RE: When System load KERNEL.dll my create dispatch routine intercept IRP_MJ_CREATE request,but imple

The documentation for UNICODE_STRING suggests, at least to me, that UNICODE_STRING->Buffer may not be NULL terminated. If that is the case then one of your calls to sprintf could be running off into random memory.

I doubt that is what is actually causing the crash for you though, but you never know.

Richard McNally

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Randy Cook
Sent: Friday, 4 February 2005 3:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] When System load KERNEL.dll my create dispatch routine intercept IRP_MJ_CREATE request,but impletments ZwOpenFile function,the system crash.This is why?

Most likely the reason you are crashing is that you
are not handling the reentrancy into your driver that
happens when you call ZwCreateFile. You can look at
the archives of this list for many complete
discussions of this issue. Read the FAQ about shadow
devices and search the archives for
IoCreateFileSpecifyDeviceObjectHint or sometimes
CreateWithHint as Neal refers to it.

Also, unicode strings are not always NULL terminated,
so sprintf’ing them is not safe. Things will appear
to work for a while and then it will blow up at weird
times.

xxxxx@lenovo.com wrote:

I want to printing all filename,when i intercept
IRP_MJ_CREATE request in
my MySfCreate routine.
It’s work well,but when the current file is
KERNEL.DLL the system crash.Who
can tell me this is why?

My MySfCreate routine code is below:

RtlInitUnicodeString( &sourceName, L"KERNEL32.DLL");
// For example
KERNEL.DLL or other system file
sprintf( chSourcePathName, “%ws”,
sourceName.Buffer);

if ( savedFileObject->FileName.Buffer &&
!(savedFileObject->Flags &
FO_DIRECT_DEVICE_OPEN ) )
{
RtlCopyUnicodeString( &name,
&savedFileObject->FileName);
sprintf(chDestPathName, “%ws”, (&name)->Buffer
);
if ( strstr(chDestPathName, chSourcePathName)
!= NULL )
{
sprintf(pszTmp, “sfilter - SfCreate: File
Name: %ws\n”, (&name)
->Buffer );
WriteToLine(pszTmp, strlen(pszTmp)); //
print the current
filename to log file.

}
//
// Print all Creating or Openning filename
//
sprintf(pszTmp, “File Name: %ws\n”,
(&name)->Buffer );
WriteToLine(pszTmp, strlen(pszTmp));
}

WriteToLine use ZwCreateFile,ZwWriteFile function to
Create,Write log file.

When impletment ZwCreateFile,the system crash.

BugCheck code is
UNEXPECTED_HERNEL_MODE_TRAP(0x00000008,
0x00000000,0x00000000,0x00000000)

Who can help me ?

Best Regards

Ken Wang


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as:
xxxxx@yahoo.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@dsto.defence.gov.au
To unsubscribe send a blank email to xxxxx@lists.osr.com