_OPEN_PACKET structure

OSR_Community_User · September 5, 2010, 9:11am

Hi all,

I have noticed a structure named _OPEN_PACKET in some code snippets (and of course in ReactOS source). I have seen it being used in IoXxx and ObXxx routines (passed as “Context” argument). However, I couldn’t find it in WinDbg (dt nt!_OPEN_PACKET). Does anybody know more about this struct?

OSR_Community_User · September 5, 2010, 9:15am

By the way, I saw this thread at Sysinternals:
http://forum.sysinternals.com/open-packet_topic20048_post106251.html

However, I am not sure how to get OS specific _OPEN_PACKET definition using WinDbg or any other tool!

Doron_Holan · September 5, 2010, 9:34am

It is undocumented. It is not in the public type information. What do you need to know?

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rocketmail.com
Sent: Sunday, September 05, 2010 9:14 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] _OPEN_PACKET structure

By the way, I saw this thread at Sysinternals:
http://forum.sysinternals.com/open-packet_topic20048_post106251.html

However, I am not sure how to get OS specific _OPEN_PACKET definition using WinDbg or any other tool!

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Maxim_S_Shatskih · September 5, 2010, 9:34am

Undocumented structure used in file open path.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntdev…
> Hi all,
>
> I have noticed a structure named _OPEN_PACKET in some code snippets (and of course in ReactOS source). I have seen it being used in IoXxx and ObXxx routines (passed as “Context” argument). However, I couldn’t find it in WinDbg (dt nt!_OPEN_PACKET). Does anybody know more about this struct?
>

OSR_Community_User · September 5, 2010, 11:52am

Thanks! Hmmm, if it’s not included in public symobls, is there any way to know structure definition?

Doron_Holan · September 5, 2010, 11:54am

Why?

d

dent from a phpne with no keynoard

-----Original Message-----
From: xxxxx@rocketmail.com
Sent: September 05, 2010 11:53 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] _OPEN_PACKET structure

Thanks! Hmmm, if it’s not included in public symobls, is there any way to know structure definition?

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · September 6, 2010, 10:56am

Well, I was checking a dump from one of my client’s system, where a driver (might be TDSS, not sure) that hooked IofCallDriver had crashed. Was doing a backtrace and just wanted to what does “Context” argument (_OPEN_PACKET) mean. So, I was wondering how to get symbols for this struct.

Thanks,

Maxim_S_Shatskih · September 6, 2010, 11:16am

> Well, I was checking a dump from one of my client’s system, where a driver (might be TDSS, not

sure) that hooked IofCallDriver had crashed.

This is normal, such hooks are the wrong way to go.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

OSR_Community_User · September 6, 2010, 11:47am

Yes.

Maxim_S_Shatskih · September 6, 2010, 1:36pm

IIRC _OPEN_PACKET is internal plumbing between NtCreateFile and IopParseDevice, it contains the data which is put to the MJ_CREATE IRP which is assembled in IopParseDevice.

I don’t know what is the need of ever looking at such plumbing.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntdev…
> Yes.
>