ReadIRP crash...

My driver code for READ is

static NTSTATUS STDCALL
kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
PUCHAR currentAddress;
PIO_STACK_LOCATION irpStack;
char *pool;
pool = ExAllocatePool(NonPagedPool, 16);
RtlCopyBytes(pool, “12345678”, 8);

irpStack = IoGetCurrentIrpStackLocation(Irp);
currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
NormalPagePriority);
RtlCopyMemory(currentAddress, pool, 1);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

When I call ReadFile for 1 byte the system crashes and I get a blue scrren
saying some exception caught…
Some problem with RtlCopyMemory??

Can anyone please throw some light on this?

Thanx
Kiran

Well it shouldn’t be RtlCopyBytes that is just a memcpy. What device object
flags did you set, i.e. what is the I/O mode for the device? Also, what is
the stack trace of the execption? This should be an easy one, if you can’t
find this do not consider a career in driver writing.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

----- Original Message -----
From: “Kiran”
To: “Windows System Software Developers Interest List”
Sent: Monday, August 18, 2003 8:30 AM
Subject: [ntdev] ReadIRP crash…

> My driver code for READ is
>
> static NTSTATUS STDCALL
> kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
> PUCHAR currentAddress;
> PIO_STACK_LOCATION irpStack;
> char *pool;
> pool = ExAllocatePool(NonPagedPool, 16);
> RtlCopyBytes(pool, “12345678”, 8);
>
> irpStack = IoGetCurrentIrpStackLocation(Irp);
> currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
> NormalPagePriority);
> RtlCopyMemory(currentAddress, pool, 1);
> IoCompleteRequest(Irp, IO_NO_INCREMENT);
> return STATUS_SUCCESS;
> }
>
> When I call ReadFile for 1 byte the system crashes and I get a blue scrren
> saying some exception caught…
> Some problem with RtlCopyMemory??
>
> Can anyone please throw some light on this?
>
> Thanx
> Kiran
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Hi Kiran,

          It is happeninf for every read or just when u r gonna read single byte from driver? And what is the mechanism u r using to pass the buffer to the Driver BUFFERED, DIRECT or NEITHER?

Good Luck,

From: “Kiran”

>Reply-To: “Windows System Software Developers Interest List”

>To: “Windows System Software Developers Interest List”

>Subject: [ntdev] ReadIRP crash…

>Date: Mon, 18 Aug 2003 08:30:11 -0400

>

>My driver code for READ is

>

>static NTSTATUS STDCALL

>kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {

> PUCHAR currentAddress;

> PIO_STACK_LOCATION irpStack;

> char *pool;

> pool = ExAllocatePool(NonPagedPool, 16);

> RtlCopyBytes(pool, “12345678”, 8);

>

> irpStack = IoGetCurrentIrpStackLocation(Irp);

> currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,

>NormalPagePriority);

> RtlCopyMemory(currentAddress, pool, 1);

> IoCompleteRequest(Irp, IO_NO_INCREMENT);

> return STATUS_SUCCESS;

>}

>

>When I call ReadFile for 1 byte the system crashes and I get a blue scrren

>saying some exception caught…

>Some problem with RtlCopyMemory??

>

>Can anyone please throw some light on this?

>

>Thanx

> Kiran

>

>

>

>—

>Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

>

>You are currently subscribed to ntdev as: xxxxx@hotmail.com

>To unsubscribe send a blank email to xxxxx@lists.osr.com

Australia ahoy! Fly there for free. On Singapore Airlines!

Hi
I am not doubting RtlCopyBytes, but the “RtlCopyMemory(currentAddress,
pool, 1);” statement few lines later. That is becoz when I comment the
“RtlCopyMemory” the driver code does not crash.
So the moral => the pointer currentAddress is not ok. (may be pointing
to some illegal mem location)
But the coorect way of getting pointer to user space memory, where I need
to copy some data from my driver, is to call
“MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);”

Infact I have simplified the driver code for Read dispacth as

static NTSTATUS STDCALL
kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
PUCHAR currentAddress;
PIO_STACK_LOCATION irpStack;
char c = ‘z’;

irpStack = IoGetCurrentIrpStackLocation(Irp);
currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
NormalPagePriority);
RtlCopyMemory(currentAddress, &c, 1);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

Now this code “crashes” when I call in my app code

char buf;
DWORD len;
ReadFile(handle, &buf, 1, &len, NULL);

However if I comment out the “RtlCopyMemory(currentAddress, &c, 1)”
then it does not crash. So I assume that currentAddress pointer is
illegal.

