Problem with IoIsOperationSynchronous

NTFSD
1

Hello,
I’m studying the “filesys” sample driver that comes with the Nagar’s book
and run into this problem. I add codes to handle FS control dispatch
DrvObj->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
SFsdFSControl;

In SFsdFSControl, for some reason my call to
IoIsOperationSynchronous(Irp) generates an access error.
Even though the Irp is valid (MmIsAddressValid returns TRUE)
Am I missing something obvious here? TIA.

Regards,
Chu Bun

MJ code is: IRP_MJ_FILE_SYSTEM_CONTROL
MN code is: IRP_MN_MOUNT_VOLUME
irql is: 0

=========================================
Access violation - code c0000005 (!!! second chance !!!)
nt!IoIsOperationSynchronous+c:
80a24b9c f6412c02 test byte ptr [ecx+0x2c],0x2

!analyze -v

****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x0

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from f64ca3c3 to 80a24b9c

STACK_TEXT:
f690f8c0 f64ca3c3 81c259a8 81daecd8 81c259a8 nt!IoIsOperationSynchronous+0xc
f690f908 80a2675c 81daecd8 81c259a8 81c25b0c filesys!SFsdFSControl+0xf3
[u:_fsinternal\filesys\src\fscntrl.c @ 25]
f690f924 f959c22e 81b5cd80 81c259a8 00000000 nt!IofCallDriver+0x62
f690f94c 80a2675c 81b5cd80 81c25b14 81c259a8 Dfs!DfsFilterFsControl+0x14a
f690f968 80c73a66 804ecca4 81dee5d0 804ecc38 nt!IofCallDriver+0x62
f690f9c0 80a2c7ea 81dee5d0 f690fc00 00000000 nt!IopMountVolume+0x2a8
f690f9ec 80c752ba f690fcc0 81dee500 f690fb3c nt!IopCheckVpbMounted+0x5a
f690faf8 80d1d014 81dee5d0 00000000 81bce728 nt!IopParseDevice+0x546
f690fb74 80d16778 00000000 f690fbb4 00000040 nt!ObpLookupObjectName+0x652
f690fbc8 80c6431c 00000000 00000000 81b49701 nt!ObOpenObjectByName+0x13e
f690fd48 80afbbf2 0129fc08 0129fbe0 772616dc nt!NtQueryAttributesFile+0x11a
f690fd48 7ffe0304 0129fc08 0129fbe0 772616dc nt!KiSystemService+0x13f
0129fbc0 77f2f318 77e51117 0129fc08 0129fbe0
SharedUserData!SystemCallStub+0x4
0129fbc4 77e51117 0129fc08 0129fbe0 77e4dfa3 ntdll!ZwQueryAttributesFile+0xc
0129fc28 773c538d 0129fc44 00109034 00000001
kernel32!GetFileAttributesW+0x58
0129fe50 773c334b 00108dd8 773c448f 00108320
SHELL32!CMtPtLocal::_IsAutorun+0x9c
0129fe58 773c448f 00108320 774bad74 00108dd8
SHELL32!CMtPtLocal::_InitAutorunInfo+0x1f
0129fe8c 773c46eb 00108320 00108320 774bacb8 SHELL32!CMtPtLocal::_Init+0xde
0129febc 773d455e 00108320 773d44cf 80010106
SHELL32!CMtPtLocal::_CreateMtPtLocal+0x9c
0129fed4 771136de 00108320 77113699 00000000
SHELL32!CMountPoint::HandleMountPointLocalEventThreadProc+0x8f
0129feec 77f7f362 00000000 77fbbc40 00110eb0 SHLWAPI!ExecuteWorkItem+0x45
0129ff44 77f7e498 77113699 000dea78 0008574c ntdll!RtlpWorkerCallout+0x8a
0129ff64 77f7f181 00000000 000dea78 00110eb0
ntdll!RtlpExecuteWorkerRequest+0x3e
0129ff78 77f7d5ff 77f7e45a 00000000 000dea78 ntdll!RtlpApcCallout+0xf
0129ffb8 77e41bb7 00000000 00000000 00000000 ntdll!RtlpWorkerThread+0x73
0129ffec 00000000 77f7d58c 00000000 00000000 kernel32!BaseThreadStart+0x34

