how to manually call ClientEventReceived in TDI filter driver?

OSR_Community_User · February 5, 2005, 2:00pm

Hi all,

I need to manually call ClientEventReceived in my TDI
filter driver, but I manage only to crash the system
with bug check DRIVER_IRQL_NOT_LESS_OR_EQUAL.

One problem that I have is that I couldn’t find a
method to get the value of the CONNECTION_CONTEXT
parameter, so I always pass NULL. Could that be the
problem? In the DDK it is specified that this
parameter is specified in the call to ZwCreateFile,
but I don’t know where to look for it in the IRPs
received in my filter driver.

And the second question that I have is that the
“Tsdu” parameter is a pointer to a buffer wich holds
the received data or it has a special
structure?

I tried searching everywhere for more information, but
I couldn’t find anything useful.

Thanks for all your help!

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

David_R_Cattley · February 7, 2005, 12:01am

Berneanu,

The CONNECTION_CONTEXT is passed as the value of an Extended Attribute (EA)
in the IRP_MJ_CREATE Irp.

Passing NULL is most definately going to cause problems. Most likley the
bugcheck is simply due to the TDI Client (AFD, NBT, etc.) dereferencing a
NULL pointer.

I think the DDK documentation explains how to extract the ConnectionContext
during Create processing.

Good Luck,

Dave Cattley
Consulting Engineer
Systems Software Development

“Berneanu Cristi” wrote in message
news:xxxxx@ntdev…
> Hi all,
>
> I need to manually call ClientEventReceived in my TDI
> filter driver, but I manage only to crash the system
> with bug check DRIVER_IRQL_NOT_LESS_OR_EQUAL.
>
> One problem that I have is that I couldn’t find a
> method to get the value of the CONNECTION_CONTEXT
> parameter, so I always pass NULL. Could that be the
> problem? In the DDK it is specified that this
> parameter is specified in the call to ZwCreateFile,
> but I don’t know where to look for it in the IRPs
> received in my filter driver.
>
> And the second question that I have is that the
> “Tsdu” parameter is a pointer to a buffer wich holds
> the received data or it has a special
> structure?
>
> I tried searching everywhere for more information, but
> I couldn’t find anything useful.
>
> Thanks for all your help!
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

Yura_Matyashev · February 7, 2005, 12:43am

Hello ,Berneanu

Saturday, February 5, 2005, 7:26:18 PM, you wrote:

BC> I need to manually call ClientEventReceived in my TDI
BC> filter driver, but I manage only to crash the system
BC> with bug check DRIVER_IRQL_NOT_LESS_OR_EQUAL.

BC> One problem that I have is that I couldn’t find a
BC> method to get the value of the CONNECTION_CONTEXT
BC> parameter, so I always pass NULL. Could that be the
BC> problem? In the DDK it is specified that this
BC> parameter is specified in the call to ZwCreateFile,
BC> but I don’t know where to look for it in the IRPs
BC> received in my filter driver.

You have to process IRP_MJ_CREATE irps.To get the context from the
irp, use the following code:

FILE_FULL_EA_INFORMATION *pEaInfo = (FILE_FULL_EA_INFORMATION *)pIrp->AssociatedIrp.SystemBuffer;
if( pEaInfo != NULL )
{
if( pEaInfo->EaNameLength == TDI_CONNECTION_CONTEXT_LENGTH &&
memcmp(pEaInfo->EaName, TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH) == 0)
{
CONNECTION_CONTEXT *Context = (CONNECTION_CONTEXT*)(pEaInfo->EaName + sizeof(TdiConnectionContext));
// store connection context
Obj->Connection.ConnectionContext = *Context;
}
}

BC> And the second question that I have is that the
BC> “Tsdu” parameter is a pointer to a buffer wich holds
BC> the received data or it has a special
BC> structure?

