problem in opening device from Win32 visible name

Hi!

i’m facing problem in opening device object of my filter driver from
Win32 service program.
i have created the symbolic link in driver entry routine and from the
Object Viewer i can see that it exists in ?? directory.
i’m attaching the relevant code. kindly tell me where i’m wrong.

In driver entry routine

RtlInitUnicodeString( &nameString, L"\FileSystem\UniDriver" );
status = IoCreateDevice(
DriverObject,
0,
&nameString,
FILE_DEVICE_DISK_FILE_SYSTEM,
0,
FALSE,
&deviceObject
);
if (!NT_SUCCESS( status )) {
#if DBG
DbgPrint( “Error creating Sfilter device, error: %x\n”, status );
#endif // DBG
return status;
}
else
{
RtlInitUnicodeString ( &linkString, L"\DosDevices\UniDriver" );
DbgPrint(“\nbefore IoCreateSymbolicLink\n”);
status = IoCreateSymbolicLink ( &linkString, &nameString );
if (!NT_SUCCESS(status)) {
DbgPrint ((“Sfilter.sys: IoCreateSymbolicLink failed\n”));
IoDeleteDevice(deviceObject);
return status;
}
DbgPrint(“\nafter IoCreateSymbolicLink\n”);

in the service program

#define UNI_W32_DEVICE_NAME L"\\.\UniDriver"

fprintf(pLog,“\n UniDriver: Opening device…\n”);
hDevice = CreateFile( UNI_W32_DEVICE_NAME,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice == INVALID_HANDLE_VALUE) {
result = GetLastError();
fprintf(pLog,“ERROR opening device…\n”);
fflush(pLog);
DisplayError( result );
if(!EndProcess()){
fprintf(pLog,“Error in closing handles”);
fflush(pLog);
}
return FALSE;
}

but when i start service it fails to start bcos CreateFile API fails and
in the log file it writes that error could not be translated.
i have tried everthing without any success.
Any ideas what could be causing this problem.
any help will be greatly appreciated.

regards
Balvinder

What error code does GetLastError() return. Also make sure symbolic link is
created BEFORE your service application ever tries to open it.

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Monday, December 09, 2002 1:38 PM
Subject: [ntfsd] problem in opening device from Win32 visible name

> Hi!
>
> i’m facing problem in opening device object of my filter driver from
> Win32 service program.
> i have created the symbolic link in driver entry routine and from the
> Object Viewer i can see that it exists in ?? directory.
> i’m attaching the relevant code. kindly tell me where i’m wrong.
>
> In driver entry routine
>
>
> RtlInitUnicodeString( &nameString, L"\FileSystem\UniDriver" );
> status = IoCreateDevice(
> DriverObject,
> 0,
> &nameString,
> FILE_DEVICE_DISK_FILE_SYSTEM,
> 0,
> FALSE,
> &deviceObject
> );
> if (!NT_SUCCESS( status )) {
> #if DBG
> DbgPrint( “Error creating Sfilter device, error: %x\n”, status );
> #endif // DBG
> return status;
> }
> else
> {
> RtlInitUnicodeString ( &linkString, L"\DosDevices\UniDriver" );
> DbgPrint(“\nbefore IoCreateSymbolicLink\n”);
> status = IoCreateSymbolicLink ( &linkString, &nameString );
> if (!NT_SUCCESS(status)) {
> DbgPrint ((“Sfilter.sys: IoCreateSymbolicLink failed\n”));
> IoDeleteDevice(deviceObject);
> return status;
> }
> DbgPrint(“\nafter IoCreateSymbolicLink\n”);
>
>
> in the service program
>
> #define UNI_W32_DEVICE_NAME L"\\.\UniDriver"
>
> fprintf(pLog,“\n UniDriver: Opening device…\n”);
> hDevice = CreateFile( UNI_W32_DEVICE_NAME,
> GENERIC_READ | GENERIC_WRITE,
> 0,
> NULL,
> OPEN_EXISTING,
> FILE_ATTRIBUTE_NORMAL,
> NULL);
> if (hDevice == INVALID_HANDLE_VALUE) {
> result = GetLastError();
> fprintf(pLog,“ERROR opening device…\n”);
> fflush(pLog);
> DisplayError( result );
> if(!EndProcess()){
> fprintf(pLog,“Error in closing handles”);
> fflush(pLog);
> }
> return FALSE;
> }
>
>
> but when i start service it fails to start bcos CreateFile API fails and
> in the log file it writes that error could not be translated.
> i have tried everthing without any success.
> Any ideas what could be causing this problem.
> any help will be greatly appreciated.
>
> regards
> Balvinder
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

