Strange data offset while reading from audio cd using SCSIOP_READ_CD

I have a lower filter driver for CD-ROM class that reads from Audio CD using SCSIOP_READ_CD using the following SRB:

pIrp->RequestorMode = KernelMode;
pIrp->MdlAddress = pRead->ReadBufferMdl;

pStack = IoGetNextIrpStackLocation(pIrp);

pStack->Parameters.Scsi.Srb = Allocate(sizeof(SCSI_REQUEST_BLOCK));
RtlZeroMemory(pStack->Parameters.Scsi.Srb, sizeof(SCSI_REQUEST_BLOCK));

pStack->MajorFunction = IRP_MJ_SCSI;
pStack->Flags = SL_OVERRIDE_VERIFY_VOLUME;

pSrb = pStack->Parameters.Scsi.Srb;

pSrb->Function = SRB_FUNCTION_EXECUTE_SCSI;
pSrb->Length = sizeof(SCSI_REQUEST_BLOCK);
pSrb->QueueAction = SRB_SIMPLE_TAG_REQUEST;
pSrb->CdbLength = 12;
pSrb->SrbFlags = SRB_FLAGS_DATA_IN | SRB_FLAGS_DISABLE_SYNCH_TRANSFER |
SRB_FLAGS_ADAPTER_CACHE_ENABLE;
pSrb->DataTransferLength = 2352 * SectorsCount;
pSrb->TimeOutValue = 1;

pSrb->OriginalRequest = pIrp;
pSrb->DataBuffer = pRead->ReadBuffer;

pSrb->QueueSortKey = StartingSector;
pSrb->InternalStatus = StartingSector;

pCdb = (PCDB)pSrb->Cdb;

pCdb->READ_CD.OperationCode = 0xBE;

pCdb->READ_CD.TransferBlocks[1] = HIBYTE(LOWORD(SectorsCount));
pCdb->READ_CD.TransferBlocks[2] = LOBYTE(LOWORD(SectorsCount));

pCdb->READ_CD.StartingLBA[0] = HIBYTE(HIWORD(StartingSector));
pCdb->READ_CD.StartingLBA[1] = LOBYTE(HIWORD(StartingSector));
pCdb->READ_CD.StartingLBA[2] = HIBYTE(LOWORD(StartingSector));
pCdb->READ_CD.StartingLBA[3] = LOBYTE(LOWORD(StartingSector));

pCdb->READ_CD.IncludeSyncData = 0;
pCdb->READ_CD.HeaderCode = 0;
pCdb->READ_CD.IncludeEDC = 0;
pCdb->READ_CD.IncludeUserData = 1;
pCdb->READ_CD.ErrorFlags = 0;

As a result, the data that was read begins not from 0th byte of buffer but from 2668th. Bytes from 0 to 2667 are filled with zeroes. Increasing buffer size does not help: all bytes after SectorsCount * 2352 are filled with zeroes too.

If I ask device to return data along with C2 (ErrorFlags = 2) which results in additional 296 bytes ber sector, offset becomes 2668 + 296 bytes.

I’d really appreciate it if someone at least tells me what this magic number “2668” stands for – I’m completely confused about what is going on.

Quoting xxxxx@gmail.com:

I have a lower filter driver for CD-ROM class that reads from Audio CD using
SCSIOP_READ_CD using the following SRB:

pIrp->MdlAddress = pRead->ReadBufferMdl;


>
> pSrb->DataBuffer = pRead->ReadBuffer;
>
> As a result, the data that was read begins not from 0th byte of buffer but
> from 2668th. Bytes from 0 to 2667 are filled with zeroes. Increasing buffer
> size does not help: all bytes after SectorsCount * 2352 are filled with
> zeroes too.
>

Your problem lies in these two lines

Personally I would not use pIrp->MdlAddress and set the data buffer with MmGetSystemAddressForMdlSafe. (after
locking it of course).

-------------------------------------------------
Visit Pipex Business: The homepage for UK Small Businesses

Go to http://www.pipex.co.uk/business-services

>Personally I would not use pIrp->MdlAddress and set the data buffer with

MmGetSystemAddressForMdlSafe. (after
locking it of course).

Oops, no I dont, you probably need the mdl.

try

pSrb->DataBuffer = MmGetMdlVirtualAddress(pIrp->MdlAddress);


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email


> try pSrb->DataBuffer = MmGetMdlVirtualAddress(pIrp->MdlAddress);

Actually, I build this MDL myself and pRead->ReadBuffer is a virtual address of pRead->ReadBufferMdl.