Getting partition table on Vista and Win7

NTDEV
1

Hi,
I have a disk filter driver placed after partmgr and i need to get the partition table.
I know that creating IOCTL_DISK_GET_DRIVE_LAYOUT_EX, or using IoReadPartitionTableEx() and sending them down the stack isn’t working anymore because i’m after partmgr.

After reading other posts regarding this topic i found 2 solutions:

  1. Send the IOCTL to the top of the stack
  2. Get the partition table the hard way ( RAW )

I’m currently trying the first solution but i have a problem. Every time i try to send the IOCTL, windows just freezes.

this is the sample code:

topStack = IoGetAttachedDeviceReference( pDeviceObject );

// IoReadPartitionTableEx() mode
status = IoReadPartitionTableEx( topStack, &pDriveLayoutInformation ); ( windows freeze )
if( STATUS_SUCCESS != status )
return status;
// IoBuildDeviceIoControlRequest mode
/*pIrp = IoBuildDeviceIoControlRequest(
IOCTL_DISK_GET_DRIVE_LAYOUT_EX,
topStack,
NULL,
0,
pDriveLayoutInformation,
DriveLayoutInformationSize,
FALSE,
&event,
&ioStatus);

if (NULL == pIrp)
{
core_memory_free( pDriveLayoutInformation );
return STATUS_UNSUCCESSFUL;
}

status = IoCallDriver(topStack, pIrp); //( windows freeze )

if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = ioStatus.Status;
}*/

core_memory_free( pDriveLayoutInformation );
ObDereferenceObject( topStack );

I’ve also tried zwCreateFile and ZwDeviceIoControlFile method and got the same result.

Can you please tell me if this is the right way to go, or if there is something wrong with the code, or why is windows freezing?

Thanks,
Radu Vornicu

2

Did you debug why it freezes? Attach windbg an d break in after you send the irp. Find the thread and dump the stack. Probably a deadlock in your driver or partmgr.

d

dent from a phpne with no keynoard

-----Original Message-----
From: xxxxx@yahoo.com
Sent: July 12, 2010 5:26 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Getting partition table on Vista and Win7

Hi,
I have a disk filter driver placed after partmgr and i need to get the partition table.
I know that creating IOCTL_DISK_GET_DRIVE_LAYOUT_EX, or using IoReadPartitionTableEx() and sending them down the stack isn’t working anymore because i’m after partmgr.

After reading other posts regarding this topic i found 2 solutions:
1. Send the IOCTL to the top of the stack
2. Get the partition table the hard way ( RAW )

I’m currently trying the first solution but i have a problem. Every time i try to send the IOCTL, windows just freezes.

this is the sample code:

topStack = IoGetAttachedDeviceReference( pDeviceObject );

// IoReadPartitionTableEx() mode
status = IoReadPartitionTableEx( topStack, &pDriveLayoutInformation ); ( windows freeze )
if( STATUS_SUCCESS != status )
return status;
// IoBuildDeviceIoControlRequest mode
/pIrp = IoBuildDeviceIoControlRequest(
IOCTL_DISK_GET_DRIVE_LAYOUT_EX,
topStack,
NULL,
0,
pDriveLayoutInformation,
DriveLayoutInformationSize,
FALSE,
&event,
&ioStatus);

if (NULL == pIrp)
{
core_memory_free( pDriveLayoutInformation );
return STATUS_UNSUCCESSFUL;
}

status = IoCallDriver(topStack, pIrp); //( windows freeze )

if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = ioStatus.Status;
}/

core_memory_free( pDriveLayoutInformation );
ObDereferenceObject( topStack );

I’ve also tried zwCreateFile and ZwDeviceIoControlFile method and got the same result.

Can you please tell me if this is the right way to go, or if there is something wrong with the code, or why is windows freezing?

Thanks,
Radu Vornicu


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

i’ll do that first thing tomorrow. I really hope is a deadlock in my driver so i can fix it.
BTW if it is a deadlock in partmrg, how can i “fix” that? or i’ll have to drop this approach and do it the hard way?

PS: on one Vista x64 ( virtual machine ) the driver didn’t freeze.

4

this is the stack of the thread that called IoReadPartitionTableEx()

THREAD 8c067d48 Cid 0004.00d0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
900e7b70 NotificationEvent
IRP List:
8bce2300: (0006,0100) Flags: 00060000 Mdl: 8c069078
Not impersonating
DeviceMap 8ee08950
Owning Process 8b43cd40 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 734 Ticks: 258 (0:00:00:04.031)
Context Switch Count 2
UserTime 00:00:00.000
KernelTime 00:00:00.078
Win32 Start Address edfd!ThreadHandleIrp (0x8e4888f0)
Stack Init 900e7fd0 Current 900e7a58 Base 900e8000 Limit 900e5000 Call 0
Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr Args to Child
900e7a70 8288db15 8c067d48 00000000 807ca120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
900e7aa8 8288c403 8c067e08 8c067d48 900e7b70 nt!KiSwapThread+0x266
900e7ad0 828862cf 8c067d48 8c067e08 00000000 nt!KiCommitThreadWait+0x1df
900e7b4c 829915ce 900e7b70 00000000 00000000 nt!KeWaitForSingleObject+0x393
900e7b8c 8298b282 8c05f6f8 00000200 00000000 nt!FstubReadSector+0x7a
900e7bb0 82993bdb 00000000 8c067d48 82988300 nt!FstubDetectPartitionStyle+0x18 (FPO: [0,1,2])
900e7bc8 8e4b7e5e 8c05f6f8 900e7c24 00000000 nt!IoReadPartitionTableEx+0x2c
900e7ce8 8e4889b6 8c060028 8c0600e0 ffffffff edfd!GetPartitionTable+0xbe (FPO: [Non-Fpo]) (CONV: stdcall)
900e7d50 82a2d66d 8c060028 a3c6da51 00000000 edfd!ThreadHandleIrp+0xc6 (FPO: [Non-Fpo]) (CONV: stdcall)
900e7d90 828df0d9 8e4888f0 8c060028 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

5

Found the deadlock, and fixed it. ( it was in my driver )
Thanks Doron for the help.