Try this

RtlInitUnicodeString( &nameString, L"\Device\UniDriver" );

Sincerely
ML
----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Monday, December 09, 2002 5:08 PM
Subject: [ntfsd] problem in opening device from Win32 visible name

> Hi!
>
> i’m facing problem in opening device object of my filter driver from
> Win32 service program.
> i have created the symbolic link in driver entry routine and from the
> Object Viewer i can see that it exists in ?? directory.
> i’m attaching the relevant code. kindly tell me where i’m wrong.
>
> In driver entry routine
>
>
> RtlInitUnicodeString( &nameString, L"\FileSystem\UniDriver" );
> status = IoCreateDevice(
> DriverObject,
> 0,
> &nameString,
> FILE_DEVICE_DISK_FILE_SYSTEM,
> 0,
> FALSE,
> &deviceObject
> );
> if (!NT_SUCCESS( status )) {
> #if DBG
> DbgPrint( “Error creating Sfilter device, error: %x\n”, status );
> #endif // DBG
> return status;
> }
> else
> {
> RtlInitUnicodeString ( &linkString, L"\DosDevices\UniDriver" );
> DbgPrint(“\nbefore IoCreateSymbolicLink\n”);
> status = IoCreateSymbolicLink ( &linkString, &nameString );
> if (!NT_SUCCESS(status)) {
> DbgPrint ((“Sfilter.sys: IoCreateSymbolicLink failed\n”));
> IoDeleteDevice(deviceObject);
> return status;
> }
> DbgPrint(“\nafter IoCreateSymbolicLink\n”);
>
>
> in the service program
>
> #define UNI_W32_DEVICE_NAME L"\\.\UniDriver"
>
> fprintf(pLog,“\n UniDriver: Opening device…\n”);
> hDevice = CreateFile( UNI_W32_DEVICE_NAME,
> GENERIC_READ | GENERIC_WRITE,
> 0,
> NULL,
> OPEN_EXISTING,
> FILE_ATTRIBUTE_NORMAL,
> NULL);
> if (hDevice == INVALID_HANDLE_VALUE) {
> result = GetLastError();
> fprintf(pLog,“ERROR opening device…\n”);
> fflush(pLog);
> DisplayError( result );
> if(!EndProcess()){
> fprintf(pLog,“Error in closing handles”);
> fflush(pLog);
> }
> return FALSE;
> }
>
>
> but when i start service it fails to start bcos CreateFile API fails and
> in the log file it writes that error could not be translated.
> i have tried everthing without any success.
> Any ideas what could be causing this problem.
> any help will be greatly appreciated.
>
> regards
> Balvinder
>
> —
> You are currently subscribed to ntfsd as: xxxxx@integramicro.com
> To unsubscribe send a blank email to %%email.unsub%%
>

first time i start service, GetLastError() returns some garbage value.
next time i try to start service GetLastError() returns 317.

What is that garbaged value?

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Monday, December 09, 2002 4:38 PM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

> first time i start service, GetLastError() returns some garbage value.
> next time i try to start service GetLastError() returns 317.
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

the garbage value different on different runs.
its like -14409976 and on second run it is -22685688.

can there be any problem bocs i’m putting my driver under \FileSystem
namespace instead of \Device. i have tried putting it under \Device but
its still not working.

regards
Balvinder

In your IRP_MJ_CREATE dispatch routine make sure you complete request
successfuly when you receive empty file name. I.e. it must contain something
like this:

//
PIO_STACK_LOCATION CurrentIrpStackLocationPtr =
IoGetCurrentIrpStackLocation(IrpPtr);
PFILE_OBJECT FileObjectPtr = CurrentIrpStackLocation->FileObject;
PUNICODE_STRING FileNamePtr = &FileObjectPtr->FileName;
//
if (FileNamePtr->Length == 0)
{
IrpPtr->IoStatus.Status = STATUS_SUCCESS;
IrpPtr->IoStatus.Information = FILE_OPENED;
//
IoCompleteRequest(IrpPtr);
//
return STATUS_SUCCESS;
}

