hey , im trying to avoid using NtCreateFile and roll my own IRP .
NTSTATUS NtfsWriteCompletion(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context)
{
if(Irp->PendingReturned)
KeSetEvent((PKEVENT)Context, IO_NO_INCREMENT,FALSE);
PFILE_OBJECT FileObj = Irp->Tail.Overlay.OriginalFileObject;
if(FileObject)
ObDereferenceObject(FileObject);
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
bool NtfsWrite()
{
...
UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\HarddiskVolume1");
status = IoGetDeviceObjectPointer(&DeviceName, FILE_WRITE_DATA | FILE_SHARE_WRITE, &FileObject, &DeviceObject);
...
// error handling
...
Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
...
// error handling
...
PIO_STACK_LOCATION IoStack = IoGetNextIrpStackLocation(Irp);
IoStack->MajorFunction = IRP_MJ_CREATE;
IoStack->FileObject = FileObject;
IoStack->Parameters.Create.Optionns = FILE_WRITE_DATA;
IoStack->Parameters.Create.FileAttributes = FILE_ATTRIBUTE_NORMAL;
IoStack->Parameters.Create.ShareAccess = 0;
IoStack->Parameters.Create.EaLength = 0;
RtlInitUnicodeString(&FileObject->FileName, TARGET_FILE);
KeInitializeEvent(&Event, NotificationEvent, FALSE);
IoSetCompletionRoutine(Irp,NtfsWriteCompletion,&Event,TRUE,TRUE,TRUE);
status = IofCallDriver(DeviceObject, Irp);
if(status == STATUS_PENDING)
{
KeWaitForSingleObject(&Event,Executive,KernelMode, FALSE, NULL);
status = Irp.IoStatus.Status;
}
return true;
}
The irp makes it to the fltmgr and eventually the first pre create minifilter callback , then blue screens with system service exception
surely I did something really bad here ?