In porting my filter, I modelled the IRP_MJ_READ pre-op’s use of buffers
from the Scanner.c sample. ScannerPreWrite uses the sequence:
buffer = Data->Iopb->Parameters.Write.WriteBuffer;
if (buffer == NULL) {
//
// If no buffer, an MDL might be specified
//
buffer = MmGetSystemAddressForMdlSafe(
Data->Iopb->Parameters.Write.MdlAddress, NormalPagePriority );
}
Now admittedly this sample is for IRP_MJ_WRITE, but changing Write for Read
seemed to be an obvious change. But on memory-mapped files it will crash
when subsequently accessing “buffer”.
I have re-worked my code to be:
if (Data->Iopb->Parameters.Read.MdlAddress != NULL)
{
dataBuffer = MmGetSystemAddressForMdlSafe(
Data->Iopb->Parameters.Read.MdlAddress, NormalPagePriority );
}
else
{
dataBuffer = Data->Iopb->Parameters.Read.ReadBuffer;
}
Giving priority to the MDL makes more sense to me as the address could be in
arbitrary context. Also it has the benefit of not crashing!
Is there a problem with the Scanner.c sample, or is the difference in
behaviour explained by the difference between the Read and Write buffer
handling? Or is it even more subtle than this, with further hidden pitfalls?
And is there a need for clarification in the “FLT_PARAMETERS for
IRP_MJ_READ” documentation?
Brian