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Tuesday, December 10, 2002 6:09 AM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

> the garbage value different on different runs.
> its like -14409976 and on second run it is -22685688.
>
> can there be any problem bocs i’m putting my driver under \FileSystem
> namespace instead of \Device. i have tried putting it under \Device but
> its still not working.
>
> regards
> Balvinder
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

hi!

i tried that but its still not working. i’m attaching code of dispatch
routine for IRP_MJ_CREATE. kindly look at it to see where i’m wrong.
in this routine i’m checking whether the delete flag is set for the file
and if it is set displaying the name of file in debugger.
thanks for ur help.

regards
Balvinder

DBGSTATIC
NTSTATUS
UniCreate(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PIO_STACK_LOCATION irpSp;
KIRQL oldIrql;
PDEVICE_EXTENSION deviceExtension;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;
PIO_SECURITY_CONTEXT pSecurityContext;
ACCESS_MASK DesiredAccess;
UNICODE_STRING UnicodeFileName;
ANSI_STRING AnsiFileName;
PVOID buffer;
POBJECT_NAME_INFORMATION objectNameInfo;
WCHAR driveName[256];
ULONG returnLength;
UNICODE_STRING volumeName;
PVOID volBuffer;
UNICODE_STRING volume1Name;
PVOID vol1Buffer;
UNICODE_STRING volume2Name;
PVOID vol2Buffer;
ULONG lookupFlags;
PFILE_OBJECT pFileObject;
PUNICODE_STRING pFileName;

PAGED_CODE();

if (DeviceObject == gControlDeviceObject) {
//
// A CREATE request is being made on our gControlDeviceObject
//
ExAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );
if (gControlDeviceState != CLOSED) {
status = STATUS_DEVICE_ALREADY_ATTACHED;
} else {
gControlDeviceState = OPENED;
}
ExReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

//
// Since this is our gControlDeviceObject, we complete the
// irp here.
//
Irp->IoStatus.Status = status;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

//
// Get a pointer to the current stack location in the IRP. This is
where
// the function codes and parameters are stored.
//

irpSp = IoGetCurrentIrpStackLocation( Irp );
pFileObject = irpSp->FileObject;
pFileName = &pFileObject->FileName;
if(pFileName->Length == 0)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = FILE_OPENED;
//
IoCompleteRequest(Irp,IO_NO_INCREMENT);
//
return STATUS_SUCCESS;
}

pSecurityContext = irpSp->Parameters.Create.SecurityContext;
DesiredAccess = pSecurityContext->DesiredAccess;

vol1Buffer = ExAllocatePool(NonPagedPool,512);
volume1Name.Length = 0;
volume1Name.MaximumLength = 512;
volume1Name.Buffer = vol1Buffer;
RtlAppendUnicodeToString(&volume1Name, L"\Device\HarddiskVolume1");

vol2Buffer = ExAllocatePool(NonPagedPool,512);
volume2Name.Length = 0;
volume2Name.MaximumLength = 512;
volume2Name.Buffer = vol2Buffer;
RtlAppendUnicodeToString(&volume2Name, L"\Device\HarddiskVolume2");
deviceObject = irpSp->FileObject->DeviceObject;
objectNameInfo = (POBJECT_NAME_INFORMATION)driveName;

status = ObQueryNameString(deviceObject,
objectNameInfo,
sizeof(driveName),
&returnLength);
volBuffer = ExAllocatePool(NonPagedPool,512);
volumeName.Length = 0;
volumeName.MaximumLength = 512;
volumeName.Buffer = volBuffer;
if(RtlCompareUnicodeString(&objectNameInfo->Name,&volume1Name,FALSE))
RtlAppendUnicodeToString(&volumeName, L"D:“);
if(RtlCompareUnicodeString(&objectNameInfo->Name,&volume2Name,FALSE))
RtlAppendUnicodeToString(&volumeName, L"C:”);

