Strange Behavior while TDI_QUERY_INFOPMATION....

NTDEV
1

Hi All,

I am trying to query the IP address assigned to connection object while filtering TDI_CONNECT.During TDI_CONNECT i
Set a Completion routine to the IRP and when that completion routine is called i am trying to query for the address info of connection endpoint.But
The following code generates IRQL_NOT_LESS_OR_EQUAL .

TA_ADDRESS* pTA;
unsigned int dBufferSize = (sizeof ( TDI_ADDRESS_INFO) + sizeof (
TRANSPORT_ADDRESS ) + sizeof ( TA_IP_ADDRESS ));

pTdiAddressInfo = ExAllocatePool(NonPagedPool,dBufferSize);

if(!pTdiAddressInfo)
{
DbgPrint(" Allocation for TdiAddressInfo - Query Address Comp Conext
Failed\n");
}
// Build an Mdl for the virtual buffer

pMdlAddr = IoAllocateMdl(pTdiAddressInfo,dBufferSize, 0,FALSE ,NULL );

if(pMdlAddr)
{

MmProbeAndLockPages ( pMdlAddr, KernelMode, IoModifyAccess );

pDevObj = IoGetRelatedDeviceObject(pIrpStackLocation->FileObject);

DbgPrint(“[INFITCP.SYS]-TdiDispatchIoCompletionRoutine Building Query
Irp\n”);

TdiBuildQueryInformation(
pFilterContext->pQueryIrp ,
pDevObj,
pIrpStackLocation->FileObject ,
NULL,
NULL,
TDI_QUERY_ADDRESS_INFO ,
pMdlAddr
);

KeInitializeEvent ( &kEvent, NotificationEvent, FALSE );
pFilterContext->pQueryIrp->UserEvent = &kEvent;
pFilterContext->pQueryIrp->UserIosb = &iosb;

status = IoCallDriver( pTargetDeviceObject,
pFilterContext->pQueryIrp);

if(status == STATUS_PENDING )
{

(void)KeWaitForSingleObject (
(PVOID)&kEvent,// signaling
object
Executive, // wait reason
KernelMode,// wait mode
TRUE, // alertable
NULL ); // timeout

}

pTA = ((TDI_ADDRESS_INFO*)pTdiAddressInfo)->Address.Address ;

// THE STATEMENT BELOW GENERATES BUG CHECK IRQL_NOT_LESS_OR_EQUAL

DbgPrint((“[INFITCP.SYS]- TdiDispatchIoCompletionRoutine: address: %x :
%u\n”,
ntohl(((TDI_ADDRESS_IP *)(pTA->Address))->in_addr),
ntohs(((TDI_ADDRESS_IP *)(pTA->Address))->sin_port)));
}

The strange point is that the same piece of code works fine while filtering
IRP_MJ_CREATE where in the same style i query for ip address in the
completion routine. where i used ONLY MmBuildMdlForNonPagedPool (NOT
MmProbeAndLockPages)and it works fine …But i tried here both
MmBuildMdlForNonPagedPool and MmProbeAndLockPages…But no luck it crashes
all the ways…
It seems to me that MDL is having problems … But why? how it can be corrected…

pls shed some light on what is happening here…
The stack looks like this -

FramePtr RetAddr Param1 Param2 Param3 Function Name
ffffffffed41f430 ffffffff8042c487 0000000000000003 0000000000000406
ffffffff80461d64 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffed41f7bc ffffffff8046856f 0000000000000000 0000000000000406
0000000000000002 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffed41f7d8 ffffffff81580b28 0000000000000000 ffffffff81580b28
ffffffffed41fa50 NTOSKRNL!MiAllocatePoolPages+0x312 (EBP)
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0xFFFFFFFF81580B28 (No FPO)

Regards…

Subodh

2

You’re calling another driver when you may be at DISPATCH_LEVEL, and, if
STATUS_PENDING is returned, you’re throwing away the status from
KeWaitForSingleObject() when you specified a 0-value timeout? The called
driver may not be done, and the status from the wait may be
STATUS_TIMEOUT. What do you expect to happen in such a case?


If replying by e-mail, please remove “nospam.” from the address.

James Antognini

3

Another thing: Probe-and-lock is supposed to be wrapped in _try/_except.
That didn’t bite you, but it can happen.


If replying by e-mail, please remove “nospam.” from the address.

James Antognini

4

Subodth,

I believe you need to queue a work queue item to query if
your completion routine got called at DISPATCH LEVEL.

