Reading from one file and putting content into another one

Hi there!
I’m learning to programm WDM-Drivers for Windows XP.
I can write into a file, but reading from it is sort of difficult.
I get no error,or bug check but I can’t use the content either.
What am I doing wrong,leave aside, me not checking for a status in my code.
This is in essence what I’m doing.



char content = “This goes into a file”;
PVOID filebuffer;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
PUNICODE_STRING pathname;

InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
status =

ZwCreateFile(&hfile,GENERIC_WRITE|GENERIC_READ,&oa,&iostatus,NULL,0,FILE_SHARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){

ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NULL);
DbgPrint(“Now we’re getting the content”);
filebuffer =
ExAllocatePoolWithTag(PagedPool,80,‘pmet’);

ZwReadFile(hfile,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);

ZwClose(hfile);

RtlInitUnicodeString(&pathname,L"\Device\HardDiskVolume1\test2.txt");

InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
status =

ZwCreateFile(&hfile,GENERIC_WRITE,&oa,&iostatus,NULL,0,FILE_SHARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

DbgPrint(“Buffercontent %s”,&filebuffer);
if(NT_SUCCESS(status)){

ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,(void*)filebuffer,80,NULL,NULL);

//DbgPrint(“The content from the file
%wZ”,filebuffer);
ExFreePoolWithTag(filebuffer,‘pmet’);

}

}

ZwClose(hfile);
DbgPrint(“Closing file”);

The codesnippet is executed in DriverEntry.
Latest WINDDK installed, OS-Windows XP.
Thanks for your help.
Frank


Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

OMG !!
Too many mistakes in your code.
I cannot start by telling you what you do wrong there, but there are some mistakes that are crucial and basic.
What I would STRONGLY suggest is to read the documentation for ZwCreateFile ZwReadFile ZwWriteFile, with remarks section and everything.
I think that first of all you don’t even know exactly where your driver bugchecks, because I don’t think it will even get to the Reading part.
I only read your code once and this is what at a first glance I see its wrong, ofcourse aside you do not check the return status code.
You have this at the begginign of the code

“PUNICODE_STRING pathname; … >InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,N >ULL,NULL);”

Notice you have a POINTER to a unicode string structure and when you use it in the InitializeObjectAttributes you give a reference to the pointer for PUNICODE_STRING structure. And even if you weren’t doing that which is illegal you do not initialize that UNICODE_STRING to anything so you cannot call create file for an unnamed file, or at least I’m sure that’s not your goal.
Why would you use in CreateFile file parameters as CreateDisposition
“FILE_CREATE|FILE_OPEN” just choose one of the two and again READ THE DOCUMENTATION.

ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NULL);
DbgPrint(“Now we’re getting the content”);

After you call ZwWriteFile you have a debug print that says: “Now we’re GETTTING the content” ?
I thought WRITTING is more like SETTING the content, and READING is more like GETTING it. Anyway thought you were a little confused there.

RtlInitUnicodeString(&pathname,L"\Device\HardDiskVolume1\test2.txt");

You again call with the address of the pointer to the UNICODE_STRING structure.
Then you again call ZwCreateFileWith FILE_OPEN and FILE_CREATE

DbgPrint(“Buffercontent %s”,&filebuffer); if(NT_SUCCESS(status))

FileBuffer is PVOID. Do you even know what pointers are ? Why do you always use “&” if the variable is already a pointer ???

I don’t know man… That’s the review I can give you at a first glance, and an advice at a first glance would be for you to learn more about what you are doing and what you want to achieve.
I don’t know how you did in user-mode as a programmer but I don’t think you did very well. I am not sure if you code actually compiles.
Anyway
Good luck.

