I have been told that I should use ProbeForRead when reading user buffers from IOCTL queues from inside a try except block. Is this true? I know it's used to verify that a specific buffer is originating from user space but there is also an alignment check which does not make much sense to me. So if we should use ProbeForRead from inside an IOCTL queue what do I put for the alignment parameter? I ask this because I can cast my buffer into the desired struct and everything works fine but when I use ProbeForRead I get a 0xc0000005 error which I assume is due to my alignment.
Your post is short of details. Are we talking WDF or WDM here?
You need to probe buffers that originate from user-mode when using Neither I/O (that is, not buffered and not direct) regardless of IOCTL, Read, or Write.
Right. If you are using buffered I/O or direct I/O, which almost everyone does, then the IRP buffers are in locked memory and guaranteed safe. Now, if you foolishly put POINTERS in your IRP buffers, then shame on you, and ProbeOnRead is required.
2 Likes