FOLLOWUP_IP:
filesys!SFsdFSControl+f3
f64ca3c3 0fb6d0 movzx edx,al

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: filesys!SFsdFSControl+f3

MODULE_NAME: filesys

IMAGE_NAME: filesys.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3fe22f64

STACK_COMMAND: kb

BUCKET_ID: 0x0_filesys!SFsdFSControl+f3

Followup: MachineOwner

2

There is no fileobject for mount request irps. IoIsOperationSynchronous
checks the fileobject flags. Did you disassemble the routine to see what
it does?

You should try it.

Pete

Peter Scott
xxxxx@KernelDrivers.com
www.KernelDrivers.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
Sent: Thursday, December 18, 2003 2:58 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Problem with IoIsOperationSynchronous

Hello,
I’m studying the “filesys” sample driver that comes with the Nagar’s
book
and run into this problem. I add codes to handle FS control dispatch
DrvObj->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
SFsdFSControl;

In SFsdFSControl, for some reason my call to
IoIsOperationSynchronous(Irp) generates an access error.
Even though the Irp is valid (MmIsAddressValid returns TRUE)
Am I missing something obvious here? TIA.

Regards,
Chu Bun

MJ code is: IRP_MJ_FILE_SYSTEM_CONTROL
MN code is: IRP_MN_MOUNT_VOLUME
irql is: 0

=========================================
Access violation - code c0000005 (!!! second chance !!!)
nt!IoIsOperationSynchronous+c:
80a24b9c f6412c02 test byte ptr [ecx+0x2c],0x2

!analyze -v

************************************************************************
****
***
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
****
***

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x0

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from f64ca3c3 to 80a24b9c

STACK_TEXT:
f690f8c0 f64ca3c3 81c259a8 81daecd8 81c259a8
nt!IoIsOperationSynchronous+0xc
f690f908 80a2675c 81daecd8 81c259a8 81c25b0c filesys!SFsdFSControl+0xf3
[u:_fsinternal\filesys\src\fscntrl.c @ 25]
f690f924 f959c22e 81b5cd80 81c259a8 00000000 nt!IofCallDriver+0x62
f690f94c 80a2675c 81b5cd80 81c25b14 81c259a8
Dfs!DfsFilterFsControl+0x14a
f690f968 80c73a66 804ecca4 81dee5d0 804ecc38 nt!IofCallDriver+0x62
f690f9c0 80a2c7ea 81dee5d0 f690fc00 00000000 nt!IopMountVolume+0x2a8
f690f9ec 80c752ba f690fcc0 81dee500 f690fb3c nt!IopCheckVpbMounted+0x5a
f690faf8 80d1d014 81dee5d0 00000000 81bce728 nt!IopParseDevice+0x546
f690fb74 80d16778 00000000 f690fbb4 00000040
nt!ObpLookupObjectName+0x652
f690fbc8 80c6431c 00000000 00000000 81b49701 nt!ObOpenObjectByName+0x13e
f690fd48 80afbbf2 0129fc08 0129fbe0 772616dc
nt!NtQueryAttributesFile+0x11a
f690fd48 7ffe0304 0129fc08 0129fbe0 772616dc nt!KiSystemService+0x13f
0129fbc0 77f2f318 77e51117 0129fc08 0129fbe0
SharedUserData!SystemCallStub+0x4
0129fbc4 77e51117 0129fc08 0129fbe0 77e4dfa3
ntdll!ZwQueryAttributesFile+0xc
0129fc28 773c538d 0129fc44 00109034 00000001
kernel32!GetFileAttributesW+0x58
0129fe50 773c334b 00108dd8 773c448f 00108320
SHELL32!CMtPtLocal::_IsAutorun+0x9c
0129fe58 773c448f 00108320 774bad74 00108dd8
SHELL32!CMtPtLocal::_InitAutorunInfo+0x1f
0129fe8c 773c46eb 00108320 00108320 774bacb8
SHELL32!CMtPtLocal::_Init+0xde
0129febc 773d455e 00108320 773d44cf 80010106
SHELL32!CMtPtLocal::_CreateMtPtLocal+0x9c
0129fed4 771136de 00108320 77113699 00000000
SHELL32!CMountPoint::HandleMountPointLocalEventThreadProc+0x8f
0129feec 77f7f362 00000000 77fbbc40 00110eb0
SHLWAPI!ExecuteWorkItem+0x45
0129ff44 77f7e498 77113699 000dea78 0008574c
ntdll!RtlpWorkerCallout+0x8a
0129ff64 77f7f181 00000000 000dea78 00110eb0
ntdll!RtlpExecuteWorkerRequest+0x3e
0129ff78 77f7d5ff 77f7e45a 00000000 000dea78 ntdll!RtlpApcCallout+0xf
0129ffb8 77e41bb7 00000000 00000000 00000000 ntdll!RtlpWorkerThread+0x73
0129ffec 00000000 77f7d58c 00000000 00000000
kernel32!BaseThreadStart+0x34

