Problem Copying PUCHAR from kernel to user mode

Milind_Mathur · July 10, 2009, 10:53am

I am trying to communicate with IOCTL from user mode to a driver.
I have successfully able to send DWORDS from my driver. But I was also willing to have PUCHAR strings from there… This is the driver code i am using :

dwCount is a DWORD that specifies the index to write in PNAME
DWORD dwCount;char PNAME[250][40];.............................int copystr(PUCHAR astring){ for(i=0;(char)astring[i]!=0;i++) RtlCopyBytes(&PNAME[dwCount-1][i],&astring[i],sizeof(PNAME[dwCount-1][i])); PNAME[dwCount-1][i]=0; //DbgPrint("%s",PNAME[dwCount-1]); return 1;}.................................

Is there something that i m missing???
MoreOver ,when i DbgPrint the PNAME[dwCount-1] as %s … it gives me invalid strings mostly NULL.

But the interesting part is that if this function is called from DriverEntry routine rather than the DriverDispatcher… the Same DbgPrint Statement gives me the correct output…

I dont think there is a problem with my DriverDispatcher Function But neways here it is:

NTSTATUS DriverDispatcher(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp )
{
PVOID inputBuffer;
PVOID outputBuffer;
ULONG inputBufferLength;
ULONG outputBufferLength;
int i;
ULONG ioControlCode;
NTSTATUS status;
PIO_STACK_LOCATION irpStack;
UNREFERENCED_PARAMETER( DeviceObject );
irpStack = IoGetCurrentIrpStackLocation( Irp );
inputBuffer = Irp->AssociatedIrp.SystemBuffer;
inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBuffer = Irp->AssociatedIrp.SystemBuffer;
outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;

switch (irpStack->MajorFunction)
{
case IRP_MJ_DEVICE_CONTROL:
switch (ioControlCode)
{
case IOCTL_PID: //This the IOCTL which returns DWORDS and runs perfect
EnumProcessList();
if(outputBufferLength>dwCount*4)
{
RtlCopyMemory(outputBuffer, PID,dwCount*4);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = dwCount*4;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;
case IOCTL_PNAME: //This is the IOCTL that handles the PUCHAR and is a problem
for(i=0;i<16;i++)
{
DbgPrint(“%s”,PNAME[i]);
}
if(outputBufferLength>dwCount*40)
{
RtlCopyMemory(outputBuffer, PNAME,sizeof(UCHAR)*250*40);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof(UCHAR)*250*40;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;
}

break;
}
status = Irp->IoStatus.Status;
IoCompleteRequest( Irp, 0 );
return status;
}

I am kinda stuck please help…

Thanx in advance…

Doron_Holan · July 10, 2009, 1:26pm

I am pretty sure that

sizeof(PNAME[dwCount-1][i]))

resolves to 1 since you are asking for the size of an element in a subarray. Perhaps you want sizeof(PNAME[dwCount-1])). When dealing with 2 dimensional fixed arrays, I like to use defines

#define NUM_ARRAYS (250)
#define ARRAY_LENGTH (40)

char PNAME[NUM_ARRAYS][ARRAY_LENGTH]

RtlCopyBytes(&PNAME[dwCount-1][i],&astring[i],ARRAY_LENGTH);

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Friday, July 10, 2009 7:53 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problem Copying PUCHAR from kernel to user mode

I am trying to communicate with IOCTL from user mode to a driver.
I have successfully able to send DWORDS from my driver. But I was also willing to have PUCHAR strings from there… This is the driver code i am using :

dwCount is a DWORD that specifies the index to write in PNAME DWORD dwCount; char PNAME[250][40]; .............................int copystr(PUCHAR astring){ for(i=0;(char)astring[i]!=0;i++) RtlCopyBytes(&PNAME[dwCount-1][i],&astring[i],sizeof(PNAME[dwCount-1][i])); PNAME[dwCount-1][i]=0; //DbgPrint("%s",PNAME[dwCount-1]); return 1;}.................................

Is there something that i m missing???
MoreOver ,when i DbgPrint the PNAME[dwCount-1] as %s … it gives me invalid strings mostly NULL.

