Hi Everyone,
I have been tying to send message using FilterSendMessage without any success. I keep getting a blue screen.
Can someone please tell me exactly how to pass a string like “.txt” (a file extension) and correctly receive it in the kernel mode?
I also want to be able to compare this string against the extension of a file that is being opened and perform some action if is a .txt .
I tried doing it the way it is in the minispy example, but it only shows how to pass an integer. If I change anything in the Data field of the COMMAND_MESSAGE struct, it all crashes.
Thanks!
saurako
Can someone please help me?
Thanks!
saurako
Did you try to understand how the message passing works OR simply started
changing the fields of the COMMAND_MESSAGE?
First try to understand how message passing works. Forget FilterSendMessage,
go back to basics. Try sending simple IOCTLs.
As a hint, either have a fixed size array in the command message OR use a
variable sized array in a structure and set the length properly.
Regards,
Ayush Gupta
AI Consulting
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, February 06, 2010 1:42 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Example of FilterSendMessage
Hi Everyone,
I have been tying to send message using FilterSendMessage without any
success. I keep getting a blue screen.
Can someone please tell me exactly how to pass a string like “.txt” (a file
extension) and correctly receive it in the kernel mode?
I also want to be able to compare this string against the extension of a
file that is being opened and perform some action if is a .txt .
I tried doing it the way it is in the minispy example, but it only shows how
to pass an integer. If I change anything in the Data field of the
COMMAND_MESSAGE struct, it all crashes.
Thanks!
saurako
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Ayush,
Thanks for pointing me in the right direction. I am new to driver
development and I havent tried sending IOCTLs to the driver. This is not a
puzzle I am tyring to solve, rather I am tying to understand the basics of
how things work. After an initial reading and understanding the structure of
a filter driver, I started out to understand the the way message passing
works using FilterSendMessage (like you said, it may not have been the right
first thing to do) and in fact, after posting here and before you replied, I
did exactly what you suggested: using a fixed size array. I am getting to
understand the big picture and the low level details slowly.
Now that I am able to pass the string successfully, I am stuck in being able
to compare it to what the system gives me through the
FLT_FILE_NAME_INFORMATION structure. The Extension field is a
UNICODE_STRING. My problem now is in converting the string I receive as a
fixed size array of UCHARs to a UNICODE_STRING. Maybe I need to pass a WCHAR
array instead of a UCHAR, but I’m not sure.
Thanks.
saurako
On Sun, Feb 7, 2010 at 12:33 PM, Ayush Gupta wrote:
> Did you try to understand how the message passing works OR simply started
> changing the fields of the COMMAND_MESSAGE?
> First try to understand how message passing works. Forget
> FilterSendMessage,
> go back to basics. Try sending simple IOCTLs.
> As a hint, either have a fixed size array in the command message OR use a
> variable sized array in a structure and set the length properly.
>
> Regards,
> Ayush Gupta
> AI Consulting
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@gmail.com
> Sent: Saturday, February 06, 2010 1:42 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Example of FilterSendMessage
>
> Hi Everyone,
> I have been tying to send message using FilterSendMessage without any
> success. I keep getting a blue screen.
> Can someone please tell me exactly how to pass a string like “.txt” (a file
> extension) and correctly receive it in the kernel mode?
> I also want to be able to compare this string against the extension of a
> file that is being opened and perform some action if is a .txt .
> I tried doing it the way it is in the minispy example, but it only shows
> how
> to pass an integer. If I change anything in the Data field of the
> COMMAND_MESSAGE struct, it all crashes.
>
> Thanks!
>
> saurako
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
This is really kernel mode programming 101. Doing any UNICODE/wide
character translation in the kernel is a bad idea. Sometimes it is
necessary, but if it can be avoided it is best to do so. The UNICODE
translation tables are located in paged memory and any function that
references them must be run below DISPATCH_LEVEL. IRP_MJ_CREATE runs at
PASSIVE_LEVEL, but I would still avoid the translation in the kernel. Just
pass a buffer with a EOS (end of string - sometimes called NULL) to
terminate it of wide characters in the proper character set. You can easily
convert that string to a UNICODE string and run the safe string comparisons.
I might consider having the application send a structure with the length of
the string in it followed by the string itself. You can then create a
UNICODE_STRING structure where ever it is needed and fill in the three
fields. You might need to retain these strings in the kernel, but that is a
relatively simple operation to build a linked list of UNICODE_STRING
structures. It just depends upon your requirements.
As to finding the correct code for your needs, all you have to do it write
something and use windbg to see if you got it correct. Don’t forget to try
both x86 & x64 drivers. If you have control over the application always
enable strings to be UNICODE/wide characters. I still like the old _T[*]
macros.
“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…
Ayush,
Thanks for pointing me in the right direction. I am new to driver
development and I havent tried sending IOCTLs to the driver. This is not a
puzzle I am tyring to solve, rather I am tying to understand the basics of
how things work. After an initial reading and understanding the structure of
a filter driver, I started out to understand the the way message passing
works using FilterSendMessage (like you said, it may not have been the right
first thing to do) and in fact, after posting here and before you replied, I
did exactly what you suggested: using a fixed size array. I am getting to
understand the big picture and the low level details slowly.
