IOCTL problem

Tim_Roberts · August 20, 2010, 7:36pm

Joseph M. Newcomer wrote:

As Don pointed out, the correct way is to use the CTL_CODE macro. Also, why
did you choose FILE_DEVICE_UNKNOWN as the device ID (the first 32K device
IDs are reserved for Microsoft, so why did you choose a number in that
range?).

Although you are correct, in all fairness, virtually every sample driver
in the DDK uses FILE_DEVICE_UNKNOWN. It’s not an unreasonable choice
for a beginner to make. And, honestly, the risk is nil.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · August 20, 2010, 7:36pm

See below…

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Friday, August 20, 2010 5:36 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] IOCTL problem

OK, I can see why you might be getting nothing. 0 is a perfectly valid
file handle. When CreateFile fails, it returns INVALID_HANDLE_VALUE,
which is -1.

Yes, but IIRC all other Win32 functions which create a kernel handle return
NULL on failure, not INVALID_HANDLE_VALUE.
****************************************************************************
Actually, it doesn’t matter what “all other” functions return; CreateFile is
specifically documented as returning INVALID_HANDLE_VALUE (as does
FindFirstFile). RTFM is usually a great aid!

I missed that because I always misinterpret that stupid C-ism that “0 is
FALSE” to allow doing Boolean tests without doing comparisons; I would have
caught it if the test had been written correctly as
if(hFile != NULL)
****************************************************************************

Have you ever really seen valid file handle == NULL?

****************************************************
No, but it is certainly permissible under the rules.
****************************************************

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

OSR_Community_User · August 20, 2010, 7:39pm

This means “file not found” or “device not found”. Did you use ‘net start’
to start your driver? Since it is not PnP, you would have to explicitly
start it. You have said nothing about how you “install” it; to start it,
you need to create a Registry entry of the appropriate name and with the
correct fields filled in. Typically you will have to reboot, because old
legacy drivers of this type are not enumerated except at boot time, so even
after you create the Registry entry you will not be able to start the driver
right away.

So ultimately, the error you get (error code 2, device not found) is what
would be expected if the driver were not running, which it almost certainly
is not.
joe

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Friday, August 20, 2010 5:43 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] IOCTL problem

@ Tim Roberts :
You’re right, here’s the output from user-mode :

CreateFile failed, error 2

Peter Viscarola (OSR) :
It means both kernel & user applications running successfully but seems
user-mode could not communicate with the driver.

I put the source codes!

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

OSR_Community_User · August 20, 2010, 7:42pm

If you put it in %SystemRoot%\System32\drivers you do not need to use the
binpath.
joe

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, August 20, 2010 7:14 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] IOCTL problem

xxxxx@yahoo.com wrote:

Simply by INSTDRV … .
Is it require to install via SCM ?

Yes, but INSTDRV must be using the SCM. There’s no other practical way
to do a legacy install without requiring a reboot.

It’s just not necessary. You can do the same thing from a command line:
copy mydriver.sys c:\windows\system32\drivers
sc create mydriver type= kernel start= demand binPath=
system32\drivers\mydriver.sys
net start mydriver

Loading a new version in is then just:
net stop mydriver
copy mydriver.sys c:\windows\system32\drivers
net start mydriver

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

mm1 · August 20, 2010, 8:25pm

Quite true. An important, not really obvious and incredibly irritating if
not followed feature of the sc command line is having the EXACT spacing that
Tim below showed.

That is:

This: sc create mydriver type= kernel start= demand binPath=
system32\drivers\mydriver.sys

But NOT: sc create mydriver type=kernel start=demand
binPath=system32\drivers\mydriver.sys

OR: sc create mydriver type = kernel start = demand binPath =
system32\drivers\mydriver.sys

OR: sc create mydriver type =kernel start =demand binPath
=system32\drivers\mydriver.sys

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, August 20, 2010 7:14 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] IOCTL problem

xxxxx@yahoo.com wrote:

Simply by INSTDRV … .
Is it require to install via SCM ?