But the interesting part is that if this function is called from DriverEntry routine rather than the DriverDispatcher… the Same DbgPrint Statement gives me the correct output…

I dont think there is a problem with my DriverDispatcher Function But neways here it is:

NTSTATUS DriverDispatcher(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp ) {
PVOID inputBuffer;
PVOID outputBuffer;
ULONG inputBufferLength;
ULONG outputBufferLength;
int i;
ULONG ioControlCode;
NTSTATUS status;
PIO_STACK_LOCATION irpStack;
UNREFERENCED_PARAMETER( DeviceObject );
irpStack = IoGetCurrentIrpStackLocation( Irp );
inputBuffer = Irp->AssociatedIrp.SystemBuffer;
inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBuffer = Irp->AssociatedIrp.SystemBuffer;
outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;

switch (irpStack->MajorFunction)
{
case IRP_MJ_DEVICE_CONTROL:
switch (ioControlCode)
{
case IOCTL_PID: //This the IOCTL which returns DWORDS and runs perfect
EnumProcessList();
if(outputBufferLength>dwCount*4)
{
RtlCopyMemory(outputBuffer, PID,dwCount*4);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = dwCount*4;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;
case IOCTL_PNAME: //This is the IOCTL that handles the PUCHAR and is a problem
for(i=0;i<16;i++)
{
DbgPrint(“%s”,PNAME[i]);
}
if(outputBufferLength>dwCount*40)
{
RtlCopyMemory(outputBuffer, PNAME,sizeof(UCHAR)*250*40);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof(UCHAR)*250*40;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;
}

break;
}
status = Irp->IoStatus.Status;
IoCompleteRequest( Irp, 0 );
return status;
}

I am kinda stuck please help…

Thanx in advance…

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Tim_Roberts · July 10, 2009, 1:49pm

xxxxx@gmail.com wrote:

I am trying to communicate with IOCTL from user mode to a driver.
I have successfully able to send DWORDS from my driver. But I was also willing to have PUCHAR strings from there… This is the driver code i am using :
…
dwCount is a DWORD that specifies the index to write in PNAME
> DWORD dwCount;> char PNAME[250][40];> .............................>> int copystr(PUCHAR astring)> {> for(i=0;(char)astring[i]!=0;i++)> RtlCopyBytes(&PNAME[dwCount-1][i],&astring[i],sizeof(PNAME[dwCount-1][i]));> PNAME[dwCount-1][i]=0;> //DbgPrint("%s",PNAME[dwCount-1]);> return 1;> }> .................................>

Are you really aware of what this code does? This copies the string
from astring to PNAME[dwCount-1], by calling RtlCopyBytes one character
at a time. Is there any conceivable reason why you wrote it this way,
instead of the much more sensible:

int copystr( PUCHAR astring )
{
strcpy( PNAME[dwCount-1], astring );
return 1;
}

Or, for safety purposes:
int copystr( PUCHAR astring )
{
RtlStringCbCopy( PNAME[dwCount-1], sizeof(PNAME[dwcount-1]),
astring );
return 1;
}

Are you absolutely sure dwCount can never be 0?

Is there something that i m missing???
MoreOver ,when i DbgPrint the PNAME[dwCount-1] as %s … it gives me invalid strings mostly NULL.
…
case IOCTL_PNAME: //This is the IOCTL that handles the PUCHAR and is a problem
for(i=0;i<16;i++)
{
DbgPrint(“%s”,PNAME[i]);
}
if(outputBufferLength>dwCount*40)
{
RtlCopyMemory(outputBuffer, PNAME,sizeof(UCHAR)*250*40);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof(UCHAR)*250*40;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;
}

You are unconditionally copying 10,000 bytes into the output buffer
here, but you only check whether the buffer is large enough for
dwCount*40. Did you mean to say “dwCount*40” instead of “250*40”?

Sizeof(UCHAR) is 1 by definition. The C standards require that.

You don’t really have dwCount in a global variable, do you? That’s what
device contexts are for.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Milind_Mathur · July 11, 2009, 3:44am

Thnx for the reply Doron…

int copystr(PUCHAR astring)
{
for(i=0;(char)astring[i]!=0;i++)
RtlCopyBytes(&PNAME[dwCount-1][i],&astring[i],sizeof(PNAME[dwCount-1][i]));
PNAME[dwCount-1][i]=0;
//DbgPrint(“%s”,PNAME[dwCount-1]);
return 1;
}

if you look at this closely i was trying to copy the string byte by byte and not the complete string once.
But AnyWays I took your advice and still the same result… Wait for my next reply i’ll try to elaborate

