If I had to guess, it is because you treat outbuffer as a pointer in one
place (outbuffer = ExAllocatePool) and then you pass the address of that
location in another (ZwRead(…, &outbuffer, …). You do not show us
the layout of your local variables, but I suspect that FileObject occurs
at a higher address on the stack than outbuffer, so it gets scribbed on
when you pass the stack address of outbuffer to the read call.
Were I reviewing this code I would note:
- Incorrect use of the address of a stack local variable.
- Use of ExAllocatePool, a deprecated function (use
ExAllocatePoolWithTag)
- Use of ObReference/ObDereference when there is no need to do so
- Use of a hard coded offset value; I’d strongly suggest using symbolic
constants so you could easily change this when needed.
- Failure to deal with the error conditions from ZwQueryInformation
- Failure to capture and deal with the error conditions from ZwRead
But I believe your basic underlying bug is that you are scribbling all
over the stack.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Suhail Ansari
Sent: Friday, June 25, 2004 4:52 PM
To: ntfsd redirect
Subject: [ntfsd] ObDereferenceObject Bugcheck
PAGE_FAULT_IN_NONPAGED_AREA
Hi,
I am using the shadow device object technique.
I actually do a ZwCreateFile which works great. After that i perform a
ObReferenceObjectByHandle,ZwQuery and ZwRead. Everything succeeds but
when i do ObDereferenceObject. It bugchecks with the code
PAGE_FAULT_IN_NONPAGED_AREA.
Code is below
statusRet = ZwCreateFile(&FileHandle, GENERIC_READ, &ObjectAttributes,
&IoStatusBlock,
NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE |
FILE_NO_INTERMEDIATE_BUFFERING,
NULL, 0);
if(NT_SUCCESS(statusRet))
{
statusRet = ObReferenceObjectByHandle(FileHandle,
GENERIC_READ,*IoFileObjectType , KernelMode, &FileObject, NULL);
if(NT_SUCCESS(statusRet))
{
statusRet = ZwQueryInformationFile(FileHandle,
&IoStatusBlock,
&fileinfo, sizeof(fileinfo), FileStandardInformation);
fileoffset.QuadPart = fileinfo.EndOfFile.QuadPart -
HEADER_SIZE_WITH_LEN;
outbuffer = ExAllocatePool(NonPagedPool, 138);
ZwReadFile(FileHandle, NULL, NULL, NULL, &IoStatusBlock,
&outbuffer, 138, &fileoffset, NULL);
ExFreePool(outbuffer);
ObDereferenceObject(FileObject);
}
ZwClose(FileHandle);
}
Thanks for your help
Suhail
MSN Movies - Trailers, showtimes, DVD’s, and the latest news from
Hollywood!
http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com