Yes, but INSTDRV must be using the SCM. There’s no other practical way to
do a legacy install without requiring a reboot.

It’s just not necessary. You can do the same thing from a command line:
copy mydriver.sys c:\windows\system32\drivers
sc create mydriver type= kernel start= demand binPath=
system32\drivers\mydriver.sys
net start mydriver

Loading a new version in is then just:
net stop mydriver
copy mydriver.sys c:\windows\system32\drivers
net start mydriver

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Tim_Roberts · August 20, 2010, 8:27pm

M. M. O’Brien wrote:

Quite true. An important, not really obvious and incredibly irritating if
not followed feature of the sc command line is having the EXACT spacing that
Tim below showed.

Yes. The otherwise incredibly useful “sc” tool is a textbook example of
a command line application created by a programmer who did not
understand the idioms used by command line applications.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Maxim_S_Shatskih · August 20, 2010, 8:42pm

> No, but close. The handles for a console’s stdin, stdout and stderror

are 3, 11, and 15. The low bits probably have some special meaning.

100% sure of this.

For kernel handle, the low 2 bits are unused. So, odd Win32 handle values is clearly a sign of non kernel handle, i.e. CSRSS console.

Read/WriteFile to it will not call ZwXxx syscalls, but will call CsrClientCallServer instead.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Mark_S_Edwards · August 20, 2010, 8:43pm

At 01:27 21/08/2010, Tim Roberts wrote:

M. M. O’Brien wrote:
> Quite true. An important, not really obvious and incredibly irritating if
> not followed feature of the sc command line is having the EXACT
spacing that
> Tim below showed.

Yes. The otherwise incredibly useful “sc” tool is a textbook example of
a command line application created by a programmer who did not
understand the idioms used by command line applications.

Very true, it’s taken Microsoft the best part of 25 years to learn
that serious data centre administration requires proper command line
tools that can be scripted. Several generations of their command
line utilities were obviously written by people who couldn’t
understand why the gui wasn’t a universal solution.

Maxim_S_Shatskih · August 20, 2010, 8:46pm

> CreateFile failed, error 2

File not found.

Run WinObj and ensure that your device object is present.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Peter_Viscarola_OSR · August 20, 2010, 10:43pm

…by the Object Manager. But, and I am sure of THIS, the low two bits are used by some drivers in the system to signify various things. The textbook case in AFD.

I’m not sure what you mean by kernel handle … to *me* that signifies OBJ_KERNEL_HANDLE was set in the OBJECT_ATTRIBUTES structure, which can’t be what we’re talking about here. But *any* handle created by the Windows handle table routines natively returns the low 2 bits clear, and in the I/O Subsystem there are drivers that rely on this and add their own meaning to those bits.

(As an aside, I am highly skeptical that zero is actually a valid handle value – I’ve never seen it, and I suspect there’s probably something that prevents 0 from being returned as a handle value… I’m not in a position to look that up right now, I’m sorry to say.)

Peter
OSR

Ken_Johnson · August 21, 2010, 4:10am

To be fair, our friend sc.exe started out as test code many, many years ago (I believe it was even an SDK sample for a few releases), long before it actually got a life of its own as an inbox tool. I suspect that enough people simply found it handy enough to do the work to include it, and by then, there were probably too many scripts depending on the existing command line parsing behavior to easily change it.

S (Msft)

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark S. Edwards
Sent: Friday, August 20, 2010 5:43 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] IOCTL problem

At 01:27 21/08/2010, Tim Roberts wrote:

M. M. O’Brien wrote:
> Quite true. An important, not really obvious and incredibly
> irritating if not followed feature of the sc command line is having
> the EXACT
spacing that
> Tim below showed.

Yes. The otherwise incredibly useful “sc” tool is a textbook example
of a command line application created by a programmer who did not
understand the idioms used by command line applications.