ExFreePool(vol1Buffer);
ExFreePool(vol2Buffer);

buffer = ExAllocatePool(NonPagedPool,gMaxNamesToAllocate);

RtlInitUnicodeString(&UnicodeFileName,NULL);

UnicodeFileName.Buffer = buffer;
UnicodeFileName.MaximumLength = (unsigned short)gMaxNamesToAllocate;

UnicodeFileName.Length = 0;

RtlAppendUnicodeToString(&UnicodeFileName, volumeName.Buffer);
RtlAppendUnicodeToString(&UnicodeFileName,
irpSp->FileObject->FileName.Buffer);

ExFreePool(volBuffer);

RtlUnicodeStringToAnsiString(&AnsiFileName,&UnicodeFileName,TRUE);
AnsiFileName.Buffer[AnsiFileName.Length] = ‘\0’;
ExFreePool(buffer);

if(DesiredAccess & DELETE)
{
if(ApplyFilters(AnsiFileName.Buffer))
{
DbgPrint(“\n--------------------------------”);
DbgPrint(“\nInside ApplyFilters of sfcreate”);
DbgPrint(“\n AnsiFileName = %s”,AnsiFileName.Buffer);
DbgPrint(“\nthis file is protected”);
DbgPrint(“\n--------------------------------”);
RtlFreeAnsiString(&AnsiFileName);

return UniPassThrough( DeviceObject, Irp );

}
else
{
DbgPrint(“\nif ApplyFilters false”);
RtlFreeAnsiString(&AnsiFileName);
return UniPassThrough( DeviceObject, Irp );
}

}
else
{

//
// Get a pointer to this driver’s device extension for the specified
// device.
//
deviceExtension = DeviceObject->DeviceExtension;

//
// If debugging is enabled, do the processing required to see the
packet
// upon its completion. Otherwise, let the request go w/no further
// processing.
//

if (SfDebug) {
PIO_STACK_LOCATION nextIrpSp;

//
// Simply copy this driver stack location contents to the next
driver’s
// stack.
//

nextIrpSp = IoGetNextIrpStackLocation( Irp );
RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );

IoSetCompletionRoutine(
Irp,
UniCreateCompletion,
NULL,
TRUE,
FALSE,
FALSE
);
}
else {
Irp->CurrentLocation++;
Irp->Tail.Overlay.CurrentStackLocation++;
}

//
// Now call the appropriate file system driver with the request.
//

return IoCallDriver( deviceExtension->FileSystemDeviceObject, Irp );
}
}

Your status variable is not initialized when (DeviceObject ==
gControlDeviceObject && gControlDeviceState == CLOSED). Later it is assigned
to Irp->IoStatus.Status and that’s why you receive bogus last error code
from CreateFile. Also, when (DeviceObject == gControlDeviceObject),
Irp->IoStatus.Information is not initialized, too.

Your code should look like this:

if (DeviceObject == gControlDeviceObject)
{
// A CREATE request is being made on our gControlDeviceObject
ExAcquireSpinLock(&gControlDeviceStateLock, &oldIrql);
if (gControlDeviceState != CLOSED)
{
status = STATUS_DEVICE_ALREADY_ATTACHED;
Irp->IoStatus.Information = 0;
}
else
{
gControlDeviceState = OPENED;
status = STATUS_SUCCESS;
Irp->IoStatus.Information = FILE_OPENED;
}
ExReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

// Since this is our gControlDeviceObject, we complete the irp here.
Irp->IoStatus.Status = status;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

I also noticed that you have PAGED_CODE macro in the beginning of your
function from what I can assume that your code is marked as paged. But,
calling ExAcquireSpinLock will raise IRQL to DISPATCH_LEVEL which is no
good. I don’t know if it may cause any problem but I would prefer playing
the rules.

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Wednesday, December 11, 2002 1:23 PM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

> hi!
>
> i tried that but its still not working. i’m attaching code of dispatch
> routine for IRP_MJ_CREATE. kindly look at it to see where i’m wrong.
> in this routine i’m checking whether the delete flag is set for the file
> and if it is set displaying the name of file in debugger.
> thanks for ur help.
>
> regards
> Balvinder
>
>
> DBGSTATIC
> NTSTATUS
> UniCreate(
> IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp
> )
> {
> PIO_STACK_LOCATION irpSp;
> KIRQL oldIrql;
> PDEVICE_EXTENSION deviceExtension;
> PDEVICE_OBJECT deviceObject;
> NTSTATUS status;
> PIO_SECURITY_CONTEXT pSecurityContext;
> ACCESS_MASK DesiredAccess;
> UNICODE_STRING UnicodeFileName;
> ANSI_STRING AnsiFileName;
> PVOID buffer;
> POBJECT_NAME_INFORMATION objectNameInfo;
> WCHAR driveName[256];
> ULONG returnLength;
> UNICODE_STRING volumeName;
> PVOID volBuffer;
> UNICODE_STRING volume1Name;
> PVOID vol1Buffer;
> UNICODE_STRING volume2Name;
> PVOID vol2Buffer;
> ULONG lookupFlags;
> PFILE_OBJECT pFileObject;
> PUNICODE_STRING pFileName;
>
>
> PAGED_CODE();
>
> if (DeviceObject == gControlDeviceObject) {
> //
> // A CREATE request is being made on our gControlDeviceObject
> //
> ExAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );
> if (gControlDeviceState != CLOSED) {
> status = STATUS_DEVICE_ALREADY_ATTACHED;
> } else {
> gControlDeviceState = OPENED;
> }
> ExReleaseSpinLock( &gControlDeviceStateLock, oldIrql );
>
> //
> // Since this is our gControlDeviceObject, we complete the
> // irp here.
> //
> Irp->IoStatus.Status = status;
> IoCompleteRequest( Irp, IO_NO_INCREMENT );
> return status;
> }
>
> //
> // Get a pointer to the current stack location in the IRP. This is
> where
> // the function codes and parameters are stored.
> //
>
>
> irpSp = IoGetCurrentIrpStackLocation( Irp );
> pFileObject = irpSp->FileObject;
> pFileName = &pFileObject->FileName;
> if(pFileName->Length == 0)
> {
> Irp->IoStatus.Status = STATUS_SUCCESS;
> Irp->IoStatus.Information = FILE_OPENED;
> //
> IoCompleteRequest(Irp,IO_NO_INCREMENT);
> //
> return STATUS_SUCCESS;
> }
>
>
> pSecurityContext = irpSp->Parameters.Create.SecurityContext;
> DesiredAccess = pSecurityContext->DesiredAccess;
>
> vol1Buffer = ExAllocatePool(NonPagedPool,512);
> volume1Name.Length = 0;
> volume1Name.MaximumLength = 512;
> volume1Name.Buffer = vol1Buffer;
> RtlAppendUnicodeToString(&volume1Name, L"\Device\HarddiskVolume1");
>
> vol2Buffer = ExAllocatePool(NonPagedPool,512);
> volume2Name.Length = 0;
> volume2Name.MaximumLength = 512;
> volume2Name.Buffer = vol2Buffer;
> RtlAppendUnicodeToString(&volume2Name, L"\Device\HarddiskVolume2");
> deviceObject = irpSp->FileObject->DeviceObject;
> objectNameInfo = (POBJECT_NAME_INFORMATION)driveName;
>
> status = ObQueryNameString(deviceObject,
> objectNameInfo,
> sizeof(driveName),
> &returnLength);
> volBuffer = ExAllocatePool(NonPagedPool,512);
> volumeName.Length = 0;
> volumeName.MaximumLength = 512;
> volumeName.Buffer = volBuffer;
> if(RtlCompareUnicodeString(&objectNameInfo->Name,&volume1Name,FALSE))
> RtlAppendUnicodeToString(&volumeName, L"D:“);
> if(RtlCompareUnicodeString(&objectNameInfo->Name,&volume2Name,FALSE))
> RtlAppendUnicodeToString(&volumeName, L"C:”);
>
> ExFreePool(vol1Buffer);
> ExFreePool(vol2Buffer);
>
> buffer = ExAllocatePool(NonPagedPool,gMaxNamesToAllocate);
>
> RtlInitUnicodeString(&UnicodeFileName,NULL);
>
> UnicodeFileName.Buffer = buffer;
> UnicodeFileName.MaximumLength = (unsigned short)gMaxNamesToAllocate;
>
> UnicodeFileName.Length = 0;
>
> RtlAppendUnicodeToString(&UnicodeFileName, volumeName.Buffer);
> RtlAppendUnicodeToString(&UnicodeFileName,
> irpSp->FileObject->FileName.Buffer);
>
> ExFreePool(volBuffer);
>
> RtlUnicodeStringToAnsiString(&AnsiFileName,&UnicodeFileName,TRUE);
> AnsiFileName.Buffer[AnsiFileName.Length] = ‘\0’;
> ExFreePool(buffer);
>
> if(DesiredAccess & DELETE)
> {
> if(ApplyFilters(AnsiFileName.Buffer))
> {
> DbgPrint(“\n--------------------------------”);
> DbgPrint(“\nInside ApplyFilters of sfcreate”);
> DbgPrint(“\n AnsiFileName = %s”,AnsiFileName.Buffer);
> DbgPrint(“\nthis file is protected”);
> DbgPrint(“\n--------------------------------”);
> RtlFreeAnsiString(&AnsiFileName);
>
> return UniPassThrough( DeviceObject, Irp );
>
> }
> else
> {
> DbgPrint(“\nif ApplyFilters false”);
> RtlFreeAnsiString(&AnsiFileName);
> return UniPassThrough( DeviceObject, Irp );
> }
>
> }
> else
> {
>
>
> //
> // Get a pointer to this driver’s device extension for the specified
> // device.
> //
> deviceExtension = DeviceObject->DeviceExtension;
>
> //
> // If debugging is enabled, do the processing required to see the
> packet
> // upon its completion. Otherwise, let the request go w/no further
> // processing.
> //
>
> if (SfDebug) {
> PIO_STACK_LOCATION nextIrpSp;
>
> //
> // Simply copy this driver stack location contents to the next
> driver’s
> // stack.
> //
>
> nextIrpSp = IoGetNextIrpStackLocation( Irp );
> RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );
>
> IoSetCompletionRoutine(
> Irp,
> UniCreateCompletion,
> NULL,
> TRUE,
> FALSE,
> FALSE
> );
> }
> else {
> Irp->CurrentLocation++;
> Irp->Tail.Overlay.CurrentStackLocation++;
> }
>
> //
> // Now call the appropriate file system driver with the request.
> //
>
> return IoCallDriver( deviceExtension->FileSystemDeviceObject, Irp );
> }
> }
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

hi!

thanks a lot for ur help. actually i’m new to drivers development. so i’m
not aware of many concepts and i don’t have any help available at my
place.
yeah the observation u made on PAGED_CODE is true. sometimes the bugcheck
0x50 PAGE_FAULT_IN_NONPAGED_AREA occurs though not always and bugcheck
analysis trace this problem in dispatch routine for IRP_MJ_CREATE.
is it bcos of acquiring spin lock in code that contains PAGED_CODE macro.
thanks.

regards
balvinder

You have to find and remove a line with something like #pragma
alloc_text(PAGE, UniCreate). This will make your UniCreate function be
loaded in nonpaged area and allow to safely acquire spinlocks in it. Also
remove PAGED_CODE macro though it would never cause any problem if you
don’t.

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Thursday, December 12, 2002 7:41 AM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

>
> hi!
>
> thanks a lot for ur help. actually i’m new to drivers development. so i’m
> not aware of many concepts and i don’t have any help available at my
> place.
> yeah the observation u made on PAGED_CODE is true. sometimes the bugcheck
> 0x50 PAGE_FAULT_IN_NONPAGED_AREA occurs though not always and bugcheck
> analysis trace this problem in dispatch routine for IRP_MJ_CREATE.
> is it bcos of acquiring spin lock in code that contains PAGED_CODE macro.
> thanks.
>
> regards
> balvinder
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

hi!!

yeah i made changes as u suggested, but now the system hangs at the boot
time.
when i boot system the driver gets initialized properly.
in the UniCreate routine i’m displaying the names of the files for which
the delete flag is set. but when it display the file name
C:\WINNT\debug\ipsecpa.bak it gives me the error Access violation - code
c0000005 and after this the system hangs. this error always comes after
this file only.
it gives error in FastIodeviceControl routine. this i have copied just as
it is from sfilter sample.
the only change i have made is in UniCreate.

