hi
i am sending some data from minifilter to app
and when i try to printout the data the app crashes.
could u give me a hint what am i doing wrong?
i tried hints from here
http://www.osronline.com/ShowThread.cfm?link=202095
and nothing hepled
the code is modified scanner filter and user from WDK samples
/////////////////////////// FILTER
CODE//////////////////////////////////////////
NTSTATUS
ScannerpScanFileInUserMode (
__in PFLT_INSTANCE Instance,
__in PFILE_OBJECT FileObject,
__out PBOOLEAN SafeToOpen,
__in PFLT_FILE_NAME_INFORMATION NameInfo
)
{
NTSTATUS status = STATUS_SUCCESS;
PVOID buffer = NULL;
ULONG bytesRead;
PFILE_INFO openedFile = NULL;
FLT_VOLUME_PROPERTIES volumeProps;
LARGE_INTEGER offset;
ULONG replyLength, length;
PFLT_VOLUME volume = NULL;
*SafeToOpen = TRUE;
//
// If not client port just return.
//
if (ScannerData.ClientPort == NULL) {
//zmenit navratovu hodnotu
return STATUS_SUCCESS;
}
try {
openedFile = ExAllocatePoolWithTag( NonPagedPool,
sizeof( FILE_INFO ),
‘nacS’ );
if(NULL == openedFile) {
status = STATUS_INSUFFICIENT_RESOURCES;
leave;
}
//openedFile = NameInfo;
openedFile->FinalComponent = NameInfo->FinalComponent;
openedFile->Extension = NameInfo->Extension;
openedFile->Name = NameInfo->Name;
openedFile->ParentDir = NameInfo->ParentDir;
openedFile->Volume = NameInfo->Volume;
DbgPrint(“cc%wZ\n”,&openedFile->FinalComponent);
DbgPrint(“cc%wZ\n”,&openedFile->Extension);
DbgPrint(“cc%wZ\n”,&openedFile->ParentDir);
DbgPrint(“cc%wZ\n”,&openedFile->Volume);
offset.QuadPart = bytesRead = 0;
status = FltReadFile( Instance,
FileObject,
&offset,
length,
buffer,
FLTFL_IO_OPERATION_NON_CACHED |
FLTFL_IO_OPERATION_DO_NOT_UPDATE_BYTE_OFFSET,
&bytesRead,
NULL,
NULL );
replyLength = sizeof( SCANNER_REPLY );
status = FltSendMessage( ScannerData.Filter,
&ScannerData.ClientPort,
openedFile,
sizeof(FILE_INFO),
openedFile,
&replyLength,
NULL );
if (STATUS_SUCCESS == status) {
*SafeToOpen = ((PSCANNER_REPLY) openedFile)->SafeToOpen;
} else {
//
// Couldn’t send message
//
DbgPrint( “!!! scanner.sys — couldn’t send message to
user-mode to scan file, status 0x%X\n”, status );
}
} finally {
if (NULL != buffer) {
FltFreePoolAlignedWithTag( Instance, buffer, ‘nacS’ );
}
if (NULL != openedFile) {
ExFreePoolWithTag( openedFile, ‘nacS’ );
}
if (NULL != volume) {
FltObjectDereference( volume );
}
}
return status;
}
//////////////////////////////END OF FILTER CODE/////////////
////////////////////////////APP CODE////////////////////////////////
DWORD
ScannerWorker(
__in PSCANNER_THREAD_CONTEXT Context
)
{
PFILE_INFO openedFile;
SCANNER_REPLY_MESSAGE replyMessage;
PSCANNER_MESSAGE message;
LPOVERLAPPED pOvlp;
BOOL result;
DWORD outSize;
HRESULT hr;
ULONG_PTR key;
#pragma warning(push)
#pragma warning(disable:4127) // conditional expression is constant
while (TRUE) {
#pragma warning(pop)
//
// Poll for messages from the filter component to scan.
//
result = GetQueuedCompletionStatus( Context->Completion, &outSize,
&key, &pOvlp, INFINITE );
//
// Obtain the message: note that the message we sent down via
FltGetMessage() may NOT be
// the one dequeued off the completion queue: this is solely
because there are multiple
// threads per single port handle. Any of the FilterGetMessage()
issued messages can be
// completed in random order - and we will just dequeue a random
one.
//
message = CONTAINING_RECORD( pOvlp, SCANNER_MESSAGE, Ovlp );
if (!result) {
//
// An error occured.
//
hr = HRESULT_FROM_WIN32( GetLastError() );
break;
}
printf( “Received message, size %d\n”, pOvlp->InternalHigh );
openedFile = &message->OpenedFile;
//printf(“%wZ\n”,&openedFile->Name);
//////////////////////////
result = TRUE;
//////////////////////////
replyMessage.ReplyHeader.Status = 0;
replyMessage.ReplyHeader.MessageId =
message->MessageHeader.MessageId;
//
// Need to invert the boolean – result is true if found
// foul language, in which case SafeToOpen should be set to false.
//
replyMessage.Reply.SafeToOpen = !result;
printf( “Replying message, SafeToOpen: %d\n”,
replyMessage.Reply.SafeToOpen );
hr = FilterReplyMessage( Context->Port,
(PFILTER_REPLY_HEADER) &replyMessage,
sizeof( replyMessage ) );
if (SUCCEEDED( hr )) {
printf( “Replied message\n” );
//printf(“%wZ”,&openedFile->Name);
//printf(“%wZ”,&openedFile->Extension);
//printf(“%wZ”,&openedFile->ParentDir);
} else {
printf( “Scanner: Error replying message. Error = 0x%X\n”, hr );
break;
}
memset( &message->Ovlp, 0, sizeof( OVERLAPPED ) );
hr = FilterGetMessage( Context->Port,
&message->MessageHeader,
FIELD_OFFSET( SCANNER_MESSAGE, Ovlp ),
&message->Ovlp );
if (hr != HRESULT_FROM_WIN32( ERROR_IO_PENDING )) {
break;
}
}
if (!SUCCEEDED( hr )) {
if (hr == HRESULT_FROM_WIN32( ERROR_INVALID_HANDLE )) {
//
// Scanner port disconncted.
//
printf( “Scanner: Port is disconnected, probably due to scanner
filter unloading.\n” );
} else {
printf( “Scanner: Unknown error occured. Error = 0x%X\n”, hr );
}
}
free( message );
return hr;
}