When I use IoCallDriver with TDI_SEND, it results in ntbugcheck

I am writing a project using TDI. I am a very newbie on this topic.
After seeing a lot of blue screens, I have finally
made a connection. But When I try to actually send something
my machine crashes with a PFN_LIST_CORRUPT stop message.

Could somebody tell me what is wrong with my code (attacjhed below)??

Many Thanks!!!

Lijun

////////////////////////////////////////////////////

NTSTATUS MyTdiSend( PRAMDISK_EXTENSION pExtension )
{
KIRQL irql = KeGetCurrentIrql();
if(irql > PASSIVE_LEVEL) {
return STATUS_SUCCESS;
// Could not specify a lower IRQL!!!
//KeLowerIrql(PASSIVE_LEVEL);
}

if(!pExtension) {
return STATUS_SUCCESS;
}

// sending a message to the server on our own…
NTSTATUS ntStatus = STATUS_SUCCESS;
IO_STATUS_BLOCK IoStatusBlock;
RtlZeroMemory(&IoStatusBlock, sizeof(IoStatusBlock));

KEVENT event;
KeInitializeEvent(&event, NotificationEvent, FALSE);

PIRP pIrp = TdiBuildInternalDeviceControlIrp(
TdiBuildSend, // unused either
pExtension->TransportDevice,
pExtension->hTransportAddress, // does not matter since this is not
used at all!!!
&event, // the event…
&IoStatusBlock);
if(pIrp == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}

static PMDL mdl = NULL;
ULONG InFlags = 0;
ULONG len = 0;
static char * greetings;
static char * local_pool = “Helo This from my driver…”;
len = strlen(local_pool);
greetings = (char *)ExAllocatePool(NonPagedPool, len);
if(!greetings) {
return STATUS_INSUFFICIENT_RESOURCES;
}
mdl = IoAllocateMdl(greetings,
len,
FALSE,
FALSE,
NULL);

if(mdl == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}

RtlCopyMemory(greetings, local_pool, len);
MmBuildMdlForNonPagedPool( mdl );
TdiBuildSend(
pIrp,
pExtension->TransportDevice,
pExtension->ConnectionFile, // Endpoint file object
LLFSDSendHook, // competion routine
pExtension, // context for the complete routine
mdl, // data
TDI_SEND_NO_RESPONSE_EXPECTED, // normal TSDU
len // lenghth of data
); // transportation address

PIO_STACK_LOCATION _IRPSP = IoGetCurrentIrpStackLocation(pIrp);
_IRPSP->MajorFunction = IRP_MJ_INTERNAL_DEVICE_CONTROL;
_IRPSP->MinorFunction = TDI_SEND;
_IRPSP->DeviceObject = pExtension->DeviceObject;
_IRPSP->FileObject = pExtension->ConnectionFile;

ntStatus = IoCallDriver(pExtension->TransportDevice, pIrp);
if (ntStatus == STATUS_PENDING) {
KeWaitForSingleObject(&event, Suspended, KernelMode, FALSE, NULL);
ntStatus = IoStatusBlock.Status;
}

return ntStatus;
}


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com