Accessing Read Buffer during network Copy-paste

Hi,

I am developing a file system minifilter driver that populates some information on receiving the Read request in the Pre Operation callback

The read requests are being processed synchronously.On local copy-paste operation,the information is retrieved accurately.
I am ignoring the Paging Io operations

But when I do a read over the network(accessing the shared folder from another machine),the system crashes with the following bug check

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b96a4832, The address that the exception occurred at
Arg3: b923dc08, Exception Record Address
Arg4: b923d904, Context Record Address

MODULE_NAME: srv

FAULTING_MODULE: 80800000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a048

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
srv+2832
b96a4832 668b4814 mov cx,word ptr [eax+14h]

EXCEPTION_RECORD: b923dc08 – (.exr 0xffffffffb923dc08)
ExceptionAddress: b96a4832 (srv+0x00002832)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00320048
Attempt to read from address 00320048

APPROACH :processing the read request
if(FAST_ IO || DATA_SYSTEM_BUFFER )
{
//Populate Info into the
Data->Iopb->Parameters.ReadBuffer

}
else
{
if(Irp->MdlAddress != NULL)
{
MmGetSystemAddressForMdlSafe()
//populate the info
}
else
{
FltLockUserBuffer(Data);
MmGetSystemAddressForMdlSafe()
//Populate info
}

}

I have referred the swapBuffers sample program to build on this

OBSERVATIONS:
During a Remote read request the ,the FltLockUserBuffer() fails with STATUS_INVALID_PARAMETER
If I do a FLT_PREOP_COMPLETE ,the copy operation is terminated with above status check :“The paarmeter is incorrect”

If I pass down the request to FSD with FLT_PREOP_SUCCESS_NO_CALLBACK ,the system crashes with the above bugcheck

QUERY :
How do we handle the REMOTE read request ,how should the buffer be accessed and populated ?

Please let me know your inputs.Any help is greatly appreciated

Regards,
Seema

You don’t give us the stack, but I am really assuming that this problem is
really “why does FltLockUserBuffer fail”? If you are calling a function
that can fail and then continue merrily on you should expect bad things.

Faced with this situation your best bet is to spelunk through the call to
FltLockUserBuffer and see what particular thing it complains about. What is
different between your code and Swapbuffers (where - I’d guess - it works)?
The documentation for that API says that it can return that error, but you
are stating that this is an IRP_MJ_READ…

Rod

Thanks for the inputs Rod.

I will step through the FltLockUserBuffer and check again
As per the documentation,FltLockUserBuffer() returns the STATUS_INVALID_PARAMETER if the IRP being processed is
not one of the below mentioned IRP’s .

IRP_MJ_DEVICE_CONTROL
IRP_MJ_DIRECTORY_CONTROL
IRP_MJ_FILE_SYSTEM_CONTROL
IRP_MJ_INTERNAL_DEVICE_CONTROL
IRP_MJ_QUERY_EA
IRP_MJ_QUERY_QUOTA
IRP_MJ_QUERY_SECURITY
IRP_MJ_READ
IRP_MJ_SET_EA
IRP_MJ_SET_QUOTA
IRP_MJ_WRITE

But in my case ,I am processing the IRP_MJ_READ request

I am doing this in the PreOperation Callback for the Read request.
In the swap Buffers eg,the buffers are swapped in the preoperation callback.In the post op callback the information is copied into the original buffers

In my minifilter ,I have registered only the Pre operation callback for IRP_MJ_READ request.
In the pre operation ,I aim to populate the Read buffer with some information(some pattern).
The read requests can be classified as
1.Fast IO read
2.Read IRP

PreReadOperationCallback()
{

//If Fast Io or Data system buffer
//copy the data directly

PVOID readBuffer = NULL ;
if(FLTFL_IS_FAST_IO || DATA_SYSTEM_BUFFER)
{
readBuffer = Data->Iopb->Parameters.Read.ReadBuffer;
RtlCopyMemory(Data->Iopb->Parameters.Read.ReadBuffer,Info, Data->Iopb->Parameters.Read.Length)
//Set the appropriate status in the Callback Data and the bytes read
return FLT_PREOP_COMPLETE;
}

//If its as IRP ,we need to process the read as follows
if(Data->Iopb->Parameters.Read.MdlAddress != NULL )
{
readBuffer = MmGetSystemAddressForMdlSafe(Data->Iopb- >Parameters.Read.MdlAddress,
NormalPagePriority)
//Copy the information
//Set the appropriate status in the Callback Data and the bytes read
return FLT_PREOP_COMPLETE;
}

//If the above two cases fail,we try to access the buffer as follows
Mdl = FltLockUserBuffer(Data)
if (success)
{
readBuffer = MmGetSystemAddressForMdlSafe(Mdl,NormalPage Priority)
//copy the required information
//Set the appropriate status in the Callback Data and the bytes read
return FLT_PREOP_COMPLETE;
}
else
{
//The buffer could not be locked :How to process here

}
}

In the above scenario "Buffer cannot be locked "how do we process,the read request.
Is there any other way to populate the information into read buffer ?
As the above ways fail during a remote copy read operation.

I also tried to pend the read request ,and process it using a workitem ,but the FltLockUserBuffer
still fails for the Remote copy paste request.

Regards,
Seema

With a few changes,I was able to resolve the BSOD issue for the Network copy paste operation.

But I am still facing the problem in populating the pattern/information into the Buffer
For a Remote Copy paste operation scenario,the FLT_CALLBACK_DATA fields are as follows
Data->Flags is FLTFL_CALLBACK_DATA_IRP_OPERATION
Data->Iopb->IrpFlags is IRP_SYNCHRONOUS_API

Data->Iopb->Parameters.Read.ReadBuffer = NULL
Data->Iopb->Parameters.Read.MdlAddress = NULL
So, how do i access the buffer in such a scenario (since both buffers are null ) ?
Where should i populate my information ?
Any help is greately appreciated

Regards,
Seema