Google is your friend. OSR Online is you BFF:

http://www.osronline.com/article.cfm?id=91

Peter
OSR

Hi!
Thanks for answering me.
Well, lets say my programmingskills are … limited.
This is more of a funproject for me,exploring the wonders of kernleland,
like alice, but hopefully without spooky rabbits and
kittens ;).
But like most things it kills me not knowing what I’m doing wrong.
The thing with PUNICODE_STRING and then a pointer to the pointer is due
to me not beeing used to a pointer beeing declared like PVOID.
Another thing contributing to the fact is:
When I’m learning something new I tend to do one of 2 things:
1.making small step by step examples and only one testsuit per file.
2.creating a large file and making sections of all different kind of
things all in this file

I did the second thing.
Problem: since I’m not using a CPP-Compiler I can’t declare variables
where I like, so i easily lose track.

I solved my problem(code below),looks like a pointerproblem,or several
to be exact.


#include <ntddk.h>
#include <wdm.h>

NTSTATUS cleanup(IN PDRIVER_OBJECT unload);

NTSTATUS DriverEntry(IN PDRIVER_OBJECT driverobject,
IN PUNICODE_STRING registry){

UNICODE_STRING path1,path2;
IO_STATUS_BLOCK iostatus;
OBJECT_ATTRIBUTES oa1,oa2;
NTSTATUS status;
char content = “Das hier geht in eine datei”;

HANDLE hfile1,hfile2;
PVOID filebuffer;

filebuffer = ExAllocatePoolWithTag(PagedPool,80,‘nuf’);
if(filebuffer != NULL){
DbgPrint(“Filebuffer allocated”);

RtlInitUnicodeString(&path1,L"\??\C:\test001.txt");

RtlInitUnicodeString(&path2,L"\Device\HarddiskVolume1\test002.txt");

driverobject->DriverUnload = cleanup;

InitializeObjectAttributes(&oa1,&path1,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);

InitializeObjectAttributes(&oa2,&path2,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);

status =
ZwCreateFile(&hfile1,GENERIC_WRITE|GENERIC_READ,&oa1,&iostatus,NULL,0,FILE_SHARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“We are creating the file”);
status =
ZwWriteFile(hfile1,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“Writing file1 successfull”);

status = ZwClose(hfile1);
if(NT_SUCCESS(status)){
DbgPrint(“closeing file1 successfull!”);

status =
ZwOpenFile(&hfile1,GENERIC_READ,&oa1,&iostatus,FILE_SHARE_READ,FILE_SYNCHRONOUS_IO_NONALERT);
if(NT_SUCCESS(status)){
DbgPrint(“File1 open for reading”);

status =
ZwReadFile(hfile1,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“content of file1 is read”);
status =
ZwCreateFile(&hfile2,GENERIC_WRITE,&oa2,&iostatus,NULL,0,FILE_SHARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“File2 created and ready
for reading”);

status =
ZwWriteFile(hfile2,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“Content writen to file2”);
}
ZwClose(hfile2);
}
}
ZwClose(hfile1);
}
}
}
else{
DbgPrint(“Error writing to file1 closeing file!”);
ZwClose(hfile1);
}
}
ExFreePoolWithTag(filebuffer,‘nuf’);
}
return STATUS_SUCCESS;
}

NTSTATUS cleanup(IN PDRIVER_OBJECT unload){
DbgPrint(“byebye”);
return STATUS_SUCCESS;
}
--------------------------
Thanks again for bringing my messy pointermanagement to my attention.
Sincerly
Frank

