calling fltcreatefile crashes

this is the first time i required calling FltCreateFile but it is crashing… i get a access violation
i am calling this function when my application calls createfile on a device object created by my mini filter.

unistring is initialize with C:\sample\file.tes

extension tes is just for example

InitializeObjectAttributes(&oa,
&uniString,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
NULL,
NULL);

NtStatus = FltCreateFile(gFilterHandle,
NULL,
&hfile,
FILE_READ_DATA,
&oa,
&IoStatusBlock,
0,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE,
NULL,
0,
IO_IGNORE_SHARE_ACCESS_CHECK) ;

windbg shows this
f602a93c f997727a f602a9b8 f9981b5b 00000000 fltMgr!FltpExAcquireRundownProtection+0x3
f602a944 f9981b5b 00000000 818c0b40 8197bbe0 fltMgr!FltObjectReference+0x10
f602a9b8 f96995b7 00000000 00000000 f602aa20 fltMgr!FltCreateFile+0x29

fltMgr!FltpExAcquireRundownProtection+3
f9977635 8b19 mov ebx,dword ptr [ecx]

is anybody can help, what is wrong i am doing
I read in ddk like:
FILE_NON_DIRECTORY_FILE The file being opened must not be a directory file or this call fails. The file object being opened can represent a data file; a logical, virtual, or physical device; or a volume. If this flag is set, the Instance parameter must be NULL.

Please help…

While we appreciate the brevity, I think you have been too brief.

What does windbg say about the exception (particularly !analyze -v) ? What
value is ecx? Is gFilterHandle NULL or invalid (that is where my money
would be).

What do you mean by this:

i am calling this function when my application calls createfile on a
device object created by my mini filter.

You application shouldn’t know about create file or a device object? Do you
mean that you are calling this in PreCreate?

unistring is initialize with C:\sample\file.tes

This is (probably) not your problem, but it will be your next problem. That
is not a valid file name in the kernel name space. Kernel file names need
to be relative to the root of the object name space (read up about this).
You probably meant to say “??\C:\sample\file.tes”

If this flag is set, the Instance parameter must be NULL.

This seems completely bogus to me, and indeed I see that it is not in the
Win7 documentation. In general you should *always* supply an instance
unless there is a really good idea why not.

Rod

Steading System Software

thanks,

i reviewed, and i found out gfilterhandle is null. but how do i discover such things using windbg, ?

This seems completely bogus to me,
myy ddk version is 6000, i will update my doc :slight_smile:

anyway thanx , my problem will be solved.

kd> ?? gFilterHandle
or
kd> dt gFilterHandle

is a good place to start…

wrote in message news:xxxxx@ntfsd…
> thanks,
>
> i reviewed, and i found out gfilterhandle is null. but how do i discover
> such things using windbg, ?
>
>>This seems completely bogus to me,
> myy ddk version is 6000, i will update my doc :slight_smile:
>
> anyway thanx , my problem will be solved.
>

thanks

i used dt as kd> dt nt!

to see what that structure contains.

ok i got thanks for help guys.