showed above, as they don’t require FILE_READ_DATA nor FILE_WRITE_DATA). It’s the third call to CreateFile, with access flags 0x00120089 (generic read) that does the work.

What is even more weird, is that AFTER the successful open (and a couple of failed QUERY_INFO requests, who cares), the device gets another CreateFile with a zero-length file name and DesiredAccess=0x100001 (I suppose FILE_RESERVE_OPFILTER | FILE_DIRECTORY_FILE). The thing is that all symbolic links the driver creates have this “\something” tail, so the last CreateFile didn’t go through one of these. According to IrpTracker it was cat.exe initiating this after it had finished reading and reached end of file. How did it get around the symbolic links, and why did it bother doing that after the data had been read?

The Cygwin issue is of less importance, of course, since things work really well with it. These extra file accesses could be a Cygwin implementation issue.

And for those who got reading this far, thanks for showing interest.

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</file:></file:>

The open without read/write is trying to get the device attributes. You need to support that.

Thanks for your answers.

The thing is that those failed attempt to read attributes happened in the Cygwin case, which resulted, all in all, in successful operation. There is no real problem there, only me wondering what’s going on.

As for the DOS command prompt, all went well, judging by IrpTracker’s output, when attempting redirection ( type < \.\hello ). There is nothing in the IRP dump indicating that cmd.exe had an idea that \.\hello isn’t just a file. Actually, nothing indicating that anything went wrong, except for the actual outcome.

As for implementing a file system, that crossed my mind at some early design stages. Not only is that going to be a lot of work, but my gut feeling is that I’ll solve one problem and get twenty new. For example, I can only imagine all kinds of system software components attempting to create new files and directories. Maybe a recycle bin? A page file? How much space is there left in this magic disk? Zero, I suppose. So how can programs still write to it? And so on.

So the main question is left open: Should I just leave the DOS window, or is there some way to fix this?

I would just forget the cmd window scenario

d

debt from my phone

-----Original Message-----
From: xxxxx@billauer.co.il
Sent: 2/26/2012 1:14 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Accessing a namespace oriented device file from DOS command prompt

On 26-Feb-2012 23:17, xxxxx@billauer.co.il wrote:

Thanks for your answers.

The thing is that those failed attempt to read attributes happened in the Cygwin case, which resulted, all in all, in successful operation. There is no real problem there, only me wondering what’s going on.

As for the DOS command prompt, all went well, judging by IrpTracker’s output, when attempting redirection ( type< \.\hello ). There is nothing in the IRP dump indicating that cmd.exe had an idea that \.\hello isn’t just a file. Actually, nothing indicating that anything went wrong, except for the actual outcome.

As for implementing a file system, that crossed my mind at some early design stages. Not only is that going to be a lot of work, but my gut feeling is that I’ll solve one problem and get twenty new. For example, I can only imagine all kinds of system software components attempting to create new files and directories. Maybe a recycle bin? A page file? How much space is there left in this magic disk? Zero, I suppose. So how can programs still write to it? And so on.

So the main question is left open: Should I just leave the DOS window, or is there some way to fix this?

The “type < filename” syntax is not valid at all, so maybe you run
something else actually, not the internal cmd.exe command.
Check your PATH.

Cygwin does complicated things for unix simulation, but even if it works
as you want, it is not the bare Windows, which is your goal.
Otherwise, there is a lot of options (PS, python scripts…) but all
these are not bare Windows, alas. Windows is not Linux.

– pa

One thing to be careful of with trying to use devices as files: EOF. The
accepted standard for EOF is that a device return TRUE from ReadFile, but
returns 0 bytes. This is fine, as long as it is a file system. But some
hardware devices will successfully return 0 bytes, meaning “I had nothing
to send you, but there is no error”. such as a serial port. Thus, the
program can erroneously interpret this as EOF, much to the surprise of
all. Many hardware devices have drivers that will return TRUE/0 bytes as
a well-defined piece of their behavior, but they are not file systems.
joe

Thanks for your answers.

The thing is that those failed attempt to read attributes happened in the
Cygwin case, which resulted, all in all, in successful operation. There is
no real problem there, only me wondering what’s going on.

As for the DOS command prompt, all went well, judging by IrpTracker’s
output, when attempting redirection ( type < \.\hello ). There is nothing
in the IRP dump indicating that cmd.exe had an idea that \.\hello isn’t
just a file. Actually, nothing indicating that anything went wrong, except
for the actual outcome.

As for implementing a file system, that crossed my mind at some early
design stages. Not only is that going to be a lot of work, but my gut
feeling is that I’ll solve one problem and get twenty new. For example, I
can only imagine all kinds of system software components attempting to
create new files and directories. Maybe a recycle bin? A page file? How
much space is there left in this magic disk? Zero, I suppose. So how can
programs still write to it? And so on.

So the main question is left open: Should I just leave the DOS window, or
is there some way to fix this?

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OK, so the bottom line is pretty conclusive: No DOS Command window. It’s nice to know it wasn’t just me missing something under my nose about its abilities.

Also thanks for the remark about my use of “type”. Having tried similar things with plain files, I realize there was something inherently problematic about my attempt with that command. Not something that justifies giving control back to user while having a file descriptor left open and dangling, but this isn’t a discussion list about Windows applications…

As for handling EOF gracefully, my driver returns STATUS_END_OF_FILE + zero in the information field when applicable, and non-zero data count otherwise. Cygwin takes that well. But thanks for that remark anyhow.

So thanks again for your help on this. I can now chop that branch off with no concern.