Am 13.07.2010 15:30, schrieb xxxxx@gmail.com:
> OMG !!
> Too many mistakes in your code.
> I cannot start by telling you what you do wrong there, but there are some mistakes that are crucial and basic.
> What I would STRONGLY suggest is to read the documentation for ZwCreateFile ZwReadFile ZwWriteFile, with remarks section and everything.
> I think that first of all you don’t even know exactly where your driver bugchecks, because I don’t think it will even get to the Reading part.
> I only read your code once and this is what at a first glance I see its wrong, ofcourse aside you do not check the return status code.
> You have this at the begginign of the code
>
>> “PUNICODE_STRING pathname; … >InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,N >ULL,NULL);”
>>
>>
> Notice you have a POINTER to a unicode string structure and when you use it in the InitializeObjectAttributes you give a reference to the pointer for PUNICODE_STRING structure. And even if you weren’t doing that which is illegal you do not initialize that UNICODE_STRING to anything so you cannot call create file for an unnamed file, or at least I’m sure that’s not your goal.
> Why would you use in CreateFile file parameters as CreateDisposition
> “FILE_CREATE|FILE_OPEN” just choose one of the two and again READ THE DOCUMENTATION.
>
>
>> ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NULL);
>> DbgPrint(“Now we’re getting the content”);
>>
>>
> After you call ZwWriteFile you have a debug print that says: “Now we’re GETTTING the content” ?
> I thought WRITTING is more like SETTING the content, and READING is more like GETTING it. Anyway thought you were a little confused there.
>
>
>> RtlInitUnicodeString(&pathname,L"\Device\HardDiskVolume1\test2.txt");
>>
>>
> You again call with the address of the pointer to the UNICODE_STRING structure.
> Then you again call ZwCreateFileWith FILE_OPEN and FILE_CREATE
>
>
>> DbgPrint(“Buffercontent %s”,&filebuffer); if(NT_SUCCESS(status))
>>
>>
> FileBuffer is PVOID. Do you even know what pointers are ? Why do you always use “&” if the variable is already a pointer ???
>
> I don’t know man… That’s the review I can give you at a first glance, and an advice at a first glance would be for you to learn more about what you are doing and what you want to achieve.
> I don’t know how you did in user-mode as a programmer but I don’t think you did very well. I am not sure if you code actually compiles.
> Anyway
> Good luck.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>

___________________________________________________________
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de</wdm.h></ntddk.h>

First, given your developing a kernel driver, of course you have a CPP
compiler. It’s found in the WDK, and all you need to do is to add the .CPP
file extension, or set the /Tp compile switch. Of course that will then most
likely throw tons of errors until you get “extern “C” …” sorted out.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Frank Freud
Sent: Tuesday, July 13, 2010 12:31 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Reading from one file and putting content into another
one

Hi!
Thanks for answering me.
Well, lets say my programmingskills are … limited.
This is more of a funproject for me,exploring the wonders of kernleland,
like alice, but hopefully without spooky rabbits and kittens ;).
But like most things it kills me not knowing what I’m doing wrong.
The thing with PUNICODE_STRING and then a pointer to the pointer is due to
me not beeing used to a pointer beeing declared like PVOID.
Another thing contributing to the fact is:
When I’m learning something new I tend to do one of 2 things:
1.making small step by step examples and only one testsuit per file.
2.creating a large file and making sections of all different kind of things
all in this file

I did the second thing.
Problem: since I’m not using a CPP-Compiler I can’t declare variables where
I like, so i easily lose track.

I solved my problem(code below),looks like a pointerproblem,or several to be
exact.


#include <ntddk.h>
#include <wdm.h>

NTSTATUS cleanup(IN PDRIVER_OBJECT unload);

NTSTATUS DriverEntry(IN PDRIVER_OBJECT driverobject,
IN PUNICODE_STRING registry){

UNICODE_STRING path1,path2;
IO_STATUS_BLOCK iostatus;
OBJECT_ATTRIBUTES oa1,oa2;
NTSTATUS status;
char content = “Das hier geht in eine datei”;

HANDLE hfile1,hfile2;
PVOID filebuffer;

filebuffer = ExAllocatePoolWithTag(PagedPool,80,‘nuf’);
if(filebuffer != NULL){
DbgPrint(“Filebuffer allocated”);

RtlInitUnicodeString(&path1,L"\??\C:\test001.txt");