Now that I am able to pass the string successfully, I am stuck in being able
to compare it to what the system gives me through the
FLT_FILE_NAME_INFORMATION structure. The Extension field is a
UNICODE_STRING. My problem now is in converting the string I receive as a
fixed size array of UCHARs to a UNICODE_STRING. Maybe I need to pass a WCHAR
array instead of a UCHAR, but I’m not sure.
Thanks.
saurako
On Sun, Feb 7, 2010 at 12:33 PM, Ayush Gupta wrote:
Did you try to understand how the message passing works OR simply started
changing the fields of the COMMAND_MESSAGE?
First try to understand how message passing works. Forget FilterSendMessage,
go back to basics. Try sending simple IOCTLs.
As a hint, either have a fixed size array in the command message OR use a
variable sized array in a structure and set the length properly.
Regards,
Ayush Gupta
AI Consulting
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, February 06, 2010 1:42 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Example of FilterSendMessage
Hi Everyone,
I have been tying to send message using FilterSendMessage without any
success. I keep getting a blue screen.
Can someone please tell me exactly how to pass a string like “.txt” (a file
extension) and correctly receive it in the kernel mode?
I also want to be able to compare this string against the extension of a
file that is being opened and perform some action if is a .txt .
I tried doing it the way it is in the minispy example, but it only shows how
to pass an integer. If I change anything in the Data field of the
COMMAND_MESSAGE struct, it all crashes.
Thanks!
saurako
—
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Thanks David!
I resolved the problem and am now able to pass the string and do the
operations I intended.
saurako
On Sun, Feb 7, 2010 at 7:04 PM, David Craig wrote:
> This is really kernel mode programming 101. Doing any UNICODE/wide
> character translation in the kernel is a bad idea. Sometimes it is
> necessary, but if it can be avoided it is best to do so. The UNICODE
> translation tables are located in paged memory and any function that
> references them must be run below DISPATCH_LEVEL. IRP_MJ_CREATE runs at
> PASSIVE_LEVEL, but I would still avoid the translation in the kernel. Just
> pass a buffer with a EOS (end of string - sometimes called NULL) to
> terminate it of wide characters in the proper character set. You can easily
> convert that string to a UNICODE string and run the safe string comparisons.
> I might consider having the application send a structure with the length of
> the string in it followed by the string itself. You can then create a
> UNICODE_STRING structure where ever it is needed and fill in the three
> fields. You might need to retain these strings in the kernel, but that is a
> relatively simple operation to build a linked list of UNICODE_STRING
> structures. It just depends upon your requirements.
>
> As to finding the correct code for your needs, all you have to do it write
> something and use windbg to see if you got it correct. Don’t forget to try
> both x86 & x64 drivers. If you have control over the application always
> enable strings to be UNICODE/wide characters. I still like the old _T[*]
> macros.
>
> “Saurabh Kothari” wrote in message news:xxxxx@ntfsd.
> …
>
> Ayush,
> Thanks for pointing me in the right direction. I am new to driver
> development and I havent tried sending IOCTLs to the driver. This is not a
> puzzle I am tyring to solve, rather I am tying to understand the basics of
> how things work. After an initial reading and understanding the structure of
> a filter driver, I started out to understand the the way message passing
> works using FilterSendMessage (like you said, it may not have been the right
> first thing to do) and in fact, after posting here and before you replied, I
> did exactly what you suggested: using a fixed size array. I am getting to
> understand the big picture and the low level details slowly.
> Now that I am able to pass the string successfully, I am stuck in being
> able to compare it to what the system gives me through the
> FLT_FILE_NAME_INFORMATION structure. The Extension field is a
> UNICODE_STRING. My problem now is in converting the string I receive as a
> fixed size array of UCHARs to a UNICODE_STRING. Maybe I need to pass a WCHAR
> array instead of a UCHAR, but I’m not sure.
>
> Thanks.
>
> saurako
>
>
>
> On Sun, Feb 7, 2010 at 12:33 PM, Ayush Gupta wrote:
>
> Did you try to understand how the message passing works OR simply started
> changing the fields of the COMMAND_MESSAGE?
> First try to understand how message passing works. Forget
> FilterSendMessage,
> go back to basics. Try sending simple IOCTLs.
> As a hint, either have a fixed size array in the command message OR use a
> variable sized array in a structure and set the length properly.
>
> Regards,
> Ayush Gupta
> AI Consulting
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@gmail.com
> Sent: Saturday, February 06, 2010 1:42 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Example of FilterSendMessage
>
> Hi Everyone,
> I have been tying to send message using FilterSendMessage without any
> success. I keep getting a blue screen.
> Can someone please tell me exactly how to pass a string like “.txt” (a file
> extension) and correctly receive it in the kernel mode?
> I also want to be able to compare this string against the extension of a
> file that is being opened and perform some action if is a .txt .
> I tried doing it the way it is in the minispy example, but it only shows
> how
> to pass an integer. If I change anything in the Data field of the
> COMMAND_MESSAGE struct, it all crashes.
>
> Thanks!
>
> saurako
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>