Yes, it’s just pointer to buffer

–
Best regards,
Yura mailto:xxxxx@mail.zp.ua

OSR_Community_User · February 7, 2005, 7:47am

Thank you all, and especially Yura, for your
invaluable answers!
— Yura wrote:

> Hello ,Berneanu
>
> Saturday, February 5, 2005, 7:26:18 PM, you wrote:
>
> BC> I need to manually call ClientEventReceived in
> my TDI
> BC> filter driver, but I manage only to crash the
> system
> BC> with bug check DRIVER_IRQL_NOT_LESS_OR_EQUAL.
>
> BC> One problem that I have is that I couldn’t find
> a
> BC> method to get the value of the
> CONNECTION_CONTEXT
> BC> parameter, so I always pass NULL. Could that be
> the
> BC> problem? In the DDK it is specified that this
> BC> parameter is specified in the call to
> ZwCreateFile,
> BC> but I don’t know where to look for it in the
> IRPs
> BC> received in my filter driver.
>
> You have to process IRP_MJ_CREATE irps.To get the
> context from the
> irp, use the following code:
>
> FILE_FULL_EA_INFORMATION *pEaInfo =
> (FILE_FULL_EA_INFORMATION
> *)pIrp->AssociatedIrp.SystemBuffer;
> if( pEaInfo != NULL )
> {
> if( pEaInfo->EaNameLength ==
> TDI_CONNECTION_CONTEXT_LENGTH &&
> memcmp(pEaInfo->EaName,
> TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH)
> == 0)
> {
> CONNECTION_CONTEXT Context =
> (CONNECTION_CONTEXT)(pEaInfo->EaName +
> sizeof(TdiConnectionContext));
> // store connection context
> Obj->Connection.ConnectionContext =
> *Context;
> }
> }
>
> BC> And the second question that I have is that the
> BC> “Tsdu” parameter is a pointer to a buffer wich
> holds
> BC> the received data or it has a special
> BC> structure?
>
> Yes, it’s just pointer to buffer
>
>
> –
> Best regards,
> Yura
> mailto:xxxxx@mail.zp.ua
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

=====
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to build bigger and better idiots. So far, the universe is winning.
Rick Cook

__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

Maxim_S_Shatskih · February 9, 2005, 5:44am

The filter must:

create its own connection context structure
associate the incoming (from CREATE’s EA) context with its structure via
some container like a hash table or such. Also put the pointer of the caller’s
context structure to your structure
pass down your structure pointer in CREATE’s EA
in upcalls like ClientEventReceive, the connection context is your
structure. Extract the upper’s pointer and call the upper’s handler.
if downcalls like IRP dispatches, you will need to resolve the
association - to map the caller’s context to your structure pointer.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “David R. Cattley”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Monday, February 07, 2005 8:00 AM
Subject: Re:[ntdev] how to manually call ClientEventReceived in TDI filter
driver?

> Berneanu,
>
> The CONNECTION_CONTEXT is passed as the value of an Extended Attribute (EA)
> in the IRP_MJ_CREATE Irp.
>
> Passing NULL is most definately going to cause problems. Most likley the
> bugcheck is simply due to the TDI Client (AFD, NBT, etc.) dereferencing a
> NULL pointer.
>
> I think the DDK documentation explains how to extract the ConnectionContext
> during Create processing.
>
>
> Good Luck,
>
> Dave Cattley
> Consulting Engineer
> Systems Software Development
>
> “Berneanu Cristi” wrote in message
> news:xxxxx@ntdev…
> > Hi all,
> >
> > I need to manually call ClientEventReceived in my TDI
> > filter driver, but I manage only to crash the system
> > with bug check DRIVER_IRQL_NOT_LESS_OR_EQUAL.
> >
> > One problem that I have is that I couldn’t find a
> > method to get the value of the CONNECTION_CONTEXT
> > parameter, so I always pass NULL. Could that be the
> > problem? In the DDK it is specified that this
> > parameter is specified in the call to ZwCreateFile,
> > but I don’t know where to look for it in the IRPs
> > received in my filter driver.
> >
> > And the second question that I have is that the
> > “Tsdu” parameter is a pointer to a buffer wich holds
> > the received data or it has a special
> > structure?
> >
> > I tried searching everywhere for more information, but
> > I couldn’t find anything useful.
> >
> > Thanks for all your help!
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com