Page Fault with simple passive filter driver

As a personal training exercise, I’ve written a very simple passive filter driver from scratch to sit on top of the floppy drive. Everything seems to work during initially loading. All the filter driver does is print out which IRP request has been made to the debug console and passes the IRP down to the lower level drivers. I load up the driver using a small driver loading program I found in the DDK. The problem occurs is when I try to do any significant IO access to it, it throws a page fault (I catch it with SoftICE). The page fault points to a very low address. There is no other significant info that the page fault gives me.

The page fault seems to be thrown whenever the dispatcher reaches the IOCallDriver part of the dispatcher function, and I’ve noticed that it does this only during IRP_MJ_CREATE and IRP_MJ_CLOSE calls.
I have not implemented FastIO hook routines yet for this very simple driver.

Any help would be greatly appreciated I would post up the source code, if anyone would care to tell me which relevant parts would be useful for examination.

Thank you,

William Chow


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

First of all, the subject of this message contains a fallacy. There is
no “simple” filter driver on NT. Perhaps that is the problem. Your
second notion is correct. You’re probably missing something, like a
mandatory “fast IO” routine.

-----Original Message-----
From: William Chow [mailto:xxxxx@javabear.com]
Sent: Friday, September 07, 2001 8:57 AM
To: File Systems Developers
Subject: [ntfsd] Page Fault with simple passive filter driver

As a personal training exercise, I’ve written a very simple passive
filter driver from scratch to sit on top of the floppy drive. Everything
seems to work during initially loading. All the filter driver does is
print out which IRP request has been made to the debug console and
passes the IRP down to the lower level drivers. I load up the driver
using a small driver loading program I found in the DDK. The problem
occurs is when I try to do any significant IO access to it, it throws a
page fault (I catch it with SoftICE). The page fault points to a very
low address. There is no other significant info that the page fault
gives me.

The page fault seems to be thrown whenever the dispatcher reaches the
IOCallDriver part of the dispatcher function, and I’ve noticed that it
does this only during IRP_MJ_CREATE and IRP_MJ_CLOSE calls.
I have not implemented FastIO hook routines yet for this very simple
driver.

Any help would be greatly appreciated I would post up the source code,
if anyone would care to tell me which relevant parts would be useful for
examination.

Thank you,

William Chow


You are currently subscribed to ntfsd as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

At the very least, a filter driver probably has to implement
FastIoDetachDevice and FastIoCheckIfPossible. Your invalid memory
address wouldn’t happen to be 4 or 52 would it? That is the offset of
these two function pointers in the FAST_IO_DISPATCH structure.

-----Original Message-----
From: Rob Fuller
Sent: Friday, September 07, 2001 5:36 PM
To: File Systems Developers
Subject: [ntfsd] RE: Page Fault with simple passive filter driver

First of all, the subject of this message contains a fallacy. There is
no “simple” filter driver on NT. Perhaps that is the problem. Your
second notion is correct. You’re probably missing something, like a
mandatory “fast IO” routine.

-----Original Message-----
From: William Chow [mailto:xxxxx@javabear.com]
Sent: Friday, September 07, 2001 8:57 AM
To: File Systems Developers
Subject: [ntfsd] Page Fault with simple passive filter driver

As a personal training exercise, I’ve written a very simple passive
filter driver from scratch to sit on top of the floppy drive. Everything
seems to work during initially loading. All the filter driver does is
print out which IRP request has been made to the debug console and
passes the IRP down to the lower level drivers. I load up the driver
using a small driver loading program I found in the DDK. The problem
occurs is when I try to do any significant IO access to it, it throws a
page fault (I catch it with SoftICE). The page fault points to a very
low address. There is no other significant info that the page fault
gives me.

The page fault seems to be thrown whenever the dispatcher reaches the
IOCallDriver part of the dispatcher function, and I’ve noticed that it
does this only during IRP_MJ_CREATE and IRP_MJ_CLOSE calls.
I have not implemented FastIO hook routines yet for this very simple
driver.

Any help would be greatly appreciated I would post up the source code,
if anyone would care to tell me which relevant parts would be useful for
examination.

