Doran put me on the right track I’m sure. I created the IRP_MJ_CREATE dispatch routines and it is still giving the same error. I have escaped the back slashes correctly and am indeed using OPEN_EXISTING. I think symbolic name may well be the problem from what I read from you guys. I am going to download winobj.exe from sysinternals and will feedback the results later.
Thanks
xxxxx@yahoo.co.uk wrote:
Doran put me on the right track I’m sure. I created the IRP_MJ_CREATE dispatch routines and it is still giving the same error. I have escaped the back slashes correctly and am indeed using OPEN_EXISTING. I think symbolic name may well be the problem from what I read from you guys. I am going to download winobj.exe from sysinternals and will feedback the results later.
Did you actually call IoCreateSymbolicLink to create an object to open?
You can’t just open a driver called “simplesys.sys” by referring to the
name “\\.\simplesys”. The driver must specifically give itself a
kernel name, and then create a symbolic link in user space that points
to that name.
Perhaps you should post your DriverEntry so we can see the code.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Hi, I did create a symbolic link. Winobj shows no symbolic link for the driver so we have a smoking gun.
Here’s the driver entry code :
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS; //Optimistic start!!
UNICODE_STRING ntUnicodeString; // NT Device Name “\Device\SIOCTL”
UNICODE_STRING ntWin32NameString; // Win32 Name “\DosDevices\IoctlTest”
DbgPrint(“DriverEntry point loaded”);
RtlInitUnicodeString(
&ntUnicodeString,
NT_DEVICE_NAME
);
status = IoCreateDevice(
driverObject,
0,
&ntUnicodeString,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);
driverObject->DriverUnload = DriverUnload;
driverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
driverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;
RtlInitUnicodeString( &ntWin32NameString, DOS_DEVICE_NAME );
status = IoCreateSymbolicLink(
&ntWin32NameString, &ntUnicodeString );
if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
}
return STATUS_SUCCESS;
Exit:
IoDeleteDevice(gDeviceObject);
}
I really do suggest you go back and look at the WDK samples rather
than run about in random directions. Have a look at the sample in
~\src\general\ioctl - this sample shows how to create an application
and driver that communicate with each other.
Build it, play with it and learn something about it before hacking it
about to match your needs.
Mark.
At 20:13 19/09/2008, xxxxx@yahoo.co.uk wrote:
Doran put me on the right track I’m sure. I created the
IRP_MJ_CREATE dispatch routines and it is still giving the same
error. I have escaped the back slashes correctly and am indeed using
OPEN_EXISTING. I think symbolic name may well be the problem from
what I read from you guys. I am going to download winobj.exe from
sysinternals and will feedback the results later.Thanks
Err … so your creating a symbolic link called “IoctlTest”, but
from your previous posts your usermode app is trying to open “Simplesys”.
That ain’t going to work. Look at the usermode portion of the
sample, testapp.c it calls:
CreateFile (“\\.\IoctlTest”,
. . .
You have to open the name of the object created by the driver NOT the
filename of the driver.
At 20:33 19/09/2008, xxxxx@yahoo.co.uk wrote:
Hi, I did create a symbolic link. Winobj shows no symbolic link for
the driver so we have a smoking gun.Here’s the driver entry code :
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS; //Optimistic start!!
UNICODE_STRING ntUnicodeString; // NT Device Name
“\Device\SIOCTL”
UNICODE_STRING ntWin32NameString; // Win32 Name
“\DosDevices\IoctlTest”DbgPrint(“DriverEntry point loaded”);
RtlInitUnicodeString(
&ntUnicodeString,
NT_DEVICE_NAME
);status = IoCreateDevice(
driverObject,
0,
&ntUnicodeString,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);driverObject->DriverUnload = DriverUnload;
driverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
driverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;RtlInitUnicodeString( &ntWin32NameString, DOS_DEVICE_NAME );
status = IoCreateSymbolicLink(
&ntWin32NameString, &ntUnicodeString );if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
}return STATUS_SUCCESS;
Exit:
IoDeleteDevice(gDeviceObject);
}
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I suspect we need to see your definitions of NT_DEVICE_NAME and DOS_DEVICE_NAME, eh?
Are they like the following (which would be correct)?
L"\Device\ SIOCTL"
L"\DosDevices\ IoctlTest"
Is your device object being created with the name you expect?
Personally, I think Mark’s advice (above) is wise. You should really consider it,
Peter
OSR
Definitions are :
#define NT_DEVICE_NAME L"\Device\SmplSys"
#define DOS_DEVICE_NAME L"\DosDevices\SimpleSys"
In the code dump you can see I havent removed the comments from the original src from the DDK, but comments aren’t causing the problem. I did play around with the ddk code, and am not hacking about in random directions. As you can see the definitions are correct, and spelt correctly. The symbolic link according to winobj is not getting created, and that must be the problem not inline comments. I am stumped as the symbolic link code is testing the status value, and should unload if there is a problem.
> -----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.uk
Sent: Friday, September 19, 2008 10:11 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile errorI am stumped as the
symbolic link code is testing the status value, and should
unload if there is a problem.
Are you sure? The DriverEntry code you posted doesn’t return a value in
case of error so it may not be unloaded. Also, it doesn’t check result
of IoCreateDevice call. Debug your code or examine debug output to see
what really happens.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
So I tidied up the code, recompiled and had debugview running. Nothing shows up in debugview. Which is totally weird.
Tidied code is
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS; //Optimistic start!!
UNICODE_STRING ntUnicodeString; // NT Device Name “\Device\SmplSys”
UNICODE_STRING ntWin32NameString; // Win32 Name “\DosDevices\SimpleSys”
DbgPrint(“DriverEntry point loaded”);
RtlInitUnicodeString(
&ntUnicodeString,
NT_DEVICE_NAME
);
status = IoCreateDevice(
driverObject,
0,
&ntUnicodeString,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);
if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
}
driverObject->DriverUnload = DriverUnload;
driverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
driverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;
RtlInitUnicodeString( &ntWin32NameString, DOS_DEVICE_NAME );
status = IoCreateSymbolicLink(
&ntWin32NameString, &ntUnicodeString );
if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
return status;
}
Exit:
IoDeleteDevice(gDeviceObject);
return status;
}
Back to square one.
Is the driver installed?
Is the driver running? Does net start “your driver name” succeed?
Bill Wandel
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@yahoo.co.uk
Sent: Friday, September 19, 2008 4:53 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile error
So I tidied up the code, recompiled and had debugview running. Nothing shows
up in debugview. Which is totally weird.
Tidied code is
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS; //Optimistic start!!
UNICODE_STRING ntUnicodeString; // NT Device Name
“\Device\SmplSys”
UNICODE_STRING ntWin32NameString; // Win32 Name
“\DosDevices\SimpleSys”
DbgPrint(“DriverEntry point loaded”);
RtlInitUnicodeString(
&ntUnicodeString,
NT_DEVICE_NAME
);
status = IoCreateDevice(
driverObject,
0,
&ntUnicodeString,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);
if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
}
driverObject->DriverUnload = DriverUnload;
driverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
driverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;
RtlInitUnicodeString( &ntWin32NameString, DOS_DEVICE_NAME );
status = IoCreateSymbolicLink(
&ntWin32NameString, &ntUnicodeString );
if (!NT_SUCCESS(status))
{
DbgPrint(“There was a problem creating the device”);
goto Exit;
}
else
{
DbgPrint(“Created device successfully”);
return status;
}
Exit:
IoDeleteDevice(gDeviceObject);
return status;
}
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
using the osr driver loader (of course!)
Yes the driver loads. Winobj lists the driver, but no symbolic link.
Do you have enabled everything necessary in DebugView? Default
configuration isn’t enough. Capture | Enable Verbose Kernel Output and
maybe something else at Vista. Just enable everything.
It is also possible you’re examining wrong place in WibObj.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.uk
Sent: Friday, September 19, 2008 11:02 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile errorusing the osr driver loader (of course!)
Yes the driver loads. Winobj lists the driver, but no symbolic link.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
OK so I looked in DebugView and there were a couple of options I turned on - Capture > Kernel and Capture > Enable Verbose Kernel Output. Now I get output!!!
The output is :
Driver Entry Point Loaded
Created Device Successfully
Created Device Successfully
So that indicates to me that it created the symbolic link ok, considering the third line of output.
I looked in winobj, and I was looking in the driver section of the tree. If I look under the GLOBAL?? section of the tree then in the list view pane on the RHS the SymLink has the value \Device\SmplSys
Where should I look to see the dos symbolic link? Steps forward, still baffled though.
> -----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.uk
Sent: Friday, September 19, 2008 11:54 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile errorI looked in winobj, and I was looking in the driver section
of the tree. If I look under the GLOBAL?? section of the tree
then in the list view pane on the RHS the SymLink has the
value \Device\SmplSys
Fine. That’s your symbolic link. Now debug the rest of code. Check if
you DriverCreateClose routing is called, if it behaves correctly etc.
Check also typos in names.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
No wait I think I get it. When I click on GLOBALS?? in the tree there are three columns on the RHS
Name | Type | SymLink
and the row that is relevant is
SimpleSys | SymbolicLink | \Device\SmplSys
so that says to me that there is a symbolic link set up, called SimpleSys that points to the correct device. Which begs one question, why doesn’t it work!!! 
xxxxx@yahoo.co.uk wrote:
No wait I think I get it. When I click on GLOBALS?? in the tree there are three columns on the RHS
Name | Type | SymLink
and the row that is relevant is
SimpleSys | SymbolicLink | \Device\SmplSys
so that says to me that there is a symbolic link set up, called SimpleSys that points to the correct device. Which begs one question, why doesn’t it work!!!
Do we really have to debug this for you? You do this one step at a
time. The symbolic link is getting created, so now you move on to your
IRP_MJ_CREATE handler. Either set a breakpoint in the handler, or put a
DbgPrint in there to detect whether it is getting called. Be sure to
echo the status value you return.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
xxxxx@yahoo.co.uk wrote:
No wait I think I get it. When I click on GLOBALS?? in the tree there are three columns on the RHS
Name | Type | SymLink
and the row that is relevant is
SimpleSys | SymbolicLink | \Device\SmplSys
so that says to me that there is a symbolic link set up, called SimpleSys that points to the correct device. Which begs one question, why doesn’t it work!!!
So all this isn’t really simple, even if you named it “simple”.
Start from WDK samples, they work for sure (er, most of them)
–PA
>>Do we really have to debug this for you?
Tim that is not necessary. I am jumping through the hoops that people are asking me to. I placed a dbgprint in the IRP_MJ_CREATE handler, and when I run my user mode code it is not getting called. I thought I was allowed to post here if I was stuck. I am stuck, and so far have had some really great pointers on winobj and dbgview and so on. However the code really does look ok to me, the driver loads and the IRP_MJ_CREATE handler is written, what can I possibly do now?
> -----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.uk
Sent: Saturday, September 20, 2008 12:40 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile error>>Do we really have to debug this for you?
Tim that is not necessary. I am jumping through the hoops
that people are asking me to. I placed a dbgprint in the
IRP_MJ_CREATE handler, and when I run my user mode code it is
not getting called. I thought I was allowed to post here if I
was stuck. I am stuck, and so far have had some really great
pointers on winobj and dbgview and so on. However the code
really does look ok to me, the driver loads and the
IRP_MJ_CREATE handler is written, what can I possibly do now?
As was advised several times before, start with an existing sample. Both
driver and application. Run original code without any change and make
sure it works. Then make step-by-step modifications and after every step
check if it still work. Finally, you should have something similar as
now but working.
The second possibility is to sit and look at the whole code to find the
bug.
The third possibility is to use debugger and trace through OS code to
see where and why CreateFile was refused. But if you’re able to do it,
this thread wouldn’t exist
Sorry but Tim is right. Driver developer has to be self-reliant to some
extent. I understand what we see as trivial may not be easy for
beginners but you have a very good way how to learn things yourself:
play with WDK samples.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
Well, from my point of view, it has been more like the list has been doing remote debugging for you every step of the way. That is kind of not too pleasant to be on the end of issuing instructions and seeing the results. I always dread those few days when I have to do that kind of thing at work with a customer, because it’s really just not any fun at all.
On towards solving your issue, my suggestions are to do either:
A lot of the things that have been going back and forth are really basic troubleshooting/problem solving type things. And certainly, everyone has to start somewhere, but I think that a valid point can be made that you’ll be able to pick up some of the debugging basics elsewhere, on your own, by reading documentation and looking around on the Internet or at your local library, and you’ll probably come out of doing so more knowledgeable in the end anyway.
When I see a debugging question posted to the list, it’s my hope that the person posting it has already narrowed things down somewhat more. I kind of get the feeling that you’re treating the kernel mode parts of this project as sort of a “black box” that you’re not really able to gain any debugging visibility into, and so you’re just calling it “stuck” there. This is not really the case, though, as in principle, many of the same basic concepts for debugging a user mode program apply to kernel development, though there are certainly extra dimensions to previously more simplified views of certain concepts along the way.
The reality is that you should be able to make a lot more progress more quickly (and learn more from the experience) by hacking around a bit here on your own. There is a lot of good documentation (and certainly some bad documentation here or there) that ships with the debugger and the WDK that will get you started on your learning process there.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.co.uk
Sent: Friday, September 19, 2008 6:40 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Createfile error
>Do we really have to debug this for you?
Tim that is not necessary. I am jumping through the hoops that people are asking me to. I placed a dbgprint in the IRP_MJ_CREATE handler, and when I run my user mode code it is not getting called. I thought I was allowed to post here if I was stuck. I am stuck, and so far have had some really great pointers on winobj and dbgview and so on. However the code really does look ok to me, the driver loads and the IRP_MJ_CREATE handler is written, what can I possibly do now?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer