Event Viewer3019

OSR_Community_User · March 10, 2006, 11:13am

Hello All !
I’ve written TDI filter driver.
( Attach to \device\tcp )
And I simply pass all IRPs down without any processing.
I dont know why, but if I look into windows event viewer ( System log
), I can see there a warning message with ID = 3019 every time I enter
a shared folder.

could you tell me please, what I’ve done wrong ?
( I know that this message is not dangerous, but it’s important for
me, that there were no this message … )

here is my code :

#include <ntddk.h>
#include “tdikrnl.h”
#include “main.h”

#define LINKNAME_STRING L"\DosDevices\testdrv"
#define NTDEVICE_STRING L"\Device\testdrv"

PDEVICE_OBJECT pMyDeviceObject;

NTSTATUS
TCP_FilterAttach(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
UNICODE_STRING us;

PDEVICE_OBJECT pTargetDeviceObject = NULL;
PFILE_OBJECT pTargetFileObject = NULL;
PDEVICE_OBJECT pLowerDeviceObject = NULL;
PDEVICE_OBJECT pHookerDevObj = NULL;
PHOOKER_DEVICE_EXTENSION HookerDevExt;
ULONG DeviceFlags;

ASSERT( KeGetCurrentIrql() == PASSIVE_LEVEL );

RtlInitUnicodeString( &us, L"\Device\Tcp" );

ntStatus = IoGetDeviceObjectPointer( &us, FILE_READ_ATTRIBUTES, &pTargetFileObject, &pTargetDeviceObject );

if( ntStatus != STATUS_SUCCESS )
{
pTargetFileObject = NULL;
pTargetDeviceObject = NULL;

return( ntStatus );
}

ntStatus = IoCreateDevice(
DriverObject,
sizeof( HOOKER_DEVICE_EXTENSION ),
NULL,
pTargetDeviceObject->DeviceType,
pTargetDeviceObject->Characteristics,
FALSE,
&pHookerDevObj
);

if( ntStatus != STATUS_SUCCESS )
{
ObDereferenceObject( pTargetFileObject );

pTargetFileObject = NULL;
pTargetDeviceObject = NULL;

return( ntStatus );
}

HookerDevExt = (HOOKER_DEVICE_EXTENSION*)pHookerDevObj->DeviceExtension;
RtlZeroMemory( HookerDevExt, sizeof( HOOKER_DEVICE_EXTENSION ) );

HookerDevExt->HookerDevObj = pHookerDevObj;

HookerDevExt->TargetDeviceObject = pTargetDeviceObject;
HookerDevExt->TargetFileObject = pTargetFileObject;

pLowerDeviceObject = IoAttachDeviceToDeviceStack( pHookerDevObj, pTargetDeviceObject );

HookerDevExt->LowerDeviceObject = pLowerDeviceObject;

return ntStatus;
}

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus;
UNICODE_STRING DeviceName, DeviceLinkName;
ULONG i;

RtlInitUnicodeString(&DeviceName, NTDEVICE_STRING);
RtlInitUnicodeString(&DeviceLinkName, LINKNAME_STRING);

ntStatus = IoCreateDevice (
DriverObject,
0,
&DeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pMyDeviceObject );

if ( ntStatus != STATUS_SUCCESS )
{
return ntStatus;
}

for ( i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; ++i )
{
DriverObject->MajorFunction[i] = Dispatch;
}

DriverObject->DriverUnload = NULL;

ntStatus = IoCreateSymbolicLink(&DeviceLinkName, &DeviceName);

if ( ntStatus != STATUS_SUCCESS )
{
IoDeleteDevice( pMyDeviceObject );
return ntStatus;
}

ntStatus = TCP_FilterAttach( DriverObject, RegistryPath);

if ( ntStatus != STATUS_SUCCESS )
{
IoDeleteSymbolicLink( &DeviceLinkName );
IoDeleteDevice( pMyDeviceObject );
return ntStatus;
}

return ntStatus;
}

NTSTATUS
Dispatch(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
return (DeviceObject == pMyDeviceObject) ? MyDispatch (DeviceObject, Irp) : HookedDispatch (DeviceObject, Irp);
}

NTSTATUS
MyDispatch(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

NTSTATUS
HookedDispatch( IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( Irp );
PHOOKER_DEVICE_EXTENSION HookerDevExt = (PHOOKER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

switch ( IrpSp->MajorFunction )
{
case IRP_MJ_DEVICE_CONTROL:
if ( STATUS_SUCCESS == TdiMapUserRequest(DeviceObject, Irp, IrpSp) )
{
return TdiDefaultDispatch( DeviceObject, Irp );
}
break;

default:
break;
}

return TdiDefaultDispatch( DeviceObject, Irp);
}

NTSTATUS
TdiDefaultDispatch( IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp )
{
PHOOKER_DEVICE_EXTENSION HookerDevExt = (PHOOKER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

IoSkipCurrentIrpStackLocation ( Irp );
return IoCallDriver ( HookerDevExt->LowerDeviceObject, Irp );
}
–
many thanks
foxgen mailto:xxxxx@yandex.ru</ntddk.h>

OSR_Community_User · March 10, 2006, 11:42am

Can it help:
“You see message 3019 in the System Event log when you map a network drive
or connect to a network share by using a UNC path name in Windows XP Service
Pack 2”

at

http://support.microsoft.com/default.aspx?scid=kb;en-us;889000

There is a link to an update to SP2.

----- Original Message -----
From: “xxxxx@yandex”
To: “Windows System Software Devs Interest List”
Sent: Friday, March 10, 2006 11:10 AM
Subject: [ntdev] Event Viewer3019

