Hi All,
I have hooked on to the NtWriteFile service. When ever I am getting the data
I am checking whether the address is valid by using the API
“MmIsAddressValid” If the address is not valid I am creating an MDL and
calling the “MmGetSystemAddressForMdlSafe” function to get the system mapped
address space after this I am able to access the data but sometime after the
NtWriteFile returns the system crashes, with error DRIVER_CORRUPTED_MMPOOL.
Can anybody throw some light on this.
Thanks in Advance.
regards,
shivas
**************************************************************************
This email (including any attachments) is intended for the sole use of the
intended recipient/s and may contain material that is CONFIDENTIAL AND
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or
distribution or forwarding of any or all of the contents in this message is
STRICTLY PROHIBITED. If you are not the intended recipient, please contact
the sender by email and delete all copies; your cooperation in this regard
is appreciated.
**************************************************************************
Yes. Please write a file system filter driver, and dont hook any syscalls.
Second, MmIsAddressValid is not to be used this way. Refere to DDK help to
see what function does.
Third, the user buffer can be in user address space, so prior to any attmept
to map those pages in kernel address space they must be locked.
And so on …
Ciao
----- Original Message -----
From: “Shiva_Shankar” To: “NT Developers Interest List” Sent: Wednesday, September 11, 2002 3:57 PM Subject: [ntdev] Usage of “MmGetSystemAddressForMdlSafe”
> Hi All, > I have hooked on to the NtWriteFile service. When ever I am getting the data > I am checking whether the address is valid by using the API > “MmIsAddressValid” If the address is not valid I am creating an MDL and > calling the “MmGetSystemAddressForMdlSafe” function to get the system mapped > address space after this I am able to access the data but sometime after the > NtWriteFile returns the system crashes, with error DRIVER_CORRUPTED_MMPOOL. > > Can anybody throw some light on this. > > Thanks in Advance. > regards, > shivas > > > > This email (including any attachments) is intended for the sole use of the > intended recipient/s and may contain material that is CONFIDENTIAL AND > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or > distribution or forwarding of any or all of the contents in this message is > STRICTLY PROHIBITED. If you are not the intended recipient, please contact > the sender by email and delete all copies; your cooperation in this regard > is appreciated. > > > > — > You are currently subscribed to ntdev as: xxxxx@rdsor.ro > To unsubscribe send a blank email to %%email.unsub%% >
Its a bad idea to hook system services. As some one else suggested write a
filesystem filter.
–
Nar Ganapathy
Windows Core OS group
This posting is provided “AS IS” with no warranties, and confers no rights.
“Shiva_Shankar” wrote in message news:xxxxx@ntdev… > > Hi All, > I have hooked on to the NtWriteFile service. When ever I am getting the data > I am checking whether the address is valid by using the API > “MmIsAddressValid” If the address is not valid I am creating an MDL and > calling the “MmGetSystemAddressForMdlSafe” function to get the system mapped > address space after this I am able to access the data but sometime after the > NtWriteFile returns the system crashes, with error DRIVER_CORRUPTED_MMPOOL. > > Can anybody throw some light on this. > > Thanks in Advance. > regards, > shivas > > > > This email (including any attachments) is intended for the sole use of the > intended recipient/s and may contain material that is CONFIDENTIAL AND > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or > distribution or forwarding of any or all of the contents in this message is > STRICTLY PROHIBITED. If you are not the intended recipient, please contact > the sender by email and delete all copies; your cooperation in this regard > is appreciated. > > > >