FOLLOWUP_IP:
filesys!SFsdFSControl+f3
f64ca3c3 0fb6d0 movzx edx,al

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: filesys!SFsdFSControl+f3

MODULE_NAME: filesys

IMAGE_NAME: filesys.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3fe22f64

STACK_COMMAND: kb

BUCKET_ID: 0x0_filesys!SFsdFSControl+f3

Followup: MachineOwner

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

Thanks for the quick reply. I’d love to try to diassemble the routine,
if someone shows me how :slight_smile:

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
>
> There is no fileobject for mount request irps. IoIsOperationSynchronous
> checks the fileobject flags. Did you disassemble the routine to see what
> it does?
>
> You should try it.
>
> Pete
>
> Peter Scott
> xxxxx@KernelDrivers.com
> www.KernelDrivers.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
> Sent: Thursday, December 18, 2003 2:58 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Problem with IoIsOperationSynchronous
>
> Hello,
> I’m studying the “filesys” sample driver that comes with the Nagar’s
> book
> and run into this problem. I add codes to handle FS control dispatch
> DrvObj->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
> SFsdFSControl;
>
> In SFsdFSControl, for some reason my call to
> IoIsOperationSynchronous(Irp) generates an access error.
> Even though the Irp is valid (MmIsAddressValid returns TRUE)
> Am I missing something obvious here? TIA.
>
> Regards,
> Chu Bun
>
>
> MJ code is: IRP_MJ_FILE_SYSTEM_CONTROL
> MN code is: IRP_MN_MOUNT_VOLUME
> irql is: 0
>
> =========================================
> Access violation - code c0000005 (!!! second chance !!!)
> nt!IoIsOperationSynchronous+c:
> 80a24b9c f6412c02 test byte ptr [ecx+0x2c],0x2
> =========================================
> !analyze -v
>
> ****
>
>
>
>
> * Bugcheck Analysis
>
>
>
>
> *
>
>
> Unknown bugcheck code (0)
> Unknown bugcheck description
> Arguments:
> Arg1: 00000000
> Arg2: 00000000
> Arg3: 00000000
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x0
>
> CURRENT_IRQL: 0
>
> LAST_CONTROL_TRANSFER: from f64ca3c3 to 80a24b9c
>
> STACK_TEXT:
> f690f8c0 f64ca3c3 81c259a8 81daecd8 81c259a8
> nt!IoIsOperationSynchronous+0xc
> f690f908 80a2675c 81daecd8 81c259a8 81c25b0c filesys!SFsdFSControl+0xf3
> [u:_fsinternal\filesys\src\fscntrl.c @ 25]
> f690f924 f959c22e 81b5cd80 81c259a8 00000000 nt!IofCallDriver+0x62
> f690f94c 80a2675c 81b5cd80 81c25b14 81c259a8
> Dfs!DfsFilterFsControl+0x14a
> f690f968 80c73a66 804ecca4 81dee5d0 804ecc38 nt!IofCallDriver+0x62