That would help resolve your problem.

-Srin.

-----Original Message-----
From: subodh gupta [mailto:xxxxx@softhome.net]
Sent: Saturday, May 24, 2003 4:36 AM
To: NT Developers Interest List
Subject: [ntdev] Strange Behavior while TDI_QUERY_INFOPMATION…

Hi All,

I am trying to query the IP address assigned to connection object
while filtering TDI_CONNECT.During TDI_CONNECT i
Set a Completion routine to the IRP and when that completion routine is
called i am trying to query for the address info of connection
endpoint.But
The following code generates IRQL_NOT_LESS_OR_EQUAL .

TA_ADDRESS* pTA;
unsigned int dBufferSize = (sizeof ( TDI_ADDRESS_INFO) + sizeof (
TRANSPORT_ADDRESS ) + sizeof ( TA_IP_ADDRESS ));

pTdiAddressInfo = ExAllocatePool(NonPagedPool,dBufferSize);

if(!pTdiAddressInfo)
{
DbgPrint(" Allocation for TdiAddressInfo - Query Address Comp
Conext
Failed\n");
}
// Build an Mdl for the virtual buffer

pMdlAddr = IoAllocateMdl(pTdiAddressInfo,dBufferSize, 0,FALSE ,NULL
);

if(pMdlAddr)
{

MmProbeAndLockPages ( pMdlAddr, KernelMode, IoModifyAccess );

pDevObj = IoGetRelatedDeviceObject(pIrpStackLocation->FileObject);

DbgPrint(“[INFITCP.SYS]-TdiDispatchIoCompletionRoutine Building
Query
Irp\n”);

TdiBuildQueryInformation(
pFilterContext->pQueryIrp ,
pDevObj,
pIrpStackLocation->FileObject ,
NULL,
NULL,
TDI_QUERY_ADDRESS_INFO ,
pMdlAddr
);

KeInitializeEvent ( &kEvent, NotificationEvent, FALSE );
pFilterContext->pQueryIrp->UserEvent = &kEvent;
pFilterContext->pQueryIrp->UserIosb = &iosb;

status = IoCallDriver( pTargetDeviceObject,
pFilterContext->pQueryIrp);

if(status == STATUS_PENDING )
{

(void)KeWaitForSingleObject (
(PVOID)&kEvent,//
signaling
object
Executive, // wait
reason
KernelMode,// wait mode
TRUE, // alertable
NULL ); // timeout

}

pTA = ((TDI_ADDRESS_INFO*)pTdiAddressInfo)->Address.Address ;

// THE STATEMENT BELOW GENERATES BUG CHECK IRQL_NOT_LESS_OR_EQUAL

DbgPrint((“[INFITCP.SYS]- TdiDispatchIoCompletionRoutine: address: %x
:
%u\n”,
ntohl(((TDI_ADDRESS_IP *)(pTA->Address))->in_addr),
ntohs(((TDI_ADDRESS_IP *)(pTA->Address))->sin_port)));
}

The strange point is that the same piece of code works fine while
filtering
IRP_MJ_CREATE where in the same style i query for ip address in the
completion routine. where i used ONLY MmBuildMdlForNonPagedPool (NOT
MmProbeAndLockPages)and it works fine …But i tried here both
MmBuildMdlForNonPagedPool and MmProbeAndLockPages…But no luck it
crashes
all the ways…

It seems to me that MDL is having problems … But why? how it can be
corrected…

pls shed some light on what is happening here…
The stack looks like this -

FramePtr RetAddr Param1 Param2 Param3 Function
Name
ffffffffed41f430 ffffffff8042c487 0000000000000003 0000000000000406
ffffffff80461d64 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffed41f7bc ffffffff8046856f 0000000000000000 0000000000000406
0000000000000002 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffed41f7d8 ffffffff81580b28 0000000000000000 ffffffff81580b28
ffffffffed41fa50 NTOSKRNL!MiAllocatePoolPages+0x312 (EBP)
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0xFFFFFFFF81580B28 (No FPO)

Regards…

Subodh

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

Srin,James,
Thanks for the inputs,I did covered the code in the __try __except Blocks,And added the cheking of status returned by KeWaitForSingleObject.But still the problem persists.
Srin, In work Queue item still there is the same problem.But i found the solution to it. Now i dont use the buffer directly instead i copy it in to local variable and use that local varible for DbgPrint and it works fine.:slight_smile:

I dont know what is the reason.But it seem to me that i only have read only access to the buffer after attaching it to IRP.

regards…

Subodh
----- Original Message -----
From: xxxxx@NAI.com
To: NT Developers Interest List
Sent: Saturday, May 24, 2003 9:01 PM
Subject: [ntdev] RE: Strange Behavior while TDI_QUERY_INFOPMATION…

Subodth,

I believe you need to queue a work queue item to query if your completion routine got called at DISPATCH LEVEL.

