Question in Sending Irp to Device Redirector

Hello All!
My system thread build Irp IRP_MJ_READ and send it to
Redirector. UserBuffer and SystemBuffer of the Irp point
to buffer allocated from NonPaged pool.MdlAddress set to
NULL. After the system thread called IoCallDriver and send
the irp to Redirector, Exception IRQL_NOT_LESS_OR_EQUAL
raises.

Need your help. Thank you!

Another question is IRQL at which the system thread runs.
it runs at DISPATCH_LEVEL or Higher level. How to minish
the Irql?

here is the information from analysis of Crash dump.

Microsoft (R) Windows Debugger Version 6.0.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\WINNT\MEMORY.DMP]
Kernel Dump File: Full address space is available

Symbol search path is: d:\winnt\symbols
Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 2) UP Free
x86 compatible
Product: Server
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046ccf0
Debug session time: Thu Jun 05 02:09:13 2003
System Uptime: 0 days 1:53:18.540
Loading Kernel Symbols
............................................................
...........................................
Loading unloaded module list
.............
Loading User Symbols
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

Use !analyze -v to get detailed debugging information.

BugCheck A, {e3ba4040, a7, 0, 8043700b}

Probably caused by : mrxsmb.sys ( mrxsmb!
__SmbPseCreateOrdinaryExchange+209 )

Followup: MachineOwner

kd> !analyze -v
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely
invalid) address at an
interrupt request level (IRQL) that is too high. This is
usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: e3ba4040, memory referenced
Arg2: 000000a7, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write
operation
Arg4: 8043700b, address which referenced memory

Debugging Details:

READ_ADDRESS: e3ba4040 Paged pool

CURRENT_IRQL: a7

FAULTING_IP:
nt!MmProbeAndLockPages+485
8043700b 8a11 mov dl,[ecx]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

TRAP_FRAME: ed1dd804 -- (.trap ffffffffed1dd804)
ErrCode = 00000000
eax=00000001 ebx=0000000f ecx=e3ba4040 edx=ff476e48
esi=81ec84c0 edi=ff476e2c
eip=8043700b esp=ed1dd878 ebp=ed1dd910 iopl=0 nv
up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010286
nt!MmProbeAndLockPages+485:
8043700b 8a11 mov dl,[ecx]
ds:0023:e3ba4040=??
Resetting default context

LAST_CONTROL_TRANSFER: from ed8bb07c to 8043700b

STACK_TEXT:
ed1dd910 ed8bb07c ff476e2c 00000000 00000002 nt!
MmProbeAndLockPages+0x485
ed1dd974 ed8bbe24 ff25d008 ff7948a8 0000000e mrxsmb!
__SmbPseCreateOrdinaryExchange+0x209
ed1dd9ac ed90dcf7 ff25d008 fe1b1b48 ff25d008 mrxsmb!
MRxSmbRead+0x8f
ed1dd9cc ed90e3a3 ed8a7c20 ed90e3f5 ff25d008 rdbss!
RxLowIoSubmit+0x1a3
ed1dd9dc ed90e7f1 ff25d008 fe1b1b48 ff25d008 rdbss!
RxLowIoReadShell+0x2e
fe1b1b48 fe0ff808 00000010 ff34f308 fe1b1b58 rdbss!
RxCommonRead+0x6b6
WARNING: Frame IP not in any known module. Following
frames may be wrong.
00b80006 00000000 00000000 00000000 00000000 0xfe0ff808

FOLLOWUP_IP:
mrxsmb!__SmbPseCreateOrdinaryExchange+209
ed8bb07c 834dfcff or dword ptr [ebp-
0x4],0xffffffff

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mrxsmb!__SmbPseCreateOrdinaryExchange+209

MODULE_NAME: mrxsmb

IMAGE_NAME: mrxsmb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3a6407b5

STACK_COMMAND: .trap ffffffffed1dd804 ; kb

BUCKET_ID: 0xA_mrxsmb!__SmbPseCreateOrdinaryExchange+209

Followup: MachineOwner

.

System threads (i.e. system worker threads or system threads created by
your driver) run at PASSIVE_LEVEL (unless you raise it of course). Also,
you do not need to set SystemBuffer, only UserBuffer (although this by
itself should not cause the crash). Can you show us how you’re
constructing the IRP?

• Nick Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Wei L
Sent: Wednesday, June 04, 2003 9:20 PM
To: File Systems Developers
Subject: [ntfsd] Question in Sending Irp to Device Redirector

Hello All!
My system thread build Irp IRP_MJ_READ and send it to
Redirector. UserBuffer and SystemBuffer of the Irp point
to buffer allocated from NonPaged pool.MdlAddress set to
NULL. After the system thread called IoCallDriver and send
the irp to Redirector, Exception IRQL_NOT_LESS_OR_EQUAL
raises.

Need your help. Thank you!

Another question is IRQL at which the system thread runs.
it runs at DISPATCH_LEVEL or Higher level. How to minish
the Irql?

here is the information from analysis of Crash dump.

Microsoft (R) Windows Debugger Version 6.0.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\WINNT\MEMORY.DMP]
Kernel Dump File: Full address space is available

Symbol search path is: d:\winnt\symbols
Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 2) UP Free
x86 compatible
Product: Server
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046ccf0
Debug session time: Thu Jun 05 02:09:13 2003
System Uptime: 0 days 1:53:18.540
Loading Kernel Symbols
…
…
Loading unloaded module list
…
Loading User Symbols
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

Use !analyze -v to get detailed debugging information.

BugCheck A, {e3ba4040, a7, 0, 8043700b}

Probably caused by : mrxsmb.sys ( mrxsmb!
__SmbPseCreateOrdinaryExchange+209 )

Followup: MachineOwner

kd> !analyze -v
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely
invalid) address at an
interrupt request level (IRQL) that is too high. This is
usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: e3ba4040, memory referenced
Arg2: 000000a7, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write
operation
Arg4: 8043700b, address which referenced memory

Debugging Details:

READ_ADDRESS: e3ba4040 Paged pool

CURRENT_IRQL: a7

FAULTING_IP:
nt!MmProbeAndLockPages+485
8043700b 8a11 mov dl,[ecx]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

TRAP_FRAME: ed1dd804 – (.trap ffffffffed1dd804)
ErrCode = 00000000
eax=00000001 ebx=0000000f ecx=e3ba4040 edx=ff476e48
esi=81ec84c0 edi=ff476e2c
eip=8043700b esp=ed1dd878 ebp=ed1dd910 iopl=0 nv
up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010286
nt!MmProbeAndLockPages+485:
8043700b 8a11 mov dl,[ecx]
ds:0023:e3ba4040=??
Resetting default context

LAST_CONTROL_TRANSFER: from ed8bb07c to 8043700b

STACK_TEXT:
ed1dd910 ed8bb07c ff476e2c 00000000 00000002 nt!
MmProbeAndLockPages+0x485
ed1dd974 ed8bbe24 ff25d008 ff7948a8 0000000e mrxsmb!
__SmbPseCreateOrdinaryExchange+0x209
ed1dd9ac ed90dcf7 ff25d008 fe1b1b48 ff25d008 mrxsmb!
MRxSmbRead+0x8f
ed1dd9cc ed90e3a3 ed8a7c20 ed90e3f5 ff25d008 rdbss!
RxLowIoSubmit+0x1a3
ed1dd9dc ed90e7f1 ff25d008 fe1b1b48 ff25d008 rdbss!
RxLowIoReadShell+0x2e
fe1b1b48 fe0ff808 00000010 ff34f308 fe1b1b58 rdbss!
RxCommonRead+0x6b6
WARNING: Frame IP not in any known module. Following
frames may be wrong.
00b80006 00000000 00000000 00000000 00000000 0xfe0ff808

FOLLOWUP_IP:
mrxsmb!__SmbPseCreateOrdinaryExchange+209
ed8bb07c 834dfcff or dword ptr [ebp-
0x4],0xffffffff

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mrxsmb!__SmbPseCreateOrdinaryExchange+209

MODULE_NAME: mrxsmb

IMAGE_NAME: mrxsmb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3a6407b5

STACK_COMMAND: .trap ffffffffed1dd804 ; kb

BUCKET_ID: 0xA_mrxsmb!__SmbPseCreateOrdinaryExchange+209

Followup: MachineOwner

.

---

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

At which IRQL are you calling IoCallDriver? Dump the IRQL value by
calling KeGetCurrentIrql()?

In debugger if you are using softice you can do “? IRQL”. In windbg do
!pcr and see the IRQL value.

-Srin.

-----Original Message-----
From: Wei L [mailto:xxxxx@21cn.com]
Sent: Wednesday, June 04, 2003 9:20 PM
To: File Systems Developers
Subject: [ntfsd] Question in Sending Irp to Device Redirector

Hello All!
My system thread build Irp IRP_MJ_READ and send it to
Redirector. UserBuffer and SystemBuffer of the Irp point
to buffer allocated from NonPaged pool.MdlAddress set to
NULL. After the system thread called IoCallDriver and send
the irp to Redirector, Exception IRQL_NOT_LESS_OR_EQUAL
raises.

Need your help. Thank you!

Another question is IRQL at which the system thread runs.
it runs at DISPATCH_LEVEL or Higher level. How to minish
the Irql?

here is the information from analysis of Crash dump.

Microsoft (R) Windows Debugger Version 6.0.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\WINNT\MEMORY.DMP]
Kernel Dump File: Full address space is available

Symbol search path is: d:\winnt\symbols
Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 2) UP Free
x86 compatible
Product: Server
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046ccf0
Debug session time: Thu Jun 05 02:09:13 2003
System Uptime: 0 days 1:53:18.540
Loading Kernel Symbols
…
…
Loading unloaded module list
…
Loading User Symbols
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

Use !analyze -v to get detailed debugging information.

BugCheck A, {e3ba4040, a7, 0, 8043700b}

Probably caused by : mrxsmb.sys ( mrxsmb!
__SmbPseCreateOrdinaryExchange+209 )

Followup: MachineOwner

kd> !analyze -v
***********************************************************
********************
*
*
* Bugcheck
Analysis *
*
*
***********************************************************
********************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely
invalid) address at an
interrupt request level (IRQL) that is too high. This is
usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: e3ba4040, memory referenced
Arg2: 000000a7, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write
operation
Arg4: 8043700b, address which referenced memory

Debugging Details:

READ_ADDRESS: e3ba4040 Paged pool

CURRENT_IRQL: a7

FAULTING_IP:
nt!MmProbeAndLockPages+485
8043700b 8a11 mov dl,[ecx]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

TRAP_FRAME: ed1dd804 – (.trap ffffffffed1dd804)
ErrCode = 00000000
eax=00000001 ebx=0000000f ecx=e3ba4040 edx=ff476e48
esi=81ec84c0 edi=ff476e2c
eip=8043700b esp=ed1dd878 ebp=ed1dd910 iopl=0 nv
up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010286
nt!MmProbeAndLockPages+485:
8043700b 8a11 mov dl,[ecx]
ds:0023:e3ba4040=??
Resetting default context

LAST_CONTROL_TRANSFER: from ed8bb07c to 8043700b

STACK_TEXT:
ed1dd910 ed8bb07c ff476e2c 00000000 00000002 nt!
MmProbeAndLockPages+0x485
ed1dd974 ed8bbe24 ff25d008 ff7948a8 0000000e mrxsmb!
__SmbPseCreateOrdinaryExchange+0x209
ed1dd9ac ed90dcf7 ff25d008 fe1b1b48 ff25d008 mrxsmb!
MRxSmbRead+0x8f
ed1dd9cc ed90e3a3 ed8a7c20 ed90e3f5 ff25d008 rdbss!
RxLowIoSubmit+0x1a3
ed1dd9dc ed90e7f1 ff25d008 fe1b1b48 ff25d008 rdbss!
RxLowIoReadShell+0x2e
fe1b1b48 fe0ff808 00000010 ff34f308 fe1b1b58 rdbss!
RxCommonRead+0x6b6
WARNING: Frame IP not in any known module. Following
frames may be wrong.
00b80006 00000000 00000000 00000000 00000000 0xfe0ff808

FOLLOWUP_IP:
mrxsmb!__SmbPseCreateOrdinaryExchange+209
ed8bb07c 834dfcff or dword ptr [ebp-
0x4],0xffffffff

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mrxsmb!__SmbPseCreateOrdinaryExchange+209

MODULE_NAME: mrxsmb

IMAGE_NAME: mrxsmb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3a6407b5

STACK_COMMAND: .trap ffffffffed1dd804 ; kb

BUCKET_ID: 0xA_mrxsmb!__SmbPseCreateOrdinaryExchange+209

Followup: MachineOwner

.

---

You are currently subscribed to ntfsd as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Here it is:

if( !( pIrp = IoAllocateIrp( pDeviceObject->StackSize, FALSE ) ) )
//pDeviceObject points to Device Ojbect Redirector
{
return STATUS_UNSUCCESSFUL;
}

KeInitializeEvent( &Event, SynchronizationEvent, FALSE );

pIrp->UserIosb = &IoStatusBlock;
pIrp->UserEvent = &Event;
pIrp->Flags = IRP_BUFFERED_IO;
pIrp->AssociatedIrp.SystemBuffer = NULL;
pIrp->MdlAddress = NULL;
pIrp->UserBuffer = pvFileLog; // pvFileLog points to buffer allocated
from NonPaged pool
pIrp->Tail.Overlay.Thread = PsGetCurrentThread();
pIrp->RequestorMode = KernelMode;
pIrp->Tail.Overlay.OriginalFileObject = pFileObject;
// pFileObject->CurrentByteOffset.QuadPart = 0;

pNextIrpStack = IoGetNextIrpStackLocation( pIrp );

pNextIrpStack->MajorFunction = IRP_MJ_READ;
pNextIrpStack->FileObject = pFileObject;
pNextIrpStack->DeviceObject = pDeviceObject;
pNextIrpStack->Parameters.Read.ByteOffset.LowPart = ContentIndex - 1;
pNextIrpStack->Parameters.Read.Key = 0;
pNextIrpStack->Parameters.Read.Length = ByteCountToRead;

IoSetCompletionRoutine( pIrp, FileLogIrpCompletionRoutine, NULL, TRUE,
TRUE, TRUE );

#ifdef DEBUG
DbgPrint( “RedirectorHook: ReadFileAhead: Call driver\n” );
#endif

IoCallDriver( pDeviceObject, pIrp );

KeWaitForSingleObject( &Event, Executive, KernelMode, TRUE, 0 );

#ifdef DEBUG
DbgPrint( “RedirectorHook: Done!\n” );
#endif

KeClearEvent( &Event );

i can’t get irql at which my system thread call to IoCallDriver. i will
try to trace execution of my driver later.

thanks

i get following message from WinDebuger:

GetContextState failed 0x80004005
Unable to read irql for Processor 0

The code looks fine to me, except that you’re setting
pNextIrpStack->Parameters.Read.ByteOffset.LowPart but not
pNextIrpStack->Parameters.Read.ByteOffset.HighPart. You should make sure
HighPart is 0. Again, I doubt this is the cause of the crash.
Double-check the IRQL with KeGetCurrentIrql before you send down the
IRP, and tell us if it isn’t passive level.

• Nick Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Wei L
Sent: Wednesday, June 04, 2003 10:15 PM
To: File Systems Developers
Subject: [ntfsd] RE: Question in Sending Irp to Device Redirector

Here it is:

if( !( pIrp = IoAllocateIrp( pDeviceObject->StackSize,
FALSE ) ) )
//pDeviceObject points to Device Ojbect Redirector
{
return STATUS_UNSUCCESSFUL;
}

KeInitializeEvent( &Event, SynchronizationEvent, FALSE );

pIrp->UserIosb = &IoStatusBlock;
pIrp->UserEvent = &Event;
pIrp->Flags = IRP_BUFFERED_IO;
pIrp->AssociatedIrp.SystemBuffer = NULL;
pIrp->MdlAddress = NULL;
pIrp->UserBuffer = pvFileLog; // pvFileLog points
to buffer allocated
from NonPaged pool
pIrp->Tail.Overlay.Thread = PsGetCurrentThread();
pIrp->RequestorMode = KernelMode;
pIrp->Tail.Overlay.OriginalFileObject = pFileObject;
// pFileObject->CurrentByteOffset.QuadPart = 0;

pNextIrpStack = IoGetNextIrpStackLocation( pIrp );

pNextIrpStack->MajorFunction = IRP_MJ_READ;
pNextIrpStack->FileObject = pFileObject;
pNextIrpStack->DeviceObject = pDeviceObject;
pNextIrpStack->Parameters.Read.ByteOffset.LowPart =
ContentIndex - 1;
pNextIrpStack->Parameters.Read.Key = 0;
pNextIrpStack->Parameters.Read.Length = ByteCountToRead;

IoSetCompletionRoutine( pIrp,
FileLogIrpCompletionRoutine, NULL, TRUE, TRUE, TRUE );

#ifdef DEBUG
DbgPrint( “RedirectorHook: ReadFileAhead: Call
driver\n” ); #endif

IoCallDriver( pDeviceObject, pIrp );

KeWaitForSingleObject( &Event, Executive, KernelMode, TRUE, 0 );

#ifdef DEBUG
DbgPrint( “RedirectorHook: Done!\n” );
#endif

KeClearEvent( &Event );

---

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

First, we do not know what IRQL you are being in when this code
executes. If you are above PASSIVE_LEVEL, the KeWaitForSingleObject()
call is a problem.

Secondly, if you have a completion routine, why do you need to wait
after the IoCallDriver()? If this is really what you need, the
completion routine should be some sort of synchronization mechanism and
you must check you IRQL.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Wei L
Sent: Wednesday, June 04, 2003 10:15 PM
To: File Systems Developers
Subject: [ntfsd] RE: Question in Sending Irp to Device Redirector

Here it is:

if( !( pIrp = IoAllocateIrp( pDeviceObject->StackSize, FALSE ) )
)
//pDeviceObject points to Device Ojbect Redirector
{
return STATUS_UNSUCCESSFUL;
}

KeInitializeEvent( &Event, SynchronizationEvent, FALSE );

pIrp->UserIosb = &IoStatusBlock;
pIrp->UserEvent = &Event;
pIrp->Flags = IRP_BUFFERED_IO;
pIrp->AssociatedIrp.SystemBuffer = NULL;
pIrp->MdlAddress = NULL;
pIrp->UserBuffer = pvFileLog; // pvFileLog points to buffer
allocated
from NonPaged pool
pIrp->Tail.Overlay.Thread = PsGetCurrentThread();
pIrp->RequestorMode = KernelMode;
pIrp->Tail.Overlay.OriginalFileObject = pFileObject;
// pFileObject->CurrentByteOffset.QuadPart = 0;

pNextIrpStack = IoGetNextIrpStackLocation( pIrp );

pNextIrpStack->MajorFunction = IRP_MJ_READ;
pNextIrpStack->FileObject = pFileObject;
pNextIrpStack->DeviceObject = pDeviceObject;
pNextIrpStack->Parameters.Read.ByteOffset.LowPart = ContentIndex

• 1;
  pNextIrpStack->Parameters.Read.Key = 0;
  pNextIrpStack->Parameters.Read.Length = ByteCountToRead;

IoSetCompletionRoutine( pIrp, FileLogIrpCompletionRoutine, NULL,
TRUE,
TRUE, TRUE );

#ifdef DEBUG
DbgPrint( “RedirectorHook: ReadFileAhead: Call driver\n” );
#endif

IoCallDriver( pDeviceObject, pIrp );

KeWaitForSingleObject( &Event, Executive, KernelMode, TRUE, 0 );

#ifdef DEBUG
DbgPrint( “RedirectorHook: Done!\n” );
#endif

KeClearEvent( &Event );

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I have set the HighPart to 0. But system always crash .

The system thread is created in DriverEntry routine of my driver. After
creation, the thread executes at PASSIVE_LEVEL.

Once the system thread was created it immediately call
KeWaitForSingleObject to suspend itself and will be resumed by Irp
dispatch routine of my driver ( call KeSetEvent ).Then it runs at Irql =
1f and send the irp!

Only other thing I can think of is that pvFileLog could be a bad buffer.
Since it’s MmProbeAndLockPages that’s barfing, this seems the most
likely possibility. Are you sure it’s at least ‘ByteCountToRead’ bytes
in length?

• Nick Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Wei L
Sent: Wednesday, June 04, 2003 11:25 PM
To: File Systems Developers
Subject: [ntfsd] RE: Question in Sending Irp to Device Redirector

The system thread is created in DriverEntry routine of my
driver. After creation, the thread executes at PASSIVE_LEVEL.

Once the system thread was created it immediately call
KeWaitForSingleObject to suspend itself and will be resumed
by Irp dispatch routine of my driver ( call KeSetEvent ).Then
it runs at Irql = 1f and send the irp!

---

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The network redirector is a very life complicating driver, when it comes to
reading a file.
Whatever I found to work on Windows 2000 didn’t work on XP and vice versa:-)
However, I’ve never come across a bug check.
Make sure the buffer is at least the length you specify.
Also, you specify IRP_BUFFERED_IO, but the SystemBuffer is not valid.

Wei L wrote:

Here it is:

if( !( pIrp = IoAllocateIrp( pDeviceObject->StackSize, FALSE ) ) )
//pDeviceObject points to Device Ojbect Redirector
{
return STATUS_UNSUCCESSFUL;
}

KeInitializeEvent( &Event, SynchronizationEvent, FALSE );

pIrp->UserIosb = &IoStatusBlock;
pIrp->UserEvent = &Event;
pIrp->Flags = IRP_BUFFERED_IO;
pIrp->AssociatedIrp.SystemBuffer = NULL;
pIrp->MdlAddress = NULL;
pIrp->UserBuffer = pvFileLog; // pvFileLog points to buffer allocated
from NonPaged pool
pIrp->Tail.Overlay.Thread = PsGetCurrentThread();
pIrp->RequestorMode = KernelMode;
pIrp->Tail.Overlay.OriginalFileObject = pFileObject;
// pFileObject->CurrentByteOffset.QuadPart = 0;

pNextIrpStack = IoGetNextIrpStackLocation( pIrp );

pNextIrpStack->MajorFunction = IRP_MJ_READ;
pNextIrpStack->FileObject = pFileObject;
pNextIrpStack->DeviceObject = pDeviceObject;
pNextIrpStack->Parameters.Read.ByteOffset.LowPart = ContentIndex - 1;
pNextIrpStack->Parameters.Read.Key = 0;
pNextIrpStack->Parameters.Read.Length = ByteCountToRead;

IoSetCompletionRoutine( pIrp, FileLogIrpCompletionRoutine, NULL, TRUE,
TRUE, TRUE );

#ifdef DEBUG
DbgPrint( “RedirectorHook: ReadFileAhead: Call driver\n” );
#endif

IoCallDriver( pDeviceObject, pIrp );

KeWaitForSingleObject( &Event, Executive, KernelMode, TRUE, 0 );

#ifdef DEBUG
DbgPrint( “RedirectorHook: Done!\n” );
#endif

KeClearEvent( &Event );

---

You are currently subscribed to ntfsd as: xxxxx@alfasp.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Hello.
Who knows it is possible to initiate a process/thread in user mode from kernel mode?

Get your free mail box @ http://www.mail.md

If you mean block and have a user-mode thread do work on your behalf,
yes. Search the ntdev/ntfsd archives at ‘www.osr.com’ for ‘inverted call
model’.

• Nick Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Cornel
Sent: Friday, June 06, 2003 4:00 PM
To: File Systems Developers
Subject: [ntfsd] RE: Question in Sending Irp to Device Redirector

Hello.
Who knows it is possible to initiate a process/thread in user
mode from kernel mode?

---

Get your free mail box @ http://www.mail.md

---

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com