hello
long time ago i wrote a function that queried the bus type of a volume’s physical drive.
it was copied from these forums and added a bit of modification, sadly i can no longer find the thread.
here is the code (90%+ is copy-paste from the mentioned thread, i just added some verification):
//=================
NTSTATUS DrvQueryDeviceBusType(PDEVICE_OBJECT DiskDeviceObject, PDWORD Type){
NTSTATUS status;
PIRP irp= NULL;
KEVENT eventObj;
IO_STATUS_BLOCK ioStatus;
STORAGE_PROPERTY_QUERY query;
PSTORAGE_DESCRIPTOR_HEADER descriptor= NULL;
ULONG length= 0;
PVOID buffer= NULL;
RtlZeroMemory(&eventObj,sizeof(eventObj));
RtlZeroMemory(&ioStatus,sizeof(ioStatus));
RtlZeroMemory(&query,sizeof(query));
if(NULL== DiskDeviceObject){
return STATUS_INVALID_PARAMETER_1;
}
if(NULL== Type){
return STATUS_INVALID_PARAMETER_2;
}
*Type = BusTypeUnknown;
__try{
query.PropertyId= StorageDeviceProperty;
query.QueryType= PropertyStandardQuery;
descriptor= ((PSTORAGE_DESCRIPTOR_HEADER)(PVOID)&query);
KeInitializeEvent(&eventObj, NotificationEvent, FALSE);
irp= IoBuildDeviceIoControlRequest(IOCTL_STORAGE_QUERY_PROPERTY,DiskDeviceObject,&query,sizeof(query),&query,sizeof(query),FALSE,&eventObj,&ioStatus);
if(NULL== irp){
status= STATUS_INSUFFICIENT_RESOURCES;
__leave;
}
irp->IoStatus.Status= STATUS_NOT_SUPPORTED;
status= IoCallDriver(DiskDeviceObject, irp);
if(STATUS_PENDING== status){
KeWaitForSingleObject(&eventObj, Executive, KernelMode, FALSE, NULL);
status= ioStatus.Status;
}
if(!NT_SUCCESS(status)){
__leave;
}
length= descriptor->Size;
if(0== length){
status= STATUS_UNSUCCESSFUL;
__leave;
}
length= max(length, sizeof(STORAGE_PROPERTY_QUERY));
buffer= ExAllocatePoolWithTag(NonPagedPool,length,TAG_TEST);
descriptor= (PSTORAGE_DESCRIPTOR_HEADER)buffer;
if(NULL== descriptor){
status= STATUS_INSUFFICIENT_RESOURCES;
__leave;
}
RtlZeroMemory(&query, sizeof(query));
query.PropertyId= StorageDeviceProperty;
query.QueryType= PropertyStandardQuery;
RtlCopyMemory(descriptor, &query, sizeof(query));
irp= IoBuildDeviceIoControlRequest(IOCTL_STORAGE_QUERY_PROPERTY,DiskDeviceObject,descriptor,sizeof(query),descriptor,length,FALSE,&eventObj,&ioStatus);
if(NULL== irp){
status= STATUS_INSUFFICIENT_RESOURCES;
__leave;
}
irp->IoStatus.Status= STATUS_NOT_SUPPORTED;
status= IoCallDriver(DiskDeviceObject,irp);
if(STATUS_PENDING== status){
KeWaitForSingleObject(&eventObj, Executive, KernelMode, FALSE, NULL);
status= ioStatus.Status;
}
if(!NT_SUCCESS(status)){
__leave;
}
*Type= ((PSTORAGE_DEVICE_DESCRIPTOR)descriptor)->BusType;
status= STATUS_SUCCESS;
}
__finally{
if(NULL != buffer){
ExFreePoolWithTag(buffer,TAG_TEST);
}
}
return status;
}
//=================
i only call this function from InstanceSetupCallback and do a FltGetDiskDeviceObject(FltObjects->Volume,&volumeDeviceObject) to obtain the DiskDeviceObject.
when i originally wrote it, it was tested on windows xp and windows 7.
soon after that, windows 8 appeared, and apparently someone had a BSOD with that and the code was disabled.
now it is time for me to finally look into it and get it working.
the problem is, that now i can not reproduce any kind of blue screen with it on windows 8.x, no matter how i try and how many drives i attach/detach from the machine
the thing is, i never delved this down in the driver architecture, i always worked mostly with filefilter callbacks so i don’t know a lot of routine stuff that an experienced developer should know when working with this segment of the driver architecture
thank you