Can someone please tell me is there any API that I have to use in
addition.
Something like “convert to virtual address, or physical address”, etc, etc

Thanx
Kiran

You are assuming pIrp->MdlAddress is valid. This is only the case if
your device has the DO_DIRECT_IO flag set.

Kiran wrote:

Hi
I am not doubting RtlCopyBytes, but the “RtlCopyMemory(currentAddress,
pool, 1);” statement few lines later. That is becoz when I comment the
“RtlCopyMemory” the driver code does not crash.
So the moral => the pointer currentAddress is not ok. (may be pointing
to some illegal mem location)
But the coorect way of getting pointer to user space memory, where I need
to copy some data from my driver, is to call
“MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);”

Infact I have simplified the driver code for Read dispacth as

static NTSTATUS STDCALL
kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
PUCHAR currentAddress;
PIO_STACK_LOCATION irpStack;
char c = ‘z’;

irpStack = IoGetCurrentIrpStackLocation(Irp);
currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
NormalPagePriority);
RtlCopyMemory(currentAddress, &c, 1);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

Now this code “crashes” when I call in my app code

char buf;
DWORD len;
ReadFile(handle, &buf, 1, &len, NULL);

However if I comment out the “RtlCopyMemory(currentAddress, &c, 1)”
then it does not crash. So I assume that currentAddress pointer is
illegal.

Can someone please tell me is there any API that I have to use in
addition.
Something like “convert to virtual address, or physical address”, etc, etc

Thanx
Kiran

–
Nick Ryan (MVP for DDK)

Thanks very much Nick Ryan.
I set the DO_DIRECT_IO flag, and it worked as expected !!

Continuing further, is there any sample code that accomplishes something
like this.

Register an IRQ service for serial port IRQ number. This registered
function should be called whenever an interrupt occurs on the serial
port. (ex:On DCD high/low,)

What are the APIs required to be called to accompish these ?

Thanx in advance
Kiran

-----Original Message-----
From: Nick Ryan [mailto:xxxxx@nryan.com]
Sent: Tuesday, August 19, 2003 10:41 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: ReadIRP crash…

You are assuming pIrp->MdlAddress is valid. This is only the case if
your device has the DO_DIRECT_IO flag set.

Kiran wrote:

Hi
I am not doubting RtlCopyBytes, but the
“RtlCopyMemory(currentAddress,
pool, 1);” statement few lines later. That is becoz when I comment the
“RtlCopyMemory” the driver code does not crash.
So the moral => the pointer currentAddress is not ok. (may be
pointing
to some illegal mem location)
But the coorect way of getting pointer to user space memory, where I
need
to copy some data from my driver, is to call
“MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);”

Infact I have simplified the driver code for Read dispacth as

static NTSTATUS STDCALL
kiran_dispatch_read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
PUCHAR currentAddress;
PIO_STACK_LOCATION irpStack;
char c = ‘z’;

irpStack = IoGetCurrentIrpStackLocation(Irp);
currentAddress = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
NormalPagePriority);
RtlCopyMemory(currentAddress, &c, 1);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

Now this code “crashes” when I call in my app code

char buf;
DWORD len;
ReadFile(handle, &buf, 1, &len, NULL);

However if I comment out the “RtlCopyMemory(currentAddress, &c, 1)”
then it does not crash. So I assume that currentAddress pointer is
illegal.

Can someone please tell me is there any API that I have to use in
addition.
Something like “convert to virtual address, or physical address”, etc,
etc

Thanx
Kiran

–
Nick Ryan (MVP for DDK)

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com