Milind_Mathur · July 11, 2009, 3:48am

thnx for the reply Tim…

i am absolutely sure that dwCount is >1… infact it is around 30 always.
I did try strcpy in the first go… but it didnt work so i tried to do it on my own.
>if(outputBufferLength>dwCount*40)
as per the size check i wrote the exact same that you indicate but it then didnt work so i changed it to largest value so as to be sure…

Wait for my next reply i’ll try to elaborate

Milind_Mathur · July 11, 2009, 4:39am

I took all your advices and here is my revised code:

#define NUM_ARRAYS (250)
#define ARRAY_LENGTH (40)

char PNAME[250][40]; //GLOBAL DECLARATION
DWORD dwCount; //GLOBAL DECLARATION

//Now With some DbgPrints i have concluded that copystr is working great
int copystr(PUCHAR astring)
{
RtlStringCbCopyA(PNAME[dwCount-1],sizeof(PNAME[dwCount-1]),astring);
DbgPrint(“PNAME [%d - 1] = %s Original =%s”,dwCount,PNAME[dwCount-1],astring);
return 1;
}

I now think that i had a problem in communicating these strings with user mode.
Here is my DriverDispatcher’s IOCTL_PNAME handler again:

case IOCTL_PNAME:
if(outputBufferLength>dwCount*ARRAY_LENGTH)
{
DbgPrint(“\n***************IOCTL PNAME ************************\n”);
for(i=0;i DbgPrint(“PNAME[%d]=%s”,i,PNAME[i]);
RtlCopyMemory(outputBuffer, PNAME,dwCountARRAY_LENGTH);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = dwCountARRAY_LENGTH;
}
else
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
break;

Please look at this windbg’s log file and we can conclude that PNAME has the right contents…
http://www.gigasize.com/get.php?d=y5dgv8lhz1d

I think i am not able to copy the PNAME to outputBuffer properly…

I am also attaching the code from my user mode program which is in MFC…

DWORD writ;
char PNAME[NUM_ARRAYS][ARRAY_LENGTH];
if(DeviceIoControl(hdrv,IOCTL_PNAME,NULL,0,PNAME,sizeof(PNAME),&writ,NULL))
{
wchar_t wa[ARRAY_LENGTH];
_swprintf(wa,L"ioctl writ=%ld",writ);
AfxMessageBox(wa);
for(int j=0;j<=16;j++)
{
_swprintf(wa,L"%s",PNAME[j]);
AfxMessageBox(wa);
}
}

I get the correct value of DWORD writ … but dont get the Strings right… they are mostly junk values.
I assure you that in the call to DeviceIoControl the handle is correct… and as seen from dbgview’s log file, The IOCTL_PNAME is actually called.

Please Help…

OSR_Community_User · July 11, 2009, 1:43pm

Milind, I’d like to help, but how about you post the log here, if you think it’s relevant. Otherwise, there’s just no way that I’m going to download a random file from a pay-for-download-or-wait-to-use-the-crippled-free-version site in order to do so. Nothing personal, but my employer would not be happy with my doing so.

mm

OSR_Community_User · July 11, 2009, 2:44pm

This is what [s]he gets, Martin:

In DriverEntry:

PNAME [1 - 1] = System Original =System
. . .
PNAME [29 - 1] = ActiveProcessLi Original =ActiveProcessLi
PNAME [30 - 1] = ÿÿÿÿ Original =ÿÿÿÿ

After an IOCTL:

PNAME[0]=System
. . .
PNAME[28]=ActiveProcessLi
PNAME[29]=ÿÿÿÿ

Milind, you have just one place to look at…
FYI, these ÿ are in fact “filled” bytes, 0xFF.

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Saturday, July 11, 2009 1:42 PM
Subject: RE:[ntdev] Problem Copying PUCHAR from kernel to user mode

> Milind, I’d like to help, but how about you post the log here, if you
> think it’s relevant. Otherwise, there’s just no way that I’m going to
> download a random file from a
> pay-for-download-or-wait-to-use-the-crippled-free-version site in order to
> do so. Nothing personal, but my employer would not be happy with my doing
> so.
>
> mm
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Milind_Mathur · July 11, 2009, 3:01pm

Here is the log File

00000000 0.00000000 DriverEntry
00000001 0.00000555 Raising IrQl
00000002 0.00010592 Device created successfully. Name = \Device\THEONE
00000003 0.00012363 lowering IrQl
00000004 0.00012829 XP -> 8055B488
00000005 0.00012973 ********************DriverEntry Routine*************************
00000006 0.00013524 PidOff=0x84 NameOff=0x0 LinkOff=0x88
00000007 0.00016388 PNAME [1 - 1] = System Original =System
00000008 0.00016953 PNAME [2 - 1] = smss.exe Original =smss.exe
00000009 0.00017522 PNAME [3 - 1] = csrss.exe Original =csrss.exe
00000010 0.00018087 PNAME [4 - 1] = winlogon.exe Original =winlogon.exe
00000011 0.00018647 PNAME [5 - 1] = services.exe Original =services.exe
00000012 0.00019212 PNAME [6 - 1] = lsass.exe Original =lsass.exe
00000013 0.00019773 PNAME [7 - 1] = vmacthlp.exe Original =vmacthlp.exe
00000014 0.00020341 PNAME [8 - 1] = svchost.exe Original =svchost.exe
00000015 0.00020920 PNAME [9 - 1] = svchost.exe Original =svchost.exe
00000016 0.00021499 PNAME [10 - 1] = svchost.exe Original =svchost.exe
00000017 0.00022075 PNAME [11 - 1] = svchost.exe Original =svchost.exe
00000018 0.00022637 PNAME [12 - 1] = svchost.exe Original =svchost.exe
00000019 0.00023195 PNAME [13 - 1] = spoolsv.exe Original =spoolsv.exe
00000020 0.00023776 PNAME [14 - 1] = explorer.exe Original =explorer.exe
00000021 0.00024341 PNAME [15 - 1] = jusched.exe Original =jusched.exe
00000022 0.00024924 PNAME [16 - 1] = VMwareTray.exe Original =VMwareTray.exe
00000023 0.00025501 PNAME [17 - 1] = VMwareUser.exe Original =VMwareUser.exe
00000024 0.00026059 PNAME [18 - 1] = jqs.exe Original =jqs.exe
00000025 0.00026632 PNAME [19 - 1] = svchost.exe Original =svchost.exe
00000026 0.00027216 PNAME [20 - 1] = VMwareService.e Original =VMwareService.e
00000027 0.00027786 PNAME [21 - 1] = svchost.exe Original =svchost.exe
00000028 0.00028346 PNAME [22 - 1] = alg.exe Original =alg.exe
00000029 0.00028914 PNAME [23 - 1] = wmiapsrv.exe Original =wmiapsrv.exe
00000030 0.00029476 PNAME [24 - 1] = cmd.exe Original =cmd.exe
00000031 0.00030045 PNAME [25 - 1] = mspdbsrv.exe Original =mspdbsrv.exe
00000032 0.00030606 PNAME [26 - 1] = devenv.exe Original =devenv.exe
00000033 0.00031183 PNAME [27 - 1] = Dbgview.exe Original =Dbgview.exe
00000034 0.00031748 PNAME [28 - 1] = CppIDE.exe Original =CppIDE.exe
00000035 0.00032334 PNAME [29 - 1] = ActiveProcessLi Original =ActiveProcessLi
00000036 0.00032879 PNAME [30 - 1] = ??? Original =???
00000037 0.00033372 ProcessNum = 30
00000038 1.21184552
00000039 1.21184695 ***************IOCTL PNAME ************************
00000040 1.21185422 PNAME[0]=System
00000041 1.21185935 PNAME[1]=smss.exe
00000042 1.21186435 PNAME[2]=csrss.exe
00000043 1.21186924 PNAME[3]=winlogon.exe
00000044 1.21187413 PNAME[4]=services.exe
00000045 1.21187901 PNAME[5]=lsass.exe
00000046 1.21188390 PNAME[6]=vmacthlp.exe
00000047 1.21188867 PNAME[7]=svchost.exe
00000048 1.21189356 PNAME[8]=svchost.exe
00000049 1.21189845 PNAME[9]=svchost.exe
00000050 1.21190333 PNAME[10]=svchost.exe
00000051 1.21190822 PNAME[11]=svchost.exe
00000052 1.21191323 PNAME[12]=spoolsv.exe
00000053 1.21191812 PNAME[13]=explorer.exe
00000054 1.21192300 PNAME[14]=jusched.exe
00000055 1.21192789 PNAME[15]=VMwareTray.exe
00000056 1.21193290 PNAME[16]=VMwareUser.exe
00000057 1.21193779 PNAME[17]=jqs.exe
00000058 1.21194267 PNAME[18]=svchost.exe
00000059 1.21194756 PNAME[19]=VMwareService.e
00000060 1.21195257 PNAME[20]=svchost.exe
00000061 1.21195734 PNAME[21]=alg.exe
00000062 1.21196222 PNAME[22]=wmiapsrv.exe
00000063 1.21196723 PNAME[23]=cmd.exe
00000064 1.21197200 PNAME[24]=mspdbsrv.exe
00000065 1.21197689 PNAME[25]=devenv.exe
00000066 1.21198177 PNAME[26]=Dbgview.exe
00000067 1.21198678 PNAME[27]=CppIDE.exe
00000068 1.21199167 PNAME[28]=ActiveProcessLi
00000069 1.21199644 PNAME[29]=???

