My FSD correctly processes IRP_MJ_QUERY_SECURITY IRPs when they are
generated by a user mode application… BUT when the IRPs come from the
system, via right-click on a file and get the properties, then select the
security tab, the UserBuffer is not valid and there is no MDL either. The
User Buffer usually has an address like 0x000DFC28 or such, and causes a
access violation when I probe and lock that address for the correct
length.
Can someone shed some light on how this is supposed to work?
Thanks
Are you sure that the caller isn’t asking you to just fill in the length
so they can call back?
-----Original Message-----
From: Greg Pearce [mailto:xxxxx@filetek.com]
Sent: Wednesday, June 11, 2003 2:43 PM
To: File Systems Developers
Subject: [ntfsd] system security requests vs usermode security requests
My FSD correctly processes IRP_MJ_QUERY_SECURITY IRPs when they are
generated by a user mode application… BUT when the IRPs come from the
system, via right-click on a file and get the properties, then select
the security tab, the UserBuffer is not valid and there is no MDL
either. The User Buffer usually has an address like 0x000DFC28 or such,
and causes a access violation when I probe and lock that address for the
correct length.
Can someone shed some light on how this is supposed to work?
Thanks
You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Yes. The first time I see the request IRP, the user buffer and MDL are
NULL. Then I set Irp->IoStatus.Information to the length needed, and
return the IRP with STATUS_BUFFER_OVERFLOW. Then the system resends the
IRP but with the “bad” buffer address…!
Thanks again
Greg
Is perhaps SystemBuffer valid instead?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Greg Pearce
Sent: Wednesday, June 11, 2003 1:51 PM
To: File Systems Developers
Subject: [ntfsd] RE: system security requests vs usermode
security requests
Yes. The first time I see the request IRP, the user buffer
and MDL are NULL. Then I set Irp->IoStatus.Information to
the length needed, and return the IRP with
STATUS_BUFFER_OVERFLOW. Then the system resends the IRP but
with the “bad” buffer address…!
Thanks again
Greg
You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Nick,
I checked Irp->AssociatedIrp->SystemBuffer both times the request comes in
and it is NULL!
Thanks yet again,
Greg
Well, here it is. My FSD talks to a user mode app via IOCTL, and when this
happens, I complete the IRP with status_pending. Sometime while that IRP
was pending, the buffer was getting paged out (I’m guessing). I would then
finish processing the IOCTL and try to lock down the user buffer, and get
the access violation (sometimes, only when Explorer was asking for the
properties/security tab).
Can someone explain why this was happening? Is it because the memory got
paged when the IRP was sent back with status_pending?
Thanks - Greg
If you’re going to use your user mode’s memory pointer in an arbitrary
thread, then you have to Probe and Lock the buffer before returning status
pending.
What that has to do with your problem? If that’s not how you do it, fix it,
and you’ll find out - I’m not sure. You could be accessing what is an invalid
memory address in the system process.
Greg Pearce wrote:
Well, here it is. My FSD talks to a user mode app via IOCTL, and when this
happens, I complete the IRP with status_pending. Sometime while that IRP
was pending, the buffer was getting paged out (I’m guessing). I would then
finish processing the IOCTL and try to lock down the user buffer, and get
the access violation (sometimes, only when Explorer was asking for the
properties/security tab).
Can someone explain why this was happening? Is it because the memory got
paged when the IRP was sent back with status_pending?
Thanks - Greg
You are currently subscribed to ntfsd as: xxxxx@alfasp.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
Thanks for clearing that up Dejan. I found out. That fixes it!
Greg
“Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
>
>
> If you’re going to use your user mode’s memory pointer in an arbitrary
> thread, then you have to Probe and Lock the buffer before returning status
> pending.
> What that has to do with your problem? If that’s not how you do it,
fix it,
> and you’ll find out - I’m not sure. You could be accessing what is an
invalid
> memory address in the system process.
>
> Greg Pearce wrote:
>
> > Well, here it is. My FSD talks to a user mode app via IOCTL, and when
this
> > happens, I complete the IRP with status_pending. Sometime while that
IRP
> > was pending, the buffer was getting paged out (I’m guessing). I would
then
> > finish processing the IOCTL and try to lock down the user buffer, and
get
> > the access violation (sometimes, only when Explorer was asking for the
> > properties/security tab).
> >
> > Can someone explain why this was happening? Is it because the memory
got
> > paged when the IRP was sent back with status_pending?
> >
> > Thanks - Greg
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> –
> Kind regards, Dejan M. MVP for DDK
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
>
>