That would help resolve your problem.

-Srin.

-----Original Message-----
From: subodh gupta [mailto:xxxxx@softhome.net]
Sent: Saturday, May 24, 2003 4:36 AM
To: NT Developers Interest List
Subject: [ntdev] Strange Behavior while TDI_QUERY_INFOPMATION…

Hi All,

I am trying to query the IP address assigned to connection object while filtering TDI_CONNECT.During TDI_CONNECT i
Set a Completion routine to the IRP and when that completion routine is called i am trying to query for the address info of connection endpoint.But
The following code generates IRQL_NOT_LESS_OR_EQUAL .

TA_ADDRESS* pTA;
unsigned int dBufferSize = (sizeof ( TDI_ADDRESS_INFO) + sizeof (
TRANSPORT_ADDRESS ) + sizeof ( TA_IP_ADDRESS ));

pTdiAddressInfo = ExAllocatePool(NonPagedPool,dBufferSize);

if(!pTdiAddressInfo)
{
DbgPrint(" Allocation for TdiAddressInfo - Query Address Comp Conext
Failed\n");
}
// Build an Mdl for the virtual buffer

pMdlAddr = IoAllocateMdl(pTdiAddressInfo,dBufferSize, 0,FALSE ,NULL );

if(pMdlAddr)
{

MmProbeAndLockPages ( pMdlAddr, KernelMode, IoModifyAccess );

pDevObj = IoGetRelatedDeviceObject(pIrpStackLocation->FileObject);

DbgPrint(“[INFITCP.SYS]-TdiDispatchIoCompletionRoutine Building Query
Irp\n”);

TdiBuildQueryInformation(
pFilterContext->pQueryIrp ,
pDevObj,
pIrpStackLocation->FileObject ,
NULL,
NULL,
TDI_QUERY_ADDRESS_INFO ,
pMdlAddr
);

KeInitializeEvent ( &kEvent, NotificationEvent, FALSE );
pFilterContext->pQueryIrp->UserEvent = &kEvent;
pFilterContext->pQueryIrp->UserIosb = &iosb;

status = IoCallDriver( pTargetDeviceObject,
pFilterContext->pQueryIrp);

if(status == STATUS_PENDING )
{

(void)KeWaitForSingleObject (
(PVOID)&kEvent,// signaling
object
Executive, // wait reason
KernelMode,// wait mode
TRUE, // alertable
NULL ); // timeout

}

pTA = ((TDI_ADDRESS_INFO*)pTdiAddressInfo)->Address.Address ;

// THE STATEMENT BELOW GENERATES BUG CHECK IRQL_NOT_LESS_OR_EQUAL

DbgPrint((“[INFITCP.SYS]- TdiDispatchIoCompletionRoutine: address: %x :
%u\n”,
ntohl(((TDI_ADDRESS_IP *)(pTA->Address))->in_addr),
ntohs(((TDI_ADDRESS_IP *)(pTA->Address))->sin_port)));
}

The strange point is that the same piece of code works fine while filtering
IRP_MJ_CREATE where in the same style i query for ip address in the
completion routine. where i used ONLY MmBuildMdlForNonPagedPool (NOT
MmProbeAndLockPages)and it works fine …But i tried here both
MmBuildMdlForNonPagedPool and MmProbeAndLockPages…But no luck it crashes
all the ways…

It seems to me that MDL is having problems … But why? how it can be corrected…

pls shed some light on what is happening here…
The stack looks like this -

FramePtr RetAddr Param1 Param2 Param3 Function Name
ffffffffed41f430 ffffffff8042c487 0000000000000003 0000000000000406
ffffffff80461d64 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffed41f7bc ffffffff8046856f 0000000000000000 0000000000000406
0000000000000002 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffed41f7d8 ffffffff81580b28 0000000000000000 ffffffff81580b28
ffffffffed41fa50 NTOSKRNL!MiAllocatePoolPages+0x312 (EBP)
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0xFFFFFFFF81580B28 (No FPO)

Regards…

Subodh

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@softhome.net
To unsubscribe send a blank email to xxxxx@lists.osr.com