read date when IRP_MJ_CREATE is received

Eric_Chan · March 7, 2002, 10:09pm

When IRP_MJ_CREATE is received, I want to read some more data first before
processing the request by creating an IRP using IoAllocateIrp(), but I got
the status c0000128 STATUS_FILE_CLOSED (An I/O request other than close
and several other special-case oeprations were attempted using a
FileObject that had already been closed. Why do I get such an error?

// Initialize the event
KeInitializeEvent(&event, SynchronizationEvent, FALSE);

// Allocate an irp for this request. This could also come from a
// private pool, for instance.
readIrp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (readIrp == NULL)
{
DbgPrint(“ERROR! IoAllocateIrp fail!\n”);
return FALSE;
}

// Build the IRP’s main body
readIrp->AssociatedIrp.SystemBuffer = NULL;
readIrp->UserEvent = &event;
readIrp->UserIosb = &IoStatusBlock;
readIrp->Tail.Overlay.Thread = PsGetCurrentThread();
readIrp->Tail.Overlay.OriginalFileObject = FileObject;
readIrp->RequestorMode = KernelMode;
readBuf = ExAllocatePool(NonPagedPool, 4096);
readIrp->UserBuffer = readBuf;
readIrp->MdlAddress = NULL;
readIrp->IoStatus.Information = 5; // Read 5 bytes.

// Set up the I/O stack location.
ioStackLocation = IoGetNextIrpStackLocation(readIrp);
ioStackLocation->MajorFunction = IRP_MJ_READ;
ioStackLocation->MinorFunction = 0;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;
ioStackLocation->Parameters.Read.ByteOffset.LowPart = 0;
// ioStackLocation->Parameters.Read.Key
ioStackLocation->Parameters.Read.Length = 4096;

DbgPrint(“IoCallDriver\n”);
// Send it to the FSD
ntStatus = IoCallDriver(DeviceObject, readIrp);

if (ntStatus != 0)
{
DbgPrint(“IoCallDriver - ntStatus=%x\n”, ntStatus);
}

// Wait for the I/O
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);

ExFreePool(readBuf);

Am I missing something?

OSR_Community_User-288 · March 8, 2002, 4:01am

Eric Chan wrote:

When IRP_MJ_CREATE is received, I want to read some more data first before
processing the request by creating an IRP using IoAllocateIrp(), but I got
the status c0000128 STATUS_FILE_CLOSED (An I/O request other than close
and several other special-case oeprations were attempted using a
FileObject that had already been closed. Why do I get such an error?

// Initialize the event
KeInitializeEvent(&event, SynchronizationEvent, FALSE);

// Allocate an irp for this request. This could also come from a
// private pool, for instance.
readIrp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (readIrp == NULL)
{
DbgPrint(“ERROR! IoAllocateIrp fail!\n”);
return FALSE;
}

// Build the IRP’s main body
readIrp->AssociatedIrp.SystemBuffer = NULL;
readIrp->UserEvent = &event;
readIrp->UserIosb = &IoStatusBlock;
readIrp->Tail.Overlay.Thread = PsGetCurrentThread();
readIrp->Tail.Overlay.OriginalFileObject = FileObject;
readIrp->RequestorMode = KernelMode;
readBuf = ExAllocatePool(NonPagedPool, 4096);
readIrp->UserBuffer = readBuf;
readIrp->MdlAddress = NULL;
readIrp->IoStatus.Information = 5; // Read 5 bytes.

// Set up the I/O stack location.
ioStackLocation = IoGetNextIrpStackLocation(readIrp);
ioStackLocation->MajorFunction = IRP_MJ_READ;
ioStackLocation->MinorFunction = 0;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;
ioStackLocation->Parameters.Read.ByteOffset.LowPart = 0;
// ioStackLocation->Parameters.Read.Key
ioStackLocation->Parameters.Read.Length = 4096;

DbgPrint(“IoCallDriver\n”);
// Send it to the FSD
ntStatus = IoCallDriver(DeviceObject, readIrp);

if (ntStatus != 0)
{
DbgPrint(“IoCallDriver - ntStatus=%x\n”, ntStatus);
}

// Wait for the I/O
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);

ExFreePool(readBuf);

Am I missing something?

It’s not clear from the code you’ve posted - but I assume you are
passing the read down in the return path from the create (after your
completion routine has run) when the file has been opened, and not before?

Also where do you get the fileobject you are placing into your new IRP?

Andy

OSR_Community_User · March 8, 2002, 11:51am

Hello!!!

You must open the file before you can read it.

Jamey Kirby
StorageCraft, inc.
xxxxx@storagecraft.com
www.storagecraft.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Eric Chan
Sent: Thursday, March 07, 2002 7:08 PM
To: File Systems Developers
Subject: [ntfsd] read date when IRP_MJ_CREATE is received

When IRP_MJ_CREATE is received, I want to read some more data first
before
processing the request by creating an IRP using IoAllocateIrp(), but I
got
the status c0000128 STATUS_FILE_CLOSED (An I/O request other than close
and several other special-case oeprations were attempted using a
FileObject that had already been closed. Why do I get such an error?