OSR_Community_User · July 11, 2009, 10:04pm

OK. How about you post you’re actual code without omitting sections, because what you have posted is either incorrect or you’re mixing and matching:

In particular:

a. First you define these:
#define NUM_ARRAYS (250)
#define ARRAY_LENGTH (40)

b. but then you don’t use them
char PNAME[250][40]; //GLOBAL DECLARATION

c. nor do you appear to initialize this
DWORD dwCount; //GLOBAL DECLARATION

d. you’re still clearly not processing the strings correctly:

VMwareService.e=VMwareService.e

e. this is probably due to (at least) not using those constants consistently.

for(int j=0;j<=16;j++)
{
_swprintf(wa,L"%s",PNAME[j]);
AfxMessageBox(wa);
}

This isn’t what’s causing you’re log to not print correctly, but here you’ve set the limit to 16 characters for some reason, which happens to be the number of characters in ‘VMWareService.e’ (as opposed to ‘VMWareService.exe’) so you’ve probably got something similar somewhere else.

e. you look like you’re mixing and matching ansi and unicode. if so, this won’t work very well, especially if you’re off by one somewhere.

Good luck,

mm

OSR_Community_User · July 11, 2009, 11:04pm

> d. you’re still clearly not processing the strings correctly:

VMwareService.e=VMwareService.e
IIRC, it is the system that limits the length to 15 chars, not the OP.

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Saturday, July 11, 2009 10:03 PM
Subject: RE:[ntdev] Problem Copying PUCHAR from kernel to user mode

> OK. How about you post you’re actual code without omitting sections,
> because what you have posted is either incorrect or you’re mixing and
> matching:
>
> In particular:
>
> a. First you define these:
> #define NUM_ARRAYS (250)
> #define ARRAY_LENGTH (40)
>
> b. but then you don’t use them
> char PNAME[250][40]; //GLOBAL DECLARATION
>
> c. nor do you appear to initialize this
> DWORD dwCount; //GLOBAL DECLARATION
>
> d. you’re still clearly not processing the strings correctly:
>
> VMwareService.e=VMwareService.e
>
> e. this is probably due to (at least) not using those constants
> consistently.
>
> for(int j=0;j<=16;j++)
> {
> _swprintf(wa,L"%s",PNAME[j]);
> AfxMessageBox(wa);
> }
>
> This isn’t what’s causing you’re log to not print correctly, but here
> you’ve set the limit to 16 characters for some reason, which happens to be
> the number of characters in ‘VMWareService.e’ (as opposed to
> ‘VMWareService.exe’) so you’ve probably got something similar somewhere
> else.
>
> e. you look like you’re mixing and matching ansi and unicode. if so,
> this won’t work very well, especially if you’re off by one somewhere.
>
> Good luck,
>
> mm
>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · July 12, 2009, 3:57pm

My bad.

mm

Milind_Mathur · July 12, 2009, 4:34pm

Thanx for the support guys
OK !! i’ll refine my code to make it more readable for all of you and then post the complete thing here…

Pavel_A1 · July 12, 2009, 6:20pm

“Alex Shvedov” wrote in message news:xxxxx@ntdev…
>> d. you’re still clearly not processing the strings correctly:
>> VMwareService.e=VMwareService.e
> IIRC, it is the system that limits the length to 15 chars, not the OP.