RtlInitUnicodeString(&path2,L"\Device\HarddiskVolume1\test002.txt");

driverobject->DriverUnload = cleanup;

InitializeObjectAttributes(&oa1,&path1,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDL
E,NULL,NULL);

InitializeObjectAttributes(&oa2,&path2,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDL
E,NULL,NULL);

status =
ZwCreateFile(&hfile1,GENERIC_WRITE|GENERIC_READ,&oa1,&iostatus,NULL,0,FILE_S
HARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“We are creating the file”);
status =
ZwWriteFile(hfile1,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NUL
L);
if(NT_SUCCESS(status)){
DbgPrint(“Writing file1 successfull”);

status = ZwClose(hfile1);
if(NT_SUCCESS(status)){
DbgPrint(“closeing file1 successfull!”);

status =
ZwOpenFile(&hfile1,GENERIC_READ,&oa1,&iostatus,FILE_SHARE_READ,FILE_SYNCHRON
OUS_IO_NONALERT);
if(NT_SUCCESS(status)){
DbgPrint(“File1 open for reading”);

status =
ZwReadFile(hfile1,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“content of file1 is read”);
status =
ZwCreateFile(&hfile2,GENERIC_WRITE,&oa2,&iostatus,NULL,0,FILE_SHARE_READ,FIL
E_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“File2 created and ready for
reading”);

status =
ZwWriteFile(hfile2,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“Content writen to file2”);
}
ZwClose(hfile2);
}
}
ZwClose(hfile1);
}
}
}
else{
DbgPrint(“Error writing to file1 closeing file!”);
ZwClose(hfile1);
}
}
ExFreePoolWithTag(filebuffer,‘nuf’);
}
return STATUS_SUCCESS;
}

NTSTATUS cleanup(IN PDRIVER_OBJECT unload){
DbgPrint(“byebye”);
return STATUS_SUCCESS;
}
--------------------------
Thanks again for bringing my messy pointermanagement to my attention.
Sincerly
Frank

Am 13.07.2010 15:30, schrieb xxxxx@gmail.com:
> OMG !!
> Too many mistakes in your code.
> I cannot start by telling you what you do wrong there, but there are some
mistakes that are crucial and basic.
> What I would STRONGLY suggest is to read the documentation for
ZwCreateFile ZwReadFile ZwWriteFile, with remarks section and everything.
> I think that first of all you don’t even know exactly where your driver
bugchecks, because I don’t think it will even get to the Reading part.
> I only read your code once and this is what at a first glance I see its
wrong, ofcourse aside you do not check the return status code.
> You have this at the begginign of the code
>
>> “PUNICODE_STRING pathname; …
>InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HA
NDLE,N >ULL,NULL);”
>>
>>
> Notice you have a POINTER to a unicode string structure and when you use
it in the InitializeObjectAttributes you give a reference to the pointer for
PUNICODE_STRING structure. And even if you weren’t doing that which is
illegal you do not initialize that UNICODE_STRING to anything so you cannot
call create file for an unnamed file, or at least I’m sure that’s not your
goal.
> Why would you use in CreateFile file parameters as CreateDisposition
> “FILE_CREATE|FILE_OPEN” just choose one of the two and again READ THE
DOCUMENTATION.
>
>
>> ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,content,strlen(content),NU
>> LL,NULL); DbgPrint(“Now we’re getting the content”);
>>
>>
> After you call ZwWriteFile you have a debug print that says: “Now we’re
GETTTING the content” ?
> I thought WRITTING is more like SETTING the content, and READING is more
like GETTING it. Anyway thought you were a little confused there.
>
>
>> RtlInitUnicodeString(&pathname,L"\Device\HardDiskVolume1\test2.txt
>> ");
>>
>>
> You again call with the address of the pointer to the UNICODE_STRING
structure.
> Then you again call ZwCreateFileWith FILE_OPEN and FILE_CREATE
>
>
>> DbgPrint(“Buffercontent %s”,&filebuffer); if(NT_SUCCESS(status))
>>
>>
> FileBuffer is PVOID. Do you even know what pointers are ? Why do you
always use “&” if the variable is already a pointer ???
>
> I don’t know man… That’s the review I can give you at a first glance,
and an advice at a first glance would be for you to learn more about what
you are doing and what you want to achieve.
> I don’t know how you did in user-mode as a programmer but I don’t think
you did very well. I am not sure if you code actually compiles.
> Anyway
> Good luck.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>