> Hello All !
> I’ve written TDI filter driver.
> ( Attach to \device\tcp )
> And I simply pass all IRPs down without any processing.
> I dont know why, but if I look into windows event viewer ( System log
> ), I can see there a warning message with ID = 3019 every time I enter
> a shared folder.
>
> could you tell me please, what I’ve done wrong ?
> ( I know that this message is not dangerous, but it’s important for
> me, that there were no this message … )
>
> here is my code :
>
> #include <ntddk.h>
> #include “tdikrnl.h”
> #include “main.h”
>
> #define LINKNAME_STRING L"\DosDevices\testdrv"
> #define NTDEVICE_STRING L"\Device\testdrv"
>
> PDEVICE_OBJECT pMyDeviceObject;
>
> NTSTATUS
> TCP_FilterAttach(
> IN PDRIVER_OBJECT DriverObject,
> IN PUNICODE_STRING RegistryPath
> )
> {
> NTSTATUS ntStatus =
> STATUS_SUCCESS;
> UNICODE_STRING us;
>
>
> PDEVICE_OBJECT pTargetDeviceObject = NULL;
> PFILE_OBJECT pTargetFileObject =
> NULL;
> PDEVICE_OBJECT pLowerDeviceObject =
> NULL;
> PDEVICE_OBJECT pHookerDevObj =
> NULL;
> PHOOKER_DEVICE_EXTENSION HookerDevExt;
> ULONG DeviceFlags;
>
> ASSERT( KeGetCurrentIrql() == PASSIVE_LEVEL );
>
> RtlInitUnicodeString( &us, L"\Device\Tcp" );
>
> ntStatus = IoGetDeviceObjectPointer( &us, FILE_READ_ATTRIBUTES,
> &pTargetFileObject, &pTargetDeviceObject );
>
> if( ntStatus != STATUS_SUCCESS )
> {
> pTargetFileObject = NULL;
> pTargetDeviceObject = NULL;
>
> return( ntStatus );
> }
>
> ntStatus = IoCreateDevice(
> DriverObject,
> sizeof( HOOKER_DEVICE_EXTENSION ),
> NULL,
> pTargetDeviceObject->DeviceType,
>
> pTargetDeviceObject->Characteristics,
> FALSE,
> &pHookerDevObj
> );
>
> if( ntStatus != STATUS_SUCCESS )
> {
> ObDereferenceObject( pTargetFileObject );
>
> pTargetFileObject = NULL;
> pTargetDeviceObject = NULL;
>
> return( ntStatus );
> }
>
> HookerDevExt =
> (HOOKER_DEVICE_EXTENSION*)pHookerDevObj->DeviceExtension;
> RtlZeroMemory( HookerDevExt, sizeof( HOOKER_DEVICE_EXTENSION ) );
>
> HookerDevExt->HookerDevObj = pHookerDevObj;
>
> HookerDevExt->TargetDeviceObject = pTargetDeviceObject;
> HookerDevExt->TargetFileObject = pTargetFileObject;
>
> pLowerDeviceObject = IoAttachDeviceToDeviceStack( pHookerDevObj,
> pTargetDeviceObject );
>
> HookerDevExt->LowerDeviceObject = pLowerDeviceObject;
>
> return ntStatus;
> }
>
> NTSTATUS
> DriverEntry(
> IN PDRIVER_OBJECT DriverObject,
> IN PUNICODE_STRING RegistryPath)
> {
> NTSTATUS ntStatus;
> UNICODE_STRING DeviceName, DeviceLinkName;
> ULONG i;
>
> RtlInitUnicodeString(&DeviceName, NTDEVICE_STRING);
> RtlInitUnicodeString(&DeviceLinkName, LINKNAME_STRING);
>
> ntStatus = IoCreateDevice (
> DriverObject,
> 0,
> &DeviceName,
>
> FILE_DEVICE_UNKNOWN,
> 0,
> FALSE,
> &pMyDeviceObject );
>
> if ( ntStatus != STATUS_SUCCESS )
> {
> return ntStatus;
> }
>
> for ( i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; ++i )
> {
> DriverObject->MajorFunction[i] = Dispatch;
> }
>
> DriverObject->DriverUnload = NULL;
>
> ntStatus = IoCreateSymbolicLink(&DeviceLinkName, &DeviceName);
>
> if ( ntStatus != STATUS_SUCCESS )
> {
> IoDeleteDevice( pMyDeviceObject );
> return ntStatus;
> }
>
> ntStatus = TCP_FilterAttach( DriverObject, RegistryPath);
>
> if ( ntStatus != STATUS_SUCCESS )
> {
> IoDeleteSymbolicLink( &DeviceLinkName );
> IoDeleteDevice( pMyDeviceObject );
> return ntStatus;
> }
>
> return ntStatus;
> }
>
> NTSTATUS
> Dispatch(IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp)
> {
> return (DeviceObject == pMyDeviceObject) ? MyDispatch (DeviceObject,
> Irp) : HookedDispatch (DeviceObject, Irp);
> }
>
> NTSTATUS
> MyDispatch(IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp)
> {
> Irp->IoStatus.Status = STATUS_SUCCESS;
> IoCompleteRequest(Irp, IO_NO_INCREMENT);
> return STATUS_SUCCESS;
> }
>
> NTSTATUS
> HookedDispatch( IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp)
> {
> PIO_STACK_LOCATION IrpSp =
> IoGetCurrentIrpStackLocation( Irp );
> PHOOKER_DEVICE_EXTENSION HookerDevExt =
> (PHOOKER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
>
> switch ( IrpSp->MajorFunction )
> {
> case IRP_MJ_DEVICE_CONTROL:
> if ( STATUS_SUCCESS == TdiMapUserRequest(DeviceObject, Irp,
> IrpSp) )
> {
> return TdiDefaultDispatch( DeviceObject, Irp );
> }
> break;
>
> default:
> break;
> }
>
> return TdiDefaultDispatch( DeviceObject, Irp);
> }
>
> NTSTATUS
> TdiDefaultDispatch( IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp )
> {
> PHOOKER_DEVICE_EXTENSION HookerDevExt =
> (PHOOKER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
>
> IoSkipCurrentIrpStackLocation ( Irp );
> return IoCallDriver ( HookerDevExt->LowerDeviceObject, Irp );
> }
> –
> many thanks
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></ntddk.h>