Problem with KB885250 on WinXP

Hello,

I have a problem with a file system filter driver. The driver keeps
hidden control files in some directories. Whenever a directory is
about to be deleted (IRP_MJ_SET_INFORMATION/FileDispositionInformation),
the driver issues a QUERY_DIRECTORY irp (as shown in the source
below) to know if there are any control files that need to be removed
in order for the original SET_INFORMATON irp call to succeed.

This driver worked fine for Windows NT, Windows 2000 and Windows XP up
until KB885250. With this hotfix it no longer works with directories
on SMB shares. The call shown in the source below now returns
STATUS_INVALID_NETWORK_RESPONSE.

I did some network snooping and found that XP sends the directory
listing request to the SMB server, receives a normal response
(usually listing “.” and “…”), and then returns
STATUS_INVALID_NETWORK_RESPONSE.
If I instead specify a filename that doesn’t exist, the SMB server
returns an error response and Status will be set to STATUS_NO_SUCH_FILE,
as expected.
I have tried Win2000 and Samba SMB servers.

Uninstalling KB885250 is not a option. It cannot easily be removed
once automatically installed and customers cannot be convinced to
uninstall it even if it was possible to do so.

I need some ideas on how to proceed. I have tried different values
instead of FileBothDirectoryInformation, but the result is always the
same.

Thanks.

RtlInitUnicodeString(&String, FileName); /* Always “*” */
RtlZeroMemory(Buffer, Length);

irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (!irp)
return STATUS_INSUFFICIENT_RESOURCES;

irp->MdlAddress = NULL;
irp->UserBuffer = Buffer;
irp->AssociatedIrp.SystemBuffer = NULL;
irp->UserEvent = &event;
irp->UserIosb = &IoStatusBlock;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->RequestorMode = KernelMode;

KeInitializeEvent(&event, SynchronizationEvent, FALSE);

ioStackLocation = IoGetNextIrpStackLocation(irp);
ioStackLocation->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
ioStackLocation->MinorFunction = IRP_MN_QUERY_DIRECTORY;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;

ioStackLocation->Parameters.Others.Argument1 = (PVOID)Length;
ioStackLocation->Parameters.Others.Argument2 = (PVOID)&String;
ioStackLocation->Parameters.Others.Argument3 =
(PVOID)FileBothDirectoryInformation;
ioStackLocation->Parameters.Others.Argument4 = (PVOID)0;

IoSetCompletionRoutine(irp, MyIoCompletion, 0, TRUE, TRUE, TRUE);

Status = IoCallDriver(DeviceObject, irp);

KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);