> f690f9c0 80a2c7ea 81dee5d0 f690fc00 00000000 nt!IopMountVolume+0x2a8
> f690f9ec 80c752ba f690fcc0 81dee500 f690fb3c nt!IopCheckVpbMounted+0x5a
> f690faf8 80d1d014 81dee5d0 00000000 81bce728 nt!IopParseDevice+0x546
> f690fb74 80d16778 00000000 f690fbb4 00000040
> nt!ObpLookupObjectName+0x652
> f690fbc8 80c6431c 00000000 00000000 81b49701 nt!ObOpenObjectByName+0x13e
> f690fd48 80afbbf2 0129fc08 0129fbe0 772616dc
> nt!NtQueryAttributesFile+0x11a
> f690fd48 7ffe0304 0129fc08 0129fbe0 772616dc nt!KiSystemService+0x13f
> 0129fbc0 77f2f318 77e51117 0129fc08 0129fbe0
> SharedUserData!SystemCallStub+0x4
> 0129fbc4 77e51117 0129fc08 0129fbe0 77e4dfa3
> ntdll!ZwQueryAttributesFile+0xc
> 0129fc28 773c538d 0129fc44 00109034 00000001
> kernel32!GetFileAttributesW+0x58
> 0129fe50 773c334b 00108dd8 773c448f 00108320
> SHELL32!CMtPtLocal::_IsAutorun+0x9c
> 0129fe58 773c448f 00108320 774bad74 00108dd8
> SHELL32!CMtPtLocal::_InitAutorunInfo+0x1f
> 0129fe8c 773c46eb 00108320 00108320 774bacb8
> SHELL32!CMtPtLocal::_Init+0xde
> 0129febc 773d455e 00108320 773d44cf 80010106
> SHELL32!CMtPtLocal::_CreateMtPtLocal+0x9c
> 0129fed4 771136de 00108320 77113699 00000000
> SHELL32!CMountPoint::HandleMountPointLocalEventThreadProc+0x8f
> 0129feec 77f7f362 00000000 77fbbc40 00110eb0
> SHLWAPI!ExecuteWorkItem+0x45
> 0129ff44 77f7e498 77113699 000dea78 0008574c
> ntdll!RtlpWorkerCallout+0x8a
> 0129ff64 77f7f181 00000000 000dea78 00110eb0
> ntdll!RtlpExecuteWorkerRequest+0x3e
> 0129ff78 77f7d5ff 77f7e45a 00000000 000dea78 ntdll!RtlpApcCallout+0xf
> 0129ffb8 77e41bb7 00000000 00000000 00000000 ntdll!RtlpWorkerThread+0x73
> 0129ffec 00000000 77f7d58c 00000000 00000000
> kernel32!BaseThreadStart+0x34
>
>
> FOLLOWUP_IP:
> filesys!SFsdFSControl+f3
> f64ca3c3 0fb6d0 movzx edx,al
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: filesys!SFsdFSControl+f3
>
> MODULE_NAME: filesys
>
> IMAGE_NAME: filesys.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3fe22f64
>
> STACK_COMMAND: kb
>
> BUCKET_ID: 0x0_filesys!SFsdFSControl+f3
>
> Followup: MachineOwner
> ---------
>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>

4

From WinDbg, others may have different ways but this works for me:

u IoIsOperationSynchronous

Have fun!

Pete

Peter Scott
xxxxx@KernelDrivers.com
www.KernelDrivers.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
Sent: Thursday, December 18, 2003 3:35 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Re: Problem with IoIsOperationSynchronous

Thanks for the quick reply. I’d love to try to diassemble the routine,
if someone shows me how :slight_smile:

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
>
> There is no fileobject for mount request irps.
IoIsOperationSynchronous
> checks the fileobject flags. Did you disassemble the routine to see
what
> it does?
>
> You should try it.
>
> Pete
>
> Peter Scott
> xxxxx@KernelDrivers.com
> www.KernelDrivers.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
> Sent: Thursday, December 18, 2003 2:58 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Problem with IoIsOperationSynchronous
>
> Hello,
> I’m studying the “filesys” sample driver that comes with the Nagar’s
> book
> and run into this problem. I add codes to handle FS control dispatch
> DrvObj->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
> SFsdFSControl;
>
> In SFsdFSControl, for some reason my call to
> IoIsOperationSynchronous(Irp) generates an access error.
> Even though the Irp is valid (MmIsAddressValid returns TRUE)
> Am I missing something obvious here? TIA.
>
> Regards,
> Chu Bun
>
>
> MJ code is: IRP_MJ_FILE_SYSTEM_CONTROL
> MN code is: IRP_MN_MOUNT_VOLUME
> irql is: 0
>
> =========================================
> Access violation - code c0000005 (!!! second chance !!!)
> nt!IoIsOperationSynchronous+c:
> 80a24b9c f6412c02 test byte ptr [ecx+0x2c],0x2
> =========================================
> !analyze -v
>
>
****
>
>
>
>
> * Bugcheck Analysis
>
>
>
>
> *
>
>
> Unknown bugcheck code (0)
> Unknown bugcheck description
> Arguments:
> Arg1: 00000000
> Arg2: 00000000
> Arg3: 00000000
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x0
>
> CURRENT_IRQL: 0
>
> LAST_CONTROL_TRANSFER: from f64ca3c3 to 80a24b9c
>
> STACK_TEXT:
> f690f8c0 f64ca3c3 81c259a8 81daecd8 81c259a8
> nt!IoIsOperationSynchronous+0xc
> f690f908 80a2675c 81daecd8 81c259a8 81c25b0c
filesys!SFsdFSControl+0xf3
> [u:_fsinternal\filesys\src\fscntrl.c @ 25]
> f690f924 f959c22e 81b5cd80 81c259a8 00000000 nt!IofCallDriver+0x62
> f690f94c 80a2675c 81b5cd80 81c25b14 81c259a8
> Dfs!DfsFilterFsControl+0x14a
> f690f968 80c73a66 804ecca4 81dee5d0 804ecc38 nt!IofCallDriver+0x62
> f690f9c0 80a2c7ea 81dee5d0 f690fc00 00000000 nt!IopMountVolume+0x2a8
> f690f9ec 80c752ba f690fcc0 81dee500 f690fb3c
nt!IopCheckVpbMounted+0x5a
> f690faf8 80d1d014 81dee5d0 00000000 81bce728 nt!IopParseDevice+0x546
> f690fb74 80d16778 00000000 f690fbb4 00000040
> nt!ObpLookupObjectName+0x652
> f690fbc8 80c6431c 00000000 00000000 81b49701
nt!ObOpenObjectByName+0x13e
> f690fd48 80afbbf2 0129fc08 0129fbe0 772616dc
> nt!NtQueryAttributesFile+0x11a
> f690fd48 7ffe0304 0129fc08 0129fbe0 772616dc nt!KiSystemService+0x13f
> 0129fbc0 77f2f318 77e51117 0129fc08 0129fbe0
> SharedUserData!SystemCallStub+0x4
> 0129fbc4 77e51117 0129fc08 0129fbe0 77e4dfa3
> ntdll!ZwQueryAttributesFile+0xc
> 0129fc28 773c538d 0129fc44 00109034 00000001
> kernel32!GetFileAttributesW+0x58
> 0129fe50 773c334b 00108dd8 773c448f 00108320
> SHELL32!CMtPtLocal::_IsAutorun+0x9c
> 0129fe58 773c448f 00108320 774bad74 00108dd8
> SHELL32!CMtPtLocal::_InitAutorunInfo+0x1f
> 0129fe8c 773c46eb 00108320 00108320 774bacb8
> SHELL32!CMtPtLocal::_Init+0xde
> 0129febc 773d455e 00108320 773d44cf 80010106
> SHELL32!CMtPtLocal::_CreateMtPtLocal+0x9c
> 0129fed4 771136de 00108320 77113699 00000000
> SHELL32!CMountPoint::HandleMountPointLocalEventThreadProc+0x8f
> 0129feec 77f7f362 00000000 77fbbc40 00110eb0
> SHLWAPI!ExecuteWorkItem+0x45
> 0129ff44 77f7e498 77113699 000dea78 0008574c
> ntdll!RtlpWorkerCallout+0x8a
> 0129ff64 77f7f181 00000000 000dea78 00110eb0
> ntdll!RtlpExecuteWorkerRequest+0x3e
> 0129ff78 77f7d5ff 77f7e45a 00000000 000dea78 ntdll!RtlpApcCallout+0xf
> 0129ffb8 77e41bb7 00000000 00000000 00000000
ntdll!RtlpWorkerThread+0x73
> 0129ffec 00000000 77f7d58c 00000000 00000000
> kernel32!BaseThreadStart+0x34
>
>
> FOLLOWUP_IP:
> filesys!SFsdFSControl+f3
> f64ca3c3 0fb6d0 movzx edx,al
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: filesys!SFsdFSControl+f3
>
> MODULE_NAME: filesys
>
> IMAGE_NAME: filesys.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3fe22f64
>
> STACK_COMMAND: kb
>
> BUCKET_ID: 0x0_filesys!SFsdFSControl+f3
>
> Followup: MachineOwner
> ---------
>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