Thank you,

William Chow


You are currently subscribed to ntfsd as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I’ve read on the OSR site that if fastIO isn’t handled by the upper drive, that NT will send the requests to a lower layer driver.
Is this somehow not true for Filter Drivers?
And why would this cause a page fault? When a mandatory IRP is not handled by the dispatcher, the drive is basically unreadable, not cause a page fault?

Care to elucidate?

Will

----- Original Message -----
From: Rob Fuller
To: File Systems Developers
Sent: Friday, September 07, 2001 11:36 PM
Subject: [ntfsd] RE: Page Fault with simple passive filter driver

First of all, the subject of this message contains a fallacy. There is no “simple” filter driver on NT. Perhaps that is the problem. Your second notion is correct. You’re probably missing something, like a mandatory “fast IO” routine.
-----Original Message-----
From: William Chow [mailto:xxxxx@javabear.com]
Sent: Friday, September 07, 2001 8:57 AM
To: File Systems Developers
Subject: [ntfsd] Page Fault with simple passive filter driver

As a personal training exercise, I’ve written a very simple passive filter driver from scratch to sit on top of the floppy drive. Everything seems to work during initially loading. All the filter driver does is print out which IRP request has been made to the debug console and passes the IRP down to the lower level drivers. I load up the driver using a small driver loading program I found in the DDK. The problem occurs is when I try to do any significant IO access to it, it throws a page fault (I catch it with SoftICE). The page fault points to a very low address. There is no other significant info that the page fault gives me.

The page fault seems to be thrown whenever the dispatcher reaches the IOCallDriver part of the dispatcher function, and I’ve noticed that it does this only during IRP_MJ_CREATE and IRP_MJ_CLOSE calls.
I have not implemented FastIO hook routines yet for this very simple driver.

Any help would be greatly appreciated I would post up the source code, if anyone would care to tell me which relevant parts would be useful for examination.

Thank you,

William Chow


You are currently subscribed to ntfsd as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@javabear.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Depends on particular FastIo function.
Usually, NT uses IoGetRelatedDeviceObject to determine the device object to call FastIo from.
But for some FastIos like AcquireForCreateSection NT uses IoGetBaseFileSystemDeviceObject instead, thus these functions are always called in the lowest FSD and not in the filter.

Max
----- Original Message -----
From: William Chow
To: File Systems Developers
Sent: Friday, September 07, 2001 7:02 PM
Subject: [ntfsd] RE: Page Fault with simple passive filter driver

I’ve read on the OSR site that if fastIO isn’t handled by the upper drive, that NT will send the requests to a lower layer driver.
Is this somehow not true for Filter Drivers?
And why would this cause a page fault? When a mandatory IRP is not handled by the dispatcher, the drive is basically unreadable, not cause a page fault?

Care to elucidate?

Will

----- Original Message -----
From: Rob Fuller
To: File Systems Developers
Sent: Friday, September 07, 2001 11:36 PM
Subject: [ntfsd] RE: Page Fault with simple passive filter driver

First of all, the subject of this message contains a fallacy. There is no “simple” filter driver on NT. Perhaps that is the problem. Your second notion is correct. You’re probably missing something, like a mandatory “fast IO” routine.
-----Original Message-----
From: William Chow [mailto:xxxxx@javabear.com]
Sent: Friday, September 07, 2001 8:57 AM
To: File Systems Developers
Subject: [ntfsd] Page Fault with simple passive filter driver

As a personal training exercise, I’ve written a very simple passive filter driver from scratch to sit on top of the floppy drive. Everything seems to work during initially loading. All the filter driver does is print out which IRP request has been made to the debug console and passes the IRP down to the lower level drivers. I load up the driver using a small driver loading program I found in the DDK. The problem occurs is when I try to do any significant IO access to it, it throws a page fault (I catch it with SoftICE). The page fault points to a very low address. There is no other significant info that the page fault gives me.

The page fault seems to be thrown whenever the dispatcher reaches the IOCallDriver part of the dispatcher function, and I’ve noticed that it does this only during IRP_MJ_CREATE and IRP_MJ_CLOSE calls.
I have not implemented FastIO hook routines yet for this very simple driver.

Any help would be greatly appreciated I would post up the source code, if anyone would care to tell me which relevant parts would be useful for examination.

Thank you,

William Chow


You are currently subscribed to ntfsd as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@javabear.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com