Very true, it’s taken Microsoft the best part of 25 years to learn that serious data centre administration requires proper command line tools that can be scripted. Several generations of their command line utilities were obviously written by people who couldn’t understand why the gui wasn’t a universal solution.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

_Genius · August 21, 2010, 4:13am

@ Maxim S. Shatskih :
I can see it on WinObjEx

Ken_Johnson · August 21, 2010, 4:13am

It’s also got a special meaning with respect to suppressing I/O completion port notifications. Check out the documentation for GetQueuedCompletionStatus’s lpOverlapped parameter on MSDN: http://msdn.microsoft.com/en-us/library/aa364986.aspx

S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Friday, August 20, 2010 7:43 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] IOCTL problem

…by the Object Manager. But, and I am sure of THIS, the low two bits are used by some drivers in the system to signify various things. The textbook case in AFD.

I’m not sure what you mean by kernel handle … to *me* that signifies OBJ_KERNEL_HANDLE was set in the OBJECT_ATTRIBUTES structure, which can’t be what we’re talking about here. But *any* handle created by the Windows handle table routines natively returns the low 2 bits clear, and in the I/O Subsystem there are drivers that rely on this and add their own meaning to those bits.

(As an aside, I am highly skeptical that zero is actually a valid handle value – I’ve never seen it, and I suspect there’s probably something that prevents 0 from being returned as a handle value… I’m not in a position to look that up right now, I’m sorry to say.)

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

_Genius · August 21, 2010, 4:33am

In this case I changed the OPEN_EXISTING of createfile to CREATE_ALWAYS & user-mode program didn’t issue the FILE_NOT_FOUND error … .

Peter_Viscarola_OSR · August 21, 2010, 9:19am

A valid event handle whose low-order bit is set keeps I/O completion from being queued to the completion port.

[/quote]

I didn’t know that (thx Ken)…

Once again let me say: You learn something every day.

Peter
OSR

mm1 · August 21, 2010, 10:50am

That’s because it’s creating it.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Saturday, August 21, 2010 4:34 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] IOCTL problem

In this case I changed the OPEN_EXISTING of createfile to CREATE_ALWAYS &
user-mode program didn’t issue the FILE_NOT_FOUND error … .

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

_Genius · August 21, 2010, 1:05pm

Problem solved, none of the points except IoCompleteRequest(Irp,IO_NO_INCREMENT) was corrent, but in fact the main problem was not passing Irp & completing the major function … .

regards.

Mark_S_Edwards · August 21, 2010, 1:48pm

Well done. Though I wonder how much quicker you’d have been if you
knew how to add trace statements and use Windbg instead of asking the
list to debug it for you every step of the way ?

At 18:06 21/08/2010, xxxxx@yahoo.com wrote:

Problem solved, none of the points except
IoCompleteRequest(Irp,IO_NO_INCREMENT) was corrent, but in fact the
main problem was not passing Irp & completing the major function … .

regards.

Pavel_A1 · August 21, 2010, 5:17pm

“Mark S. Edwards” wrote in message
news:xxxxx@ntdev…
…
> Very true, it’s taken Microsoft the best part of 25 years to learn that
> serious data centre administration requires proper command line tools that
> can be scripted. Several generations of their command line utilities were
> obviously written by people who couldn’t understand why the gui wasn’t a
> universal solution.
>

And then… they invented Powershell, which may be perfect from this POV,
but not terribly successful.
MS just has no luck in most of their inventions

The biggest problem with sc is not the spaces in command line, it’s that it
won’t return proper exit status on error.
So it is hard to test if the command worked in a batch.

– pa

_Genius · August 21, 2010, 5:22pm

@ Mark S. Edwards :
That’s because in the place I’ve been developed this source code, I didn’t have WinDbg, & the DDK was 3790.x & didn’t have windbg included … . at least I didn’t find anything … .