Do you mean that the OP uses PsGetProcessImageFileName() ?
If so, this API is not documented (and sometimes gives
strange results, like the OP sees).

–pa

> ----- Original Message -----
> From:
> To: “Windows System Software Devs Interest List”
> Sent: Saturday, July 11, 2009 10:03 PM
> Subject: RE:[ntdev] Problem Copying PUCHAR from kernel to user mode
>
>
>> OK. How about you post you’re actual code without omitting sections,
>> because what you have posted is either incorrect or you’re mixing and
>> matching:
>>
>> In particular:
>>
>> a. First you define these:
>> #define NUM_ARRAYS (250)
>> #define ARRAY_LENGTH (40)
>>
>> b. but then you don’t use them
>> char PNAME[250][40]; //GLOBAL DECLARATION
>>
>> c. nor do you appear to initialize this
>> DWORD dwCount; //GLOBAL DECLARATION
>>
>> d. you’re still clearly not processing the strings correctly:
>>
>> VMwareService.e=VMwareService.e
>>
>> e. this is probably due to (at least) not using those constants
>> consistently.
>>
>> for(int j=0;j<=16;j++)
>> {
>> _swprintf(wa,L"%s",PNAME[j]);
>> AfxMessageBox(wa);
>> }
>>
>> This isn’t what’s causing you’re log to not print correctly, but here
>> you’ve set the limit to 16 characters for some reason, which happens to
>> be the number of characters in ‘VMWareService.e’ (as opposed to
>> ‘VMWareService.exe’) so you’ve probably got something similar somewhere
>> else.
>>
>> e. you look like you’re mixing and matching ansi and unicode. if so,
>> this won’t work very well, especially if you’re off by one somewhere.
>>
>> Good luck,
>>
>> mm

OSR_Community_User · July 12, 2009, 8:50pm

> Do you mean that the OP uses PsGetProcessImageFileName() ?
I think so.

I keep my opinion about the code in general to myself
(abc[100][40] impresses me, among other things), and I
would bet that this is one more “copy” of Mark’s old creation.

----- Original Message -----
From: “Pavel A.”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Sunday, July 12, 2009 6:17 PM
Subject: Re:[ntdev] RE:Problem Copying PUCHAR from kernel to user mode

> “Alex Shvedov” wrote in message news:xxxxx@ntdev…
>>> d. you’re still clearly not processing the strings correctly:
>>> VMwareService.e=VMwareService.e
>> IIRC, it is the system that limits the length to 15 chars, not the OP.
>
> Do you mean that the OP uses PsGetProcessImageFileName() ?
> If so, this API is not documented (and sometimes gives
> strange results, like the OP sees).
>
> --pa
>
>
>> ----- Original Message -----
>> From:
>> To: “Windows System Software Devs Interest List”
>> Sent: Saturday, July 11, 2009 10:03 PM
>> Subject: RE:[ntdev] Problem Copying PUCHAR from kernel to user mode
>>
>>
>>> OK. How about you post you’re actual code without omitting sections,
>>> because what you have posted is either incorrect or you’re mixing and
>>> matching:
>>>
>>> In particular:
>>>
>>> a. First you define these:
>>> #define NUM_ARRAYS (250)
>>> #define ARRAY_LENGTH (40)
>>>
>>> b. but then you don’t use them
>>> char PNAME[250][40]; //GLOBAL DECLARATION
>>>
>>> c. nor do you appear to initialize this
>>> DWORD dwCount; //GLOBAL DECLARATION
>>>
>>> d. you’re still clearly not processing the strings correctly:
>>>
>>> VMwareService.e=VMwareService.e
>>>
>>> e. this is probably due to (at least) not using those constants
>>> consistently.
>>>
>>> for(int j=0;j<=16;j++)
>>> {
>>> _swprintf(wa,L"%s",PNAME[j]);
>>> AfxMessageBox(wa);
>>> }
>>>
>>> This isn’t what’s causing you’re log to not print correctly, but here
>>> you’ve set the limit to 16 characters for some reason, which happens to
>>> be the number of characters in ‘VMWareService.e’ (as opposed to
>>> ‘VMWareService.exe’) so you’ve probably got something similar somewhere
>>> else.
>>>
>>> e. you look like you’re mixing and matching ansi and unicode. if so,
>>> this won’t work very well, especially if you’re off by one somewhere.
>>>
>>> Good luck,
>>>
>>> mm
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer