Problem with adding header

OSR_Community_User-398 · January 12, 2004, 1:57am

Hi!

I’m writing encrypt/decrypt filter driver and trying to add header at the
end of file
I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
buf in FAT,
It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my driver but
lower driver,
on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE

stack :
ntoskrnl! KeBugCheckEx + 0001
ntoskrnl! CcPurgeCacheSection + 0077
ntoskrnl! CcSetFileSizes + 0439
ntoskrnl! CcSetFileSizes + 021F
Fastfat! PAGE + FCAA
Fastfat! PAGE + 1110
Fastfat! PAGE + 4A26
Fastfat! PAGE + 0D17
…

What’s wrong?
Does anybody give me some good counsel?

OSR_Community_User · January 12, 2004, 2:26am

IRP_MJ_CLOSE is running in APC_LEVEL, It is not safe to call ZwWriteFile in IRP_MJ_CLOSE, you can write in Cleanup instead.
Good Lucky.

Tang Hong
Mawadata Corp.
xxxxx@sina.com

----- Original Message -----
From: “Kang”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Monday, January 12, 2004 2:56 PM
Subject: [ntfsd] Problem with adding header

> Hi!
>
> I’m writing encrypt/decrypt filter driver and trying to add header at the
> end of file
> I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
> buf in FAT,
> It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my driver but
> lower driver,
> on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE
>
> stack :
> ntoskrnl! KeBugCheckEx + 0001
> ntoskrnl! CcPurgeCacheSection + 0077
> ntoskrnl! CcSetFileSizes + 0439
> ntoskrnl! CcSetFileSizes + 021F
> Fastfat! PAGE + FCAA
> Fastfat! PAGE + 1110
> Fastfat! PAGE + 4A26
> Fastfat! PAGE + 0D17
> …
>
> What’s wrong?
> Does anybody give me some good counsel?
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>

OSR_Community_User-398 · January 12, 2004, 3:22am

Thanks…
but it still causes same bugcheck.
Why?
Any other good thoungts?

“Tang Hong” wrote in message news:xxxxx@ntfsd…
> IRP_MJ_CLOSE is running in APC_LEVEL, It is not safe to call ZwWriteFile
in IRP_MJ_CLOSE, you can write in Cleanup instead.
> Good Lucky.
>
>
> Tang Hong
> Mawadata Corp.
> xxxxx@sina.com
>
>
> ----- Original Message -----
> From: “Kang”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 12, 2004 2:56 PM
> Subject: [ntfsd] Problem with adding header
>
>
> > Hi!
> >
> > I’m writing encrypt/decrypt filter driver and trying to add header at
the
> > end of file
> > I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
> > buf in FAT,
> > It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my driver but
> > lower driver,
> > on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE
> >
> > stack :
> > ntoskrnl! KeBugCheckEx + 0001
> > ntoskrnl! CcPurgeCacheSection + 0077
> > ntoskrnl! CcSetFileSizes + 0439
> > ntoskrnl! CcSetFileSizes + 021F
> > Fastfat! PAGE + FCAA
> > Fastfat! PAGE + 1110
> > Fastfat! PAGE + 4A26
> > Fastfat! PAGE + 0D17
> > …
> >
> > What’s wrong?
> > Does anybody give me some good counsel?
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
>

OSR_Community_User · January 12, 2004, 4:14am

It seems like a stack overflow error, DEBUGGERs, like soft-ice, usually stopped at KeBugCheckEx, that indicate nothing. Disable DEBUGGERS, information reported by a blue screen perhaps be worthy.
I think that caused by a NG re-entrancy scenario, if you did not call any ZwXXX in IRP_MJ_CLOSE.

Tang Hong
Mawadata Corp.

----- Original Message -----
From: “Kang”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Monday, January 12, 2004 4:21 PM
Subject: Re:[ntfsd] Problem with adding header

> Thanks…
> but it still causes same bugcheck.
> Why?
> Any other good thoungts?
>
> “Tang Hong” wrote in message news:xxxxx@ntfsd…
> > IRP_MJ_CLOSE is running in APC_LEVEL, It is not safe to call ZwWriteFile
> in IRP_MJ_CLOSE, you can write in Cleanup instead.
> > Good Lucky.
> >
> >
> > Tang Hong
> > Mawadata Corp.
> > xxxxx@sina.com
> >
> >
> > ----- Original Message -----
> > From: “Kang”
> > Newsgroups: ntfsd
> > To: “Windows File Systems Devs Interest List”
> > Sent: Monday, January 12, 2004 2:56 PM
> > Subject: [ntfsd] Problem with adding header
> >
> >
> > > Hi!
> > >
> > > I’m writing encrypt/decrypt filter driver and trying to add header at
> the
> > > end of file
> > > I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
> > > buf in FAT,
> > > It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my driver but
> > > lower driver,
> > > on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE
> > >
> > > stack :
> > > ntoskrnl! KeBugCheckEx + 0001
> > > ntoskrnl! CcPurgeCacheSection + 0077
> > > ntoskrnl! CcSetFileSizes + 0439
> > > ntoskrnl! CcSetFileSizes + 021F
> > > Fastfat! PAGE + FCAA
> > > Fastfat! PAGE + 1110
> > > Fastfat! PAGE + 4A26
> > > Fastfat! PAGE + 0D17
> > > …
> > >
> > > What’s wrong?
> > > Does anybody give me some good counsel?
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > >
> >
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User-398 · January 12, 2004, 6:33am

Yes, it may occur re-entrency scinario to use ZwXXXX function call at
dispatch routine.
Anyway,
the information reported by blue screen shows same error code.
As you see, the stack shows that the bugcheck occurs in Fastfat driver,
doesn’t it?
and the bugcheck error code, in DDK document, said
(0x1A p1=0x777)MEMORY_MANAGEMENT
The caller is unlocking a system cache address that is not currently
locked. (This address was either never mapped or is being unlocked twice
…
so I think this is memory management problem, right?
but my driver code doesn’t manage memory functions,except RtlCopyMemory,
RtlZeroMemory,etc.
I wonder why.

Thanks.

“Tang Hong” wrote in message news:xxxxx@ntfsd…
> It seems like a stack overflow error, DEBUGGERs, like soft-ice, usually
stopped at KeBugCheckEx, that indicate nothing. Disable DEBUGGERS,
information reported by a blue screen perhaps be worthy.
> I think that caused by a NG re-entrancy scenario, if you did not call any
ZwXXX in IRP_MJ_CLOSE.
>
>
> Tang Hong
> Mawadata Corp.
>
>
> ----- Original Message -----
> From: “Kang”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 12, 2004 4:21 PM
> Subject: Re:[ntfsd] Problem with adding header
>
>
> > Thanks…
> > but it still causes same bugcheck.
> > Why?
> > Any other good thoungts?
> >
> > “Tang Hong” wrote in message news:xxxxx@ntfsd…
> > > IRP_MJ_CLOSE is running in APC_LEVEL, It is not safe to call
ZwWriteFile
> > in IRP_MJ_CLOSE, you can write in Cleanup instead.
> > > Good Lucky.
> > >
> > >
> > > Tang Hong
> > > Mawadata Corp.
> > > xxxxx@sina.com
> > >
> > >
> > > ----- Original Message -----
> > > From: “Kang”
> > > Newsgroups: ntfsd
> > > To: “Windows File Systems Devs Interest List”
> > > Sent: Monday, January 12, 2004 2:56 PM
> > > Subject: [ntfsd] Problem with adding header
> > >
> > >
> > > > Hi!
> > > >
> > > > I’m writing encrypt/decrypt filter driver and trying to add header
at
> > the
> > > > end of file
> > > > I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
> > > > buf in FAT,
> > > > It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my driver
but
> > > > lower driver,
> > > > on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE
> > > >
> > > > stack :
> > > > ntoskrnl! KeBugCheckEx + 0001
> > > > ntoskrnl! CcPurgeCacheSection + 0077
> > > > ntoskrnl! CcSetFileSizes + 0439
> > > > ntoskrnl! CcSetFileSizes + 021F
> > > > Fastfat! PAGE + FCAA
> > > > Fastfat! PAGE + 1110
> > > > Fastfat! PAGE + 4A26
> > > > Fastfat! PAGE + 0D17
> > > > …
> > > >
> > > > What’s wrong?
> > > > Does anybody give me some good counsel?
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > > >
> > > > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > >
> > > >
> > > >
> > >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>

OSR_Community_User · January 12, 2004, 7:28am

Kang,

This specific bugcheck suggests that you have an MDL handling problem of
some sort. Whether you do it in cleanup or in close is not going to
matter - whatever your specific logic is here, you are leading to an
extra unlock on the pages in question.

Without more information, all I can do is suggest what to look at: look
at how you handle MDLs and the memory buffer you are using to write to
the end of the file. Somewhere within there, you have an error in how
you are handling it.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

See you in Boston for the next File Systems Class - February 23, 2004!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Kang
Sent: Monday, January 12, 2004 6:32 AM
To: ntfsd redirect
Subject: Re:[ntfsd] Re:Problem with adding header

Yes, it may occur re-entrency scinario to use ZwXXXX function call at
dispatch routine.
Anyway,
the information reported by blue screen shows same error code.
As you see, the stack shows that the bugcheck occurs in Fastfat driver,
doesn’t it?
and the bugcheck error code, in DDK document, said
(0x1A p1=0x777)MEMORY_MANAGEMENT
The caller is unlocking a system cache address that is not currently
locked. (This address was either never mapped or is being unlocked twice
…
so I think this is memory management problem, right?
but my driver code doesn’t manage memory functions,except RtlCopyMemory,
RtlZeroMemory,etc.
I wonder why.

Thanks.

“Tang Hong” wrote in message news:xxxxx@ntfsd…
> It seems like a stack overflow error, DEBUGGERs, like soft-ice,
usually
stopped at KeBugCheckEx, that indicate nothing. Disable DEBUGGERS,
information reported by a blue screen perhaps be worthy.
> I think that caused by a NG re-entrancy scenario, if you did not call
any
ZwXXX in IRP_MJ_CLOSE.
>
>
> Tang Hong
> Mawadata Corp.
>
>
> ----- Original Message -----
> From: “Kang”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 12, 2004 4:21 PM
> Subject: Re:[ntfsd] Problem with adding header
>
>
> > Thanks…
> > but it still causes same bugcheck.
> > Why?
> > Any other good thoungts?
> >
> > “Tang Hong” wrote in message news:xxxxx@ntfsd…
> > > IRP_MJ_CLOSE is running in APC_LEVEL, It is not safe to call
ZwWriteFile
> > in IRP_MJ_CLOSE, you can write in Cleanup instead.
> > > Good Lucky.
> > >
> > >
> > > Tang Hong
> > > Mawadata Corp.
> > > xxxxx@sina.com
> > >
> > >
> > > ----- Original Message -----
> > > From: “Kang”
> > > Newsgroups: ntfsd
> > > To: “Windows File Systems Devs Interest List”

> > > Sent: Monday, January 12, 2004 2:56 PM
> > > Subject: [ntfsd] Problem with adding header
> > >
> > >
> > > > Hi!
> > > >
> > > > I’m writing encrypt/decrypt filter driver and trying to add
header
at
> > the
> > > > end of file
> > > > I used ZwWriteFile in IRP_MJ_CLOSE and I works in NTFS
> > > > buf in FAT,
> > > > It causes a (0x1A p1=0x777)MEMORY_MANAGEMENT bugcheck, not my
driver
but
> > > > lower driver,
> > > > on IRP_MJ_CREATE immediately after IRP_MJ_CLOSE
> > > >
> > > > stack :
> > > > ntoskrnl! KeBugCheckEx + 0001
> > > > ntoskrnl! CcPurgeCacheSection + 0077
> > > > ntoskrnl! CcSetFileSizes + 0439
> > > > ntoskrnl! CcSetFileSizes + 021F
> > > > Fastfat! PAGE + FCAA
> > > > Fastfat! PAGE + 1110
> > > > Fastfat! PAGE + 4A26
> > > > Fastfat! PAGE + 0D17
> > > > …
> > > >
> > > > What’s wrong?
> > > > Does anybody give me some good counsel?
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > > >
> > > > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > >
> > > >
> > > >
> > >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@sina.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com