Got a weird BSOD at a filter driver

OSR_Community_User · February 13, 2012, 11:43am

Hi
I’m currently working on a filter driver for \FileSystem\Ntfs , but when it’s get attached (the function return STATUS_SUCCESS) , at IopfCallDriver I got BSOD.

here is the source of attaching.
ntStatus = IoCreateDevice(DriverObject,sizeof(DEVICE_EXTENSION),NULL,FILE_DEVICE_DISK_FILE_SYSTEM,0,0,&newDeviceObject);

if(NT_SUCCESS(ntStatus))
pDevExt = (DEVICE_EXTENSION)newDeviceObject->DeviceExtension;

RtlInitUnicodeString(&devname, L"\FileSystem\Ntfs");
RtlInitUnicodeString(&ObName,L"ObReferenceObjectByName");
FunctionAddress = (OBReferenceObjectByName)MmGetSystemRoutineAddress(&ObName);
ntStatus = ((OBReferenceObjectByName)FunctionAddress)(&devname,0x40,0,0,*IoDriverObjectType,0,0,(PVOID*)&filesystem);

if(!NT_SUCCESS(ntStatus))
DbgPrint(“OBReferenceObjectByName failed with 0x%x\n”,ntStatus);

target = filesystem->DeviceObject;

newDeviceObject->Flags |= (target->Flags & (DO_SUPPORTS_TRANSACTIONS| DO_DIRECT_IO| DO_BUFFERED_IO));
newDeviceObject->Characteristics |= (target->Characteristics & FILE_DEVICE_SECURE_OPEN);

ntStatus = IoAttachDeviceToDeviceStackSafe(newDeviceObject,target,&pDevExt->AttachedToDeviceObject);

I can’t find out what the problem is

thanks

Alex_Carp · February 13, 2012, 12:45pm

As I said before, perhaps a minifilter would be a better solution ? Anyway you should definitely paste the result of the !analyze -v whenever you need help with a bugcheck…

Thanks,
Alex.

Chris_Neill · February 15, 2012, 7:00pm

Based on nothing but the small snippet you’ve provided, it looks like you forgot to clear the DO_DEVICE_INITIALIZING flag on your created device. Alex is right though, you should post !analyze results.