Re : Strange Problem with sizeof operator betwen kernel and user mode

Hi,
I have a strange problem with the use of ‘sizeof’. I have defined a
BOOT_SECTOR structure (512 bytes that represent the boot sector of my
virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector structure which
is 512 bytes.
When I use the same code in user mode code I got 520 bytes for the size of
this same structure!!! This cause my user mode code to not function
properly. I have got the same problem when using sizeof operator with other
structures i defined.
I doesn’t understand this difference with the sizeof operator betwen kernel
and user mode.
Does someone have some idea about this problem ?

Thanks,

Ibnou T.

Sounds like a structure packing issue.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of ibnou toure
Sent: Monday, December 17, 2007 12:54 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Strange Problem with sizeof operator betwen kernel and user
mode

Hi,
I have a strange problem with the use of ‘sizeof’. I have defined a
BOOT_SECTOR structure (512 bytes that represent the boot sector of my
virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector structure which
is 512 bytes.
When I use the same code in user mode code I got 520 bytes for the size of
this same structure!!! This cause my user mode code to not function
properly. I have got the same problem
I doesn’t understand this difference with the sizeof operator betwen kernel
and user mode.
Does someone have some idea about this problem ?

Thanks,

Ibnou T.

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

This has nothing to do with the sizeof() operator; you’ve either used
different packing somewhere along the way, either in the form of a
#pragma pack() or the -Zp command line option, or you have used system
types that have different sizes in user mode and kernel mode. As far as
the latter, I don’t know you used in the way of types, and I kind of
doubt that this is the problem anyway, but make sure you know the size
of a type your using in both modes. As far as the former, what I think
the problem is, based on that you are asking this question, I’m guessing
that you haven’t used either -Zp or #pragma pack explicitly, so it’s
probably burred in header files somewhere. I would use #pragma pack(1),
which is what you want in both cases, or preferably, in my opinion, just
manually align the structure with padded members to be 512 bytes, so
that it works anywhere, with any compiler.

Good luck,

mm

ibnou toure wrote:

Hi,
I have a strange problem with the use of ‘sizeof’. I have defined a
BOOT_SECTOR structure (512 bytes that represent the boot sector of my
virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector structure
> which is 512 bytes.
> When I use the same code in user mode code I got 520 bytes for the size
> of this same structure!!! This cause my user mode code to not function
> properly. I have got the same problem when using sizeof operator with
> other structures i defined.
> I doesn’t understand this difference with the sizeof operator betwen
> kernel and user mode.
> Does someone have some idea about this problem ?
>
> Thanks,
>
> Ibnou T.

#pragma pack

or

compiler switch /Zp

Not the same in both?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ibnou toure
Sent: Monday, December 17, 2007 12:57 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re : Strange Problem with sizeof operator
betwen kernel and user mode

Hi,
I have a strange problem with the use of ‘sizeof’. I have
defined a BOOT_SECTOR structure (512 bytes that represent the boot
sector of my virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector structure
which is 512 bytes.
When I use the same code in user mode code I got 520 bytes for
the size of this same structure!!! This cause my user mode code to not
function properly. I have got the same problem when using sizeof
operator with other structures i defined.
I doesn’t understand this difference with the sizeof operator
betwen kernel and user mode.
Does someone have some idea about this problem ?

Thanks,

Ibnou T.
— NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging and other seminars visit: http://www.osr.com/seminars To
unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

ibnou toure wrote:

I have a strange problem with the use of ‘sizeof’. I have defined a
BOOT_SECTOR structure (512 bytes that represent the boot sector of my
virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector structure
> which is 512 bytes.
> When I use the same code in user mode code I got 520 bytes for the
> size of this same structure!!! This cause my user mode code to not
> function properly. I have got the same problem when using sizeof
> operator with other structures i defined.
> I doesn’t understand this difference with the sizeof operator betwen
> kernel and user mode.
> Does someone have some idea about this problem ?

You are probably have different pack settings in the two environments.

The C standard permits a compiler to insert padding in a structure to
make sure the members line up on “natural” boundaries for their type,
where the natural alignment is the size of the variable. This is
because it is more efficient to fetch a 4-byte variable from an address
that is 4-byte aligned. So, in this case:

struct {
char x1;
char x2;
int x3;
};

“x3” would ordinarily start at byte offset 2, but because it has a
natural alignment of 4, the compiler will insert two bytes of padding to
force that.

The Microsoft’s compilers have a setting that tells it the minimum level
of alignment that it should enforce. For 1-byte alignment, it does no
padding. For 2-byte alignment, it will insert up to 1 byte of padding.
4-byte alignment is the default, but you can override it with a pragma:

#pragma pack( 1 )
struct {
char x1;
char x2;
int x3;
};
#pragma pack(pop)

Or, for maximum compatibility:

#include <pshpack1.h>
struct {
char x1;
char x2;
int x3;
};
#include <poppack.h>

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</poppack.h></pshpack1.h>

There is NO difference between kernel and user mode in how sizeof() works.

Suggest you read up on fundamentals such as structure packing and
default alignment assumed by a compiler. Also try reading up on
#pragma pack().

At 05:57 PM 12/17/2007, ibnou toure wrote:

Hi,
I have a strange problem with the use of ‘sizeof’. I have defined a
BOOT_SECTOR structure (512 bytes that represent the boot sector of
my virtual disk), and somewhere in my kernel driver code
<> give me the size of the boot sector
>structure which is 512 bytes.
>When I use the same code in user mode code I got 520 bytes for the
>size of this same structure!!! This cause my user mode code to not
>function properly. I have got the same problem when using sizeof
>operator with other structures i defined.
>I doesn’t understand this difference with the sizeof operator betwen
>kernel and user mode.
>Does someone have some idea about this problem ?
>
>Thanks,
>
>Ibnou T.

I’m not sure that i understand what you mean by “manually align the
structure with padded members to be 512 bytes”, can you explain?. When I add
the size of each member of the structure I got 512 bytes (in kernel or in
user mode), but the size of the whole structure is 520 in user mode.
I’ll try #pragma pack(1) to see the results.

Thanks

Ibnou T.

2007/12/17, Martin O’Brien :
>
> This has nothing to do with the sizeof() operator; you’ve either used
> different packing somewhere along the way, either in the form of a
> #pragma pack() or the -Zp command line option, or you have used system
> types that have different sizes in user mode and kernel mode. As far as
> the latter, I don’t know you used in the way of types, and I kind of
> doubt that this is the problem anyway, but make sure you know the size
> of a type your using in both modes. As far as the former, what I think
> the problem is, based on that you are asking this question, I’m guessing
> that you haven’t used either -Zp or #pragma pack explicitly, so it’s
> probably burred in header files somewhere. I would use #pragma pack(1),
> which is what you want in both cases, or preferably, in my opinion, just
> manually align the structure with padded members to be 512 bytes, so
> that it works anywhere, with any compiler.
>
> Good luck,
>
> mm
>
> ibnou toure wrote:
> > Hi,
> > I have a strange problem with the use of ‘sizeof’. I have defined a
> > BOOT_SECTOR structure (512 bytes that represent the boot sector of my
> > virtual disk), and somewhere in my kernel driver code
> > <> give me the size of the boot sector structure
> > which is 512 bytes.
> > When I use the same code in user mode code I got 520 bytes for the size
> > of this same structure!!! This cause my user mode code to not function
> > properly. I have got the same problem when using sizeof operator with
> > other structures i defined.
> > I doesn’t understand this difference with the sizeof operator betwen
> > kernel and user mode.
> > Does someone have some idea about this problem ?
> >
> > Thanks,
> >
> > Ibnou T.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Thanks Martin, I understand what you mean by searching on MSDN!!!

Ibnou T.

2007/12/17, ibnou toure :
>
> I’m not sure that i understand what you mean by “manually align the
> structure with padded members to be 512 bytes”, can you explain?. When I add
> the size of each member of the structure I got 512 bytes (in kernel or in
> user mode), but the size of the whole structure is 520 in user mode.
> I’ll try #pragma pack(1) to see the results.
>
> Thanks
>
> Ibnou T.
>
> 2007/12/17, Martin O’Brien :
> >
> > This has nothing to do with the sizeof() operator; you’ve either used
> > different packing somewhere along the way, either in the form of a
> > #pragma pack() or the -Zp command line option, or you have used system
> > types that have different sizes in user mode and kernel mode. As far as
> > the latter, I don’t know you used in the way of types, and I kind of
> > doubt that this is the problem anyway, but make sure you know the size
> > of a type your using in both modes. As far as the former, what I think
> > the problem is, based on that you are asking this question, I’m guessing
> >
> > that you haven’t used either -Zp or #pragma pack explicitly, so it’s
> > probably burred in header files somewhere. I would use #pragma pack(1),
> > which is what you want in both cases, or preferably, in my opinion, just
> >
> > manually align the structure with padded members to be 512 bytes, so
> > that it works anywhere, with any compiler.
> >
> > Good luck,
> >
> > mm
> >
> > ibnou toure wrote:
> > > Hi,
> > > I have a strange problem with the use of ‘sizeof’. I have defined a
> > > BOOT_SECTOR structure (512 bytes that represent the boot sector of my
> > > virtual disk), and somewhere in my kernel driver code
> > > <> give me the size of the boot sector structure
> > > which is 512 bytes.
> > > When I use the same code in user mode code I got 520 bytes for the
> > size
> > > of this same structure!!! This cause my user mode code to not function
> > > properly. I have got the same problem when using sizeof operator with
> > > other structures i defined.
> > > I doesn’t understand this difference with the sizeof operator betwen
> > > kernel and user mode.
> > > Does someone have some idea about this problem ?
> > >
> > > Thanks,
> > >
> > > Ibnou T.
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
>
>

Very good!!! It’s more clear, thanks. But juste one question, I read on msdn
that using packing required the use of keyword “__unaligned” with the
pointer on the structure for avoiding alignment faults. Is this mandatory ?

Ibnou T.

2007/12/17, Tim Roberts :
>
> ibnou toure wrote:
> >
> > I have a strange problem with the use of ‘sizeof’. I have defined a
> > BOOT_SECTOR structure (512 bytes that represent the boot sector of my
> > virtual disk), and somewhere in my kernel driver code
> > <> give me the size of the boot sector structure
> > which is 512 bytes.
> > When I use the same code in user mode code I got 520 bytes for the
> > size of this same structure!!! This cause my user mode code to not
> > function properly. I have got the same problem when using sizeof
> > operator with other structures i defined.
> > I doesn’t understand this difference with the sizeof operator betwen
> > kernel and user mode.
> > Does someone have some idea about this problem ?
>
> You are probably have different pack settings in the two environments.
>
> The C standard permits a compiler to insert padding in a structure to
> make sure the members line up on “natural” boundaries for their type,
> where the natural alignment is the size of the variable. This is
> because it is more efficient to fetch a 4-byte variable from an address
> that is 4-byte aligned. So, in this case:
>
> struct {
> char x1;
> char x2;
> int x3;
> };
>
> “x3” would ordinarily start at byte offset 2, but because it has a
> natural alignment of 4, the compiler will insert two bytes of padding to
> force that.
>
> The Microsoft’s compilers have a setting that tells it the minimum level
> of alignment that it should enforce. For 1-byte alignment, it does no
> padding. For 2-byte alignment, it will insert up to 1 byte of padding.
> 4-byte alignment is the default, but you can override it with a pragma:
>
> #pragma pack( 1 )
> struct {
> char x1;
> char x2;
> int x3;
> };
> #pragma pack(pop)
>
> Or, for maximum compatibility:
>
> #include <pshpack1.h>
> struct {
> char x1;
> char x2;
> int x3;
> };
> #include <poppack.h>
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></poppack.h></pshpack1.h>

ibnou toure wrote:

Very good!!! It’s more clear, thanks. But juste one question, I read
on msdn that using packing required the use of keyword “__unaligned”
with the pointer on the structure for avoiding alignment faults. Is
this mandatory ?

That’s only true if you need to pass around a pointer to the fields
inside the structure. Plus, if your target is machines where XP and
Vista run, then it isn’t an issue.

If you eventually need to worry about the mobile systems, like CE, then
you might have to think about this.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

One quick way to see the discrepancy is to use the ‘dt’ command and dump the structure’s definition in your binary’s symbols. You don’t even have to execute your app or load your driver, you can use the -z command line flag to windbg to load your sys/exe as a dump file. At that point ‘dt’ will work just fine, I blogged about it as well http://blogs.msdn.com/doronh/archive/2006/03/10/549036.aspx

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Monday, December 17, 2007 12:32 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re : Strange Problem with sizeof operator betwen kernel and user mode

ibnou toure wrote:

Very good!!! It’s more clear, thanks. But juste one question, I read
on msdn that using packing required the use of keyword “__unaligned”
with the pointer on the structure for avoiding alignment faults. Is
this mandatory ?

That’s only true if you need to pass around a pointer to the fields
inside the structure. Plus, if your target is machines where XP and
Vista run, then it isn’t an issue.

If you eventually need to worry about the mobile systems, like CE, then
you might have to think about this.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Thanks to all.

Ib. T.

---------- Forwarded message ----------
From: Doron Holan
Date: 17 d?c. 2007 20:47
Subject: RE: [ntdev] Re : Strange Problem with sizeof operator betwen kernel
and user mode
To: Windows System Software Devs Interest List

One quick way to see the discrepancy is to use the ‘dt’ command and dump the
structure’s definition in your binary’s symbols. You don’t even have to
execute your app or load your driver, you can use the -z command line flag
to windbg to load your sys/exe as a dump file. At that point ‘dt’ will work
just fine, I blogged about it as well
http://blogs.msdn.com/doronh/archive/2006/03/10/549036.aspx

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:
xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Monday, December 17, 2007 12:32 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re : Strange Problem with sizeof operator betwen kernel
and user mode

ibnou toure wrote:
> Very good!!! It’s more clear, thanks. But juste one question, I read
> on msdn that using packing required the use of keyword “__unaligned”
> with the pointer on the structure for avoiding alignment faults. Is
> this mandatory ?

That’s only true if you need to pass around a pointer to the fields
inside the structure. Plus, if your target is machines where XP and
Vista run, then it isn’t an issue.

If you eventually need to worry about the mobile systems, like CE, then
you might have to think about this.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I would surely use #pragma pack(1) and #pragma pack() around any structure
definition where the layout is given by the external requirements. Boot sector
is such.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

“ibnou toure” wrote in message news:xxxxx@ntdev…
> Hi,
> I have a strange problem with the use of ‘sizeof’. I have defined a
> BOOT_SECTOR structure (512 bytes that represent the boot sector of my
> virtual disk), and somewhere in my kernel driver code
> <> give me the size of the boot sector structure which
> is 512 bytes.
> When I use the same code in user mode code I got 520 bytes for the size of
> this same structure!!! This cause my user mode code to not function
> properly. I have got the same problem
> I doesn’t understand this difference with the sizeof operator betwen kernel
> and user mode.
> Does someone have some idea about this problem ?
>
> Thanks,
>
> Ibnou T.
>

On IA64, yes.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

“ibnou toure” wrote in message news:xxxxx@ntdev…
> Very good!!! It’s more clear, thanks. But juste one question, I read on msdn
> that using packing required the use of keyword “__unaligned” with the
> pointer on the structure for avoiding alignment faults. Is this mandatory ?
>
> Ibnou T.
>
>
>
> 2007/12/17, Tim Roberts :
> >
> > ibnou toure wrote:
> > >
> > > I have a strange problem with the use of ‘sizeof’. I have defined a
> > > BOOT_SECTOR structure (512 bytes that represent the boot sector of my
> > > virtual disk), and somewhere in my kernel driver code
> > > <> give me the size of the boot sector structure
> > > which is 512 bytes.
> > > When I use the same code in user mode code I got 520 bytes for the
> > > size of this same structure!!! This cause my user mode code to not
> > > function properly. I have got the same problem when using sizeof
> > > operator with other structures i defined.
> > > I doesn’t understand this difference with the sizeof operator betwen
> > > kernel and user mode.
> > > Does someone have some idea about this problem ?
> >
> > You are probably have different pack settings in the two environments.
> >
> > The C standard permits a compiler to insert padding in a structure to
> > make sure the members line up on “natural” boundaries for their type,
> > where the natural alignment is the size of the variable. This is
> > because it is more efficient to fetch a 4-byte variable from an address
> > that is 4-byte aligned. So, in this case:
> >
> > struct {
> > char x1;
> > char x2;
> > int x3;
> > };
> >
> > “x3” would ordinarily start at byte offset 2, but because it has a
> > natural alignment of 4, the compiler will insert two bytes of padding to
> > force that.
> >
> > The Microsoft’s compilers have a setting that tells it the minimum level
> > of alignment that it should enforce. For 1-byte alignment, it does no
> > padding. For 2-byte alignment, it will insert up to 1 byte of padding.
> > 4-byte alignment is the default, but you can override it with a pragma:
> >
> > #pragma pack( 1 )
> > struct {
> > char x1;
> > char x2;
> > int x3;
> > };
> > #pragma pack(pop)
> >
> > Or, for maximum compatibility:
> >
> > #include <pshpack1.h>
> > struct {
> > char x1;
> > char x2;
> > int x3;
> > };
> > #include <poppack.h>
> >
> > –
> > Tim Roberts, xxxxx@probo.com
> > Providenza & Boekelheide, Inc.
> >
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
></poppack.h></pshpack1.h>