any idea what can cause this problem. i’m not getting any idea on how to
track it.

the call stack it shows is

ChildEBP RetAddr Args to Child
f82b6c2c 804a050c ff4de268 00000001 00000000
Unifilter!UniFastIoDeviceControl+0x49
f82b6d00 804a04c4 00000080 00000000 00000000 nt!IopXxxControlFile+0x2c8
f82b6d34 804649a1 00000080 00000000 00000000 nt!NtDeviceIoControlFile+0x28
f82b6d34 77f830a5 00000080 00000000 00000000 nt!KiSystemService+0xc4
00adedf0 01003059 00000080 12350014 00000000
NTDLL!ZwDeviceIoControlFile+0xb
WARNING: Frame IP not in any known module. Following frames may be wrong.
00adedf0 01003059 00000080 12350014 00000000 0x1003059
00adfe20 01002927 0100c040 77dc8be6 00000000 0x1003059
00adff90 0100272c 01002353 00000000 00074660 0x1002927
00adffec 00000000 77dc9563 00074660 00000000 0x100272c

the FastIoDeviceControl routine is

DBGSTATIC
BOOLEAN
UniFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)

{
PDEVICE_OBJECT deviceObject;
PFAST_IO_DISPATCH fastIoDispatch;

PAGED_CODE();

DbgPrint(“\ninside fastIoDeviceControl”);

deviceObject = ((PDEVICE_EXTENSION)
(DeviceObject->DeviceExtension))->FileSystemDeviceObject;

fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;

if (fastIoDispatch && fastIoDispatch->FastIoDeviceControl) {
return (fastIoDispatch->FastIoDeviceControl)(
FileObject,
Wait,
InputBuffer,
InputBufferLength,
OutputBuffer,
OutputBufferLength,
IoControlCode,
IoStatus,
deviceObject
);
}
else {
return FALSE;
}

}

If this is your control device object then
DeviceExtension->FileSystemDeviceObject is NULL. So the line

fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;

may cause the access violation. Change it to something like

fastIoDispath = deviceObject ? deviceObject->DriverObject->FastIoDispatch :
NULL;

I cannot say that this is exactly your problem but again you’ve got to be
careful. When you get the warning “Access violation - code c0000005” try to
issue gn command. Your system will bugcheck and locate the faulty code.

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Thursday, December 12, 2002 3:54 PM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

>
> hi!!
>
> yeah i made changes as u suggested, but now the system hangs at the boot
> time.
> when i boot system the driver gets initialized properly.
> in the UniCreate routine i’m displaying the names of the files for which
> the delete flag is set. but when it display the file name
> C:\WINNT\debug\ipsecpa.bak it gives me the error Access violation - code
> c0000005 and after this the system hangs. this error always comes after
> this file only.
> it gives error in FastIodeviceControl routine. this i have copied just as
> it is from sfilter sample.
> the only change i have made is in UniCreate.
>
> any idea what can cause this problem. i’m not getting any idea on how to
> track it.
>
> the call stack it shows is
>
> ChildEBP RetAddr Args to Child
> f82b6c2c 804a050c ff4de268 00000001 00000000
> Unifilter!UniFastIoDeviceControl+0x49
> f82b6d00 804a04c4 00000080 00000000 00000000 nt!IopXxxControlFile+0x2c8
> f82b6d34 804649a1 00000080 00000000 00000000 nt!NtDeviceIoControlFile+0x28
> f82b6d34 77f830a5 00000080 00000000 00000000 nt!KiSystemService+0xc4
> 00adedf0 01003059 00000080 12350014 00000000
> NTDLL!ZwDeviceIoControlFile+0xb
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 00adedf0 01003059 00000080 12350014 00000000 0x1003059
> 00adfe20 01002927 0100c040 77dc8be6 00000000 0x1003059
> 00adff90 0100272c 01002353 00000000 00074660 0x1002927
> 00adffec 00000000 77dc9563 00074660 00000000 0x100272c
>
> the FastIoDeviceControl routine is
>
> DBGSTATIC
> BOOLEAN
> UniFastIoDeviceControl(
> IN PFILE_OBJECT FileObject,
> IN BOOLEAN Wait,
> IN PVOID InputBuffer OPTIONAL,
> IN ULONG InputBufferLength,
> OUT PVOID OutputBuffer OPTIONAL,
> IN ULONG OutputBufferLength,
> IN ULONG IoControlCode,
> OUT PIO_STATUS_BLOCK IoStatus,
> IN PDEVICE_OBJECT DeviceObject
> )
>
>
> {
> PDEVICE_OBJECT deviceObject;
> PFAST_IO_DISPATCH fastIoDispatch;
>
> PAGED_CODE();
>
> DbgPrint(“\ninside fastIoDeviceControl”);
>
> deviceObject = ((PDEVICE_EXTENSION)
> (DeviceObject->DeviceExtension))->FileSystemDeviceObject;
>
> fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;
>
> if (fastIoDispatch && fastIoDispatch->FastIoDeviceControl) {
> return (fastIoDispatch->FastIoDeviceControl)(
> FileObject,
> Wait,
> InputBuffer,
> InputBufferLength,
> OutputBuffer,
> OutputBufferLength,
> IoControlCode,
> IoStatus,
> deviceObject
> );
> }
> else {
> return FALSE;
> }
>
> }
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

Hi!!

i have found the exact place from where this error comes. in unicreate
when the request comes on my device object at the boot time it gives this
error. the code in unicreate that handles request directed at its own
device object is

if (DeviceObject == gControlDeviceObject) {
//
// A CREATE request is being made on our gControlDeviceObject
//
ExAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );
if (gControlDeviceState != CLOSED) {
status = STATUS_DEVICE_ALREADY_ATTACHED;
Irp->IoStatus.Information = 0;
} else {
gControlDeviceState = OPENED;
status = STATUS_SUCCESS;
Irp->IoStatus.Information = FILE_OPENED;
}
ExReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

//
// Since this is our gControlDeviceObject, we complete the
// irp here.
//
Irp->IoStatus.Status = status;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

if i comment following lines in the above code then this problem does not
come.

Irp->IoStatus.Information = 0;
status = STATUS_SUCCESS;
Irp->IoStatus.Information = FILE_OPENED;

but i require this code for opening the device from user mode.
also why is it entering this code segment at boot time.
which application is opening my device.
any idea.

thanks

regards
balvinder

Please, provide us with full WinDBG info on the error (give !analyze -v
command and copy-paste give info to your mail).

----- Original Message -----
From: “Balvinder Singh”
To: “File Systems Developers”
Sent: Monday, December 16, 2002 3:40 PM
Subject: [ntfsd] Re: problem in opening device from Win32 visible name

>
> Hi!!
>
> i have found the exact place from where this error comes. in unicreate
> when the request comes on my device object at the boot time it gives this
> error. the code in unicreate that handles request directed at its own
> device object is
>
> if (DeviceObject == gControlDeviceObject) {
> //
> // A CREATE request is being made on our gControlDeviceObject
> //
> ExAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );
> if (gControlDeviceState != CLOSED) {
> status = STATUS_DEVICE_ALREADY_ATTACHED;
> Irp->IoStatus.Information = 0;
> } else {
> gControlDeviceState = OPENED;
> status = STATUS_SUCCESS;
> Irp->IoStatus.Information = FILE_OPENED;
> }
> ExReleaseSpinLock( &gControlDeviceStateLock, oldIrql );
>
> //
> // Since this is our gControlDeviceObject, we complete the
> // irp here.
> //
> Irp->IoStatus.Status = status;
> IoCompleteRequest( Irp, IO_NO_INCREMENT );
> return status;
> }
>
> if i comment following lines in the above code then this problem does not
> come.
>
> Irp->IoStatus.Information = 0;
> status = STATUS_SUCCESS;
> Irp->IoStatus.Information = FILE_OPENED;
>
> but i require this code for opening the device from user mode.
> also why is it entering this code segment at boot time.
> which application is opening my device.
> any idea.
>
> thanks
>
> regards
> balvinder
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to %%email.unsub%%
>

hi!!

did u received my mail regarding the debug info

regards
Balvinder