I am working on a driver that needs the file system information returned
by FSCTL_GET_NTFS_VOLUME_DATA for a drive. I keep getting a crash
during the IoCallDriver() call. I am hoping that someone can point out
what I am doing wrong or knows of another way to gain this information.
Thanks,
Matt
======== Source Code ===========
static char volumeName = "\DosDevices\A:";
ANSI_STRING mftFilenameAnsi;
UNICODE_STRING mftFilename;
OBJECT_ATTRIBUTES attrHandle;
PFILE_OBJECT fileObject;
PDEVICE_OBJECT deviceObject;
PIRP pirp;
PIO_STACK_LOCATION pIrpNext;
KEVENT ioEvent;
IO_STATUS_BLOCK ioStatus;
NTFS_VOLUME_DATA_BUFFER ntfsInfo;
NTSTATUS status;
if(driveID > 26)
return 0;
// Open a handle to the device
volumeName[12] = driveID + 'A';
mftFilenameAnsi.Length = mftFilenameAnsi.MaximumLength = 14;
mftFilenameAnsi.Buffer = volumeName;
if(RtlAnsiStringToUnicodeString(&mftFilename, &mftFilenameAnsi, TRUE) !=
STATUS_SUCCESS){
DBGPRINT(DBG_COMP_INIT, DBG_LEVEL_ERROR, ("MFTM.Init failed to make
UNICODE name."));
return 0;
}
InitializeObjectAttributes(&attrHandle, &mftFilename, OBJ_KERNEL_HANDLE
| OBJ_CASE_INSENSITIVE, NULL, NULL);
if(IoGetDeviceObjectPointer(&mftFilename, SYNCHRONIZE, &fileObject,
&deviceObject) != STATUS_SUCCESS) {
RtlFreeUnicodeString(&mftFilename);
DBGPRINT(DBG_COMP_INIT, DBG_LEVEL_ERROR, ("MFTM.init
IoGetDeviceObjectPointer failed "));
return 0;
}
RtlFreeUnicodeString(&mftFilename);
// Request the filesystem information
KeInitializeEvent(&ioEvent, NotificationEvent, FALSE);
if(!(pirp = IoBuildDeviceIoControlRequest(FSCTL_GET_NTFS_VOLUME_DATA,
deviceObject, NULL, 0, &ntfsInfo, sizeof(ntfsInfo), FALSE, &ioEvent,
&ioStatus))){
DBGPRINT(DBG_COMP_INIT, DBG_LEVEL_ERROR, ("MFTM.init
IoBuildDeviceIoControlRequest failed "));
ObDereferenceObject(&fileObject);
return 0;
}
status = IoCallDriver(deviceObject, pirp);
if(status == STATUS_PENDING){
KeWaitForSingleObject(&ioEvent, Suspended, KernelMode, FALSE, NULL);
status = ioStatus.Status;
}
if(status != STATUS_SUCCESS){
DBGPRINT(DBG_COMP_INIT, DBG_LEVEL_ERROR, ("MFTM.init IoCallDriver
failed "));
ObDereferenceObject(&fileObject);
return 0;
}
ObDereferenceObject(&fileObject);
======== WinDbg Output ===========
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f7704e7e, The address that the exception occurred at
Arg3: f7a1e730, Exception Record Address
Arg4: f7a1e42c, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
imapi!ImapiDispatchMisc+8e
f7704e7e 807b0200 cmp byte ptr [ebx+0x2],0x0
EXCEPTION_RECORD: f7a1e730 -- (.exr fffffffff7a1e730)
Cannot read Exception record @ f7a1e730
CONTEXT: f7a1e42c -- (.cxr fffffffff7a1e42c)
Unable to read context, Win32 error 30
CUSTOMER_CRASH_COUNT: 5
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x7E
LOCK_ADDRESS: 80551160 -- (!locks 80551160)
Resource @ nt!PiEngineLock (0x80551160) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be
corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be
corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0x80551160
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from 804eddf9 to f7704e7e
STACK_TEXT:
f7a1e80c 804eddf9 8280c6b8 00000000 828e5c90 imapi!ImapiDispatchMisc+0x8e
f7a1e81c f760804e 82236fd0 8280c030 00000000 nt!IopfCallDriver+0x31
f7a1e834 804eddf9 8280c1e8 828e5b90 8280cdd0
CLASSPNP!ClassInternalIoControl+0x8b
f7a1e844 f7723a35 f7a1e918 804eddf9 8280b020 nt!IopfCallDriver+0x31
f7a1e84c 804eddf9 8280b020 828e5b90 8291eed8
redbook!RedBookSendToNextDriver+0x35
f7a1e85c f76186a5 00000000 f7a1e86c f7a1e9a8 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be
wrong.
f7a1e918 f7618efb 829b52f0 00000004 82236fd0 ramdisk+0x56a5
f7a1e9ac f7615cfb 829b5368 8267ff18 00000001 ramdisk+0x5efb
f7a1e9e0 804f5f7f 8291eed8 8267ff18 e10f4788 ramdisk+0x2cfb
f7a1e9f8 805850f1 f7615a20 00000004 00000001 nt!PpvUtilCallAddDevice+0x19
f7a1eac0 80586456 00000000 02000001 00000000 nt!PipCallDriverAddDevice+0x3b9
f7a1ed1c 805869ec 826aab58 00000001 00000000 nt!PipProcessDevNodeTree+0x1a4
f7a1ed4c 804f5590 00000003 80551240 8055a1fc nt!PiRestartDevice+0x80
f7a1ed74 80533dd0 00000000 00000000 829b53c8 nt!PipDeviceActionWorker+0x15e
f7a1edac 805c4a06 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
f7a1eddc 80540fa2 80533cd0 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
imapi!ImapiDispatchMisc+8e
f7704e7e 807b0200 cmp byte ptr [ebx+0x2],0x0
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: imapi!ImapiDispatchMisc+8e
MODULE_NAME: imapi
IMAGE_NAME: imapi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107b6c
STACK_COMMAND: .cxr fffffffff7a1e42c ; kb
FAILURE_BUCKET_ID: 0x7E_imapi!ImapiDispatchMisc+8e
BUCKET_ID: 0x7E_imapi!ImapiDispatchMisc+8e