Thanks!
I’ll try it.

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
>
> From WinDbg, others may have different ways but this works for me:
>
> u IoIsOperationSynchronous
>
> Have fun!
>
> Pete
>
> Peter Scott
> xxxxx@KernelDrivers.com
> www.KernelDrivers.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
> Sent: Thursday, December 18, 2003 3:35 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Re: Problem with IoIsOperationSynchronous
>
> Thanks for the quick reply. I’d love to try to diassemble the routine,
> if someone shows me how :slight_smile:
>
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
> >
> >
> > There is no fileobject for mount request irps.
> IoIsOperationSynchronous
> > checks the fileobject flags. Did you disassemble the routine to see
> what
> > it does?
> >
> > You should try it.
> >
> > Pete
> >
> > Peter Scott
> > xxxxx@KernelDrivers.com
> > www.KernelDrivers.com
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of ChuBun
> > Sent: Thursday, December 18, 2003 2:58 PM
> > To: Windows File Systems Devs Interest List
> > Subject: [ntfsd] Problem with IoIsOperationSynchronous
> >
> > Hello,
> > I’m studying the “filesys” sample driver that comes with the Nagar’s
> > book
> > and run into this problem. I add codes to handle FS control dispatch
> > DrvObj->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
> > SFsdFSControl;
> >
> > In SFsdFSControl, for some reason my call to
> > IoIsOperationSynchronous(Irp) generates an access error.
> > Even though the Irp is valid (MmIsAddressValid returns TRUE)
> > Am I missing something obvious here? TIA.
> >
> > Regards,
> > Chu Bun
> >
> >
> > MJ code is: IRP_MJ_FILE_SYSTEM_CONTROL
> > MN code is: IRP_MN_MOUNT_VOLUME
> > irql is: 0
> >
> > =========================================
> > Access violation - code c0000005 (!!! second chance !!!)
> > nt!IoIsOperationSynchronous+c:
> > 80a24b9c f6412c02 test byte ptr [ecx+0x2c],0x2
> > =========================================
> > !analyze -v
> >
> >
> ****
> >
> >
> >
> >
> > * Bugcheck Analysis
> >
> >
> >
> >
>
> > *
> >
> >
> > Unknown bugcheck code (0)
> > Unknown bugcheck description
> > Arguments:
> > Arg1: 00000000
> > Arg2: 00000000
> > Arg3: 00000000
> > Arg4: 00000000
> >
> > Debugging Details:
> > ------------------
> >
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x0
> >
> > CURRENT_IRQL: 0
> >
> > LAST_CONTROL_TRANSFER: from f64ca3c3 to 80a24b9c
> >
> > STACK_TEXT:
> > f690f8c0 f64ca3c3 81c259a8 81daecd8 81c259a8
> > nt!IoIsOperationSynchronous+0xc
> > f690f908 80a2675c 81daecd8 81c259a8 81c25b0c
> filesys!SFsdFSControl+0xf3
> > [u:_fsinternal\filesys\src\fscntrl.c @ 25]
> > f690f924 f959c22e 81b5cd80 81c259a8 00000000 nt!IofCallDriver+0x62
> > f690f94c 80a2675c 81b5cd80 81c25b14 81c259a8
> > Dfs!DfsFilterFsControl+0x14a
> > f690f968 80c73a66 804ecca4 81dee5d0 804ecc38 nt!IofCallDriver+0x62
> > f690f9c0 80a2c7ea 81dee5d0 f690fc00 00000000 nt!IopMountVolume+0x2a8
> > f690f9ec 80c752ba f690fcc0 81dee500 f690fb3c
> nt!IopCheckVpbMounted+0x5a
> > f690faf8 80d1d014 81dee5d0 00000000 81bce728 nt!IopParseDevice+0x546
> > f690fb74 80d16778 00000000 f690fbb4 00000040
> > nt!ObpLookupObjectName+0x652
> > f690fbc8 80c6431c 00000000 00000000 81b49701
> nt!ObOpenObjectByName+0x13e
> > f690fd48 80afbbf2 0129fc08 0129fbe0 772616dc
> > nt!NtQueryAttributesFile+0x11a
> > f690fd48 7ffe0304 0129fc08 0129fbe0 772616dc nt!KiSystemService+0x13f
> > 0129fbc0 77f2f318 77e51117 0129fc08 0129fbe0
> > SharedUserData!SystemCallStub+0x4
> > 0129fbc4 77e51117 0129fc08 0129fbe0 77e4dfa3
> > ntdll!ZwQueryAttributesFile+0xc
> > 0129fc28 773c538d 0129fc44 00109034 00000001
> > kernel32!GetFileAttributesW+0x58
> > 0129fe50 773c334b 00108dd8 773c448f 00108320
> > SHELL32!CMtPtLocal::_IsAutorun+0x9c
> > 0129fe58 773c448f 00108320 774bad74 00108dd8
> > SHELL32!CMtPtLocal::_InitAutorunInfo+0x1f
> > 0129fe8c 773c46eb 00108320 00108320 774bacb8
> > SHELL32!CMtPtLocal::_Init+0xde
> > 0129febc 773d455e 00108320 773d44cf 80010106
> > SHELL32!CMtPtLocal::_CreateMtPtLocal+0x9c
> > 0129fed4 771136de 00108320 77113699 00000000
> > SHELL32!CMountPoint::HandleMountPointLocalEventThreadProc+0x8f
> > 0129feec 77f7f362 00000000 77fbbc40 00110eb0
> > SHLWAPI!ExecuteWorkItem+0x45
> > 0129ff44 77f7e498 77113699 000dea78 0008574c
> > ntdll!RtlpWorkerCallout+0x8a
> > 0129ff64 77f7f181 00000000 000dea78 00110eb0
> > ntdll!RtlpExecuteWorkerRequest+0x3e
> > 0129ff78 77f7d5ff 77f7e45a 00000000 000dea78 ntdll!RtlpApcCallout+0xf
> > 0129ffb8 77e41bb7 00000000 00000000 00000000
> ntdll!RtlpWorkerThread+0x73
> > 0129ffec 00000000 77f7d58c 00000000 00000000
> > kernel32!BaseThreadStart+0x34
> >
> >
> > FOLLOWUP_IP:
> > filesys!SFsdFSControl+f3
> > f64ca3c3 0fb6d0 movzx edx,al
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > SYMBOL_NAME: filesys!SFsdFSControl+f3
> >
> > MODULE_NAME: filesys
> >
> > IMAGE_NAME: filesys.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 3fe22f64
> >
> > STACK_COMMAND: kb
> >
> > BUCKET_ID: 0x0_filesys!SFsdFSControl+f3
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>