___________________________________________________________
Der fr?he Vogel f?ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail:
http://mail.yahoo.de


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</wdm.h></ntddk.h>

That’s ‘/TP’

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Tuesday, July 13, 2010 2:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Reading from one file and putting content into another
one

First, given your developing a kernel driver, of course you have a CPP
compiler. It’s found in the WDK, and all you need to do is to add the .CPP
file extension, or set the /Tp compile switch. Of course that will then most
likely throw tons of errors until you get “extern “C” …” sorted out.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Frank Freud
Sent: Tuesday, July 13, 2010 12:31 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Reading from one file and putting content into another
one

Hi!
Thanks for answering me.
Well, lets say my programmingskills are … limited.
This is more of a funproject for me,exploring the wonders of kernleland,
like alice, but hopefully without spooky rabbits and kittens ;).
But like most things it kills me not knowing what I’m doing wrong.
The thing with PUNICODE_STRING and then a pointer to the pointer is due to
me not beeing used to a pointer beeing declared like PVOID.
Another thing contributing to the fact is:
When I’m learning something new I tend to do one of 2 things:
1.making small step by step examples and only one testsuit per file.
2.creating a large file and making sections of all different kind of things
all in this file

I did the second thing.
Problem: since I’m not using a CPP-Compiler I can’t declare variables where
I like, so i easily lose track.

I solved my problem(code below),looks like a pointerproblem,or several to be
exact.


#include <ntddk.h>
#include <wdm.h>

NTSTATUS cleanup(IN PDRIVER_OBJECT unload);

NTSTATUS DriverEntry(IN PDRIVER_OBJECT driverobject,
IN PUNICODE_STRING registry){

UNICODE_STRING path1,path2;
IO_STATUS_BLOCK iostatus;
OBJECT_ATTRIBUTES oa1,oa2;
NTSTATUS status;
char content = “Das hier geht in eine datei”;

HANDLE hfile1,hfile2;
PVOID filebuffer;

filebuffer = ExAllocatePoolWithTag(PagedPool,80,‘nuf’);
if(filebuffer != NULL){
DbgPrint(“Filebuffer allocated”);

RtlInitUnicodeString(&path1,L"\??\C:\test001.txt");

RtlInitUnicodeString(&path2,L"\Device\HarddiskVolume1\test002.txt");

driverobject->DriverUnload = cleanup;

InitializeObjectAttributes(&oa1,&path1,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDL
E,NULL,NULL);

InitializeObjectAttributes(&oa2,&path2,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDL
E,NULL,NULL);

status =
ZwCreateFile(&hfile1,GENERIC_WRITE|GENERIC_READ,&oa1,&iostatus,NULL,0,FILE_S
HARE_READ,FILE_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“We are creating the file”);
status =
ZwWriteFile(hfile1,NULL,NULL,NULL,&iostatus,content,strlen(content),NULL,NUL
L);
if(NT_SUCCESS(status)){
DbgPrint(“Writing file1 successfull”);

status = ZwClose(hfile1);
if(NT_SUCCESS(status)){
DbgPrint(“closeing file1 successfull!”);

status =
ZwOpenFile(&hfile1,GENERIC_READ,&oa1,&iostatus,FILE_SHARE_READ,FILE_SYNCHRON
OUS_IO_NONALERT);
if(NT_SUCCESS(status)){
DbgPrint(“File1 open for reading”);

status =
ZwReadFile(hfile1,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“content of file1 is read”);
status =
ZwCreateFile(&hfile2,GENERIC_WRITE,&oa2,&iostatus,NULL,0,FILE_SHARE_READ,FIL
E_CREATE|FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

if(NT_SUCCESS(status)){
DbgPrint(“File2 created and ready for
reading”);

status =
ZwWriteFile(hfile2,NULL,NULL,NULL,&iostatus,filebuffer,80,NULL,NULL);
if(NT_SUCCESS(status)){
DbgPrint(“Content writen to file2”);
}
ZwClose(hfile2);
}
}
ZwClose(hfile1);
}
}
}
else{
DbgPrint(“Error writing to file1 closeing file!”);
ZwClose(hfile1);
}
}
ExFreePoolWithTag(filebuffer,‘nuf’);
}
return STATUS_SUCCESS;
}

NTSTATUS cleanup(IN PDRIVER_OBJECT unload){
DbgPrint(“byebye”);
return STATUS_SUCCESS;
}
--------------------------
Thanks again for bringing my messy pointermanagement to my attention.
Sincerly
Frank

Am 13.07.2010 15:30, schrieb xxxxx@gmail.com:
> OMG !!
> Too many mistakes in your code.
> I cannot start by telling you what you do wrong there, but there are
> some
mistakes that are crucial and basic.
> What I would STRONGLY suggest is to read the documentation for
ZwCreateFile ZwReadFile ZwWriteFile, with remarks section and everything.
> I think that first of all you don’t even know exactly where your
> driver
bugchecks, because I don’t think it will even get to the Reading part.
> I only read your code once and this is what at a first glance I see
> its
wrong, ofcourse aside you do not check the return status code.
> You have this at the begginign of the code
>
>> “PUNICODE_STRING pathname; …
>InitializeObjectAttributes(&oa,&pathname,OBJ_CASE_INSENSITIVE|OBJ_KERNE
>L_HA
NDLE,N >ULL,NULL);”
>>
>>
> Notice you have a POINTER to a unicode string structure and when you
> use
it in the InitializeObjectAttributes you give a reference to the pointer for
PUNICODE_STRING structure. And even if you weren’t doing that which is
illegal you do not initialize that UNICODE_STRING to anything so you cannot
call create file for an unnamed file, or at least I’m sure that’s not your
goal.
> Why would you use in CreateFile file parameters as CreateDisposition
> “FILE_CREATE|FILE_OPEN” just choose one of the two and again READ THE
DOCUMENTATION.
>
>
>> ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,content,strlen(content),NU
>> LL,NULL); DbgPrint(“Now we’re getting the content”);
>>
>>
> After you call ZwWriteFile you have a debug print that says: “Now
> we’re
GETTTING the content” ?
> I thought WRITTING is more like SETTING the content, and READING is
> more
like GETTING it. Anyway thought you were a little confused there.
>
>
>> RtlInitUnicodeString(&pathname,L"\Device\HardDiskVolume1\test2.txt
>> ");
>>
>>
> You again call with the address of the pointer to the UNICODE_STRING
structure.
> Then you again call ZwCreateFileWith FILE_OPEN and FILE_CREATE
>
>
>> DbgPrint(“Buffercontent %s”,&filebuffer); if(NT_SUCCESS(status))
>>
>>
> FileBuffer is PVOID. Do you even know what pointers are ? Why do you
always use “&” if the variable is already a pointer ???
>
> I don’t know man… That’s the review I can give you at a first
> glance,
and an advice at a first glance would be for you to learn more about what
you are doing and what you want to achieve.
> I don’t know how you did in user-mode as a programmer but I don’t
> think
you did very well. I am not sure if you code actually compiles.
> Anyway
> Good luck.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>

___________________________________________________________
Der fr?he Vogel f?ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail:
http://mail.yahoo.de


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</wdm.h></ntddk.h>