Why ALWAYS return STATUS_INVALID_PARAMETER when ZwCreateFile?

OSR_Community_User · June 9, 2008, 11:33pm

I’m doing sth in sfilter. I just added sth on the sample of DDK, sfilter.
Now I faced the problem: When I used ZwCreateFile, the function always
return 0xC000000D, which is STATUS_INVALID_PARAMETER. No matter where I put
the source, at the beginning of the DriverEntry, or in other .c file, it’s
the same result.

The source is below:

HANDLE hFileHandle;
NTSTATUS ntStatus;
UNICODE_STRING uszFileName;
OBJECT_ATTRIBUTES objAttributes;
IO_STATUS_BLOCK isbCreateReadStatus;

if(KeGetCurrentIrql() >= DISPATCH_LEVEL)
return STATUS_UNSUCCESSFUL;
RtlInitUnicodeString(&uszFileName,
pFilePath);
InitializeObjectAttributes(&objAttributes,
&uszFileName,
OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
NULL,
NULL);
ntStatus = ZwCreateFile(&hFileHandle,
SYNCHRONIZE|FILE_READ_DATA,
&objAttributes,
&isbCreateReadStatus,
NULL,
0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE,
NULL,
0); // always return STATUS_INVALID_PARAMETER
if(!NT_SUCCESS(ntStatus))
{
KdPrint((“KmdReadWholeFile: Failed to open %ws. Error Code:
0x%xL\n”, pFilePath, ntStatus));
return ntStatus;
}

pFilePath is: L"\??\c:\windows\system32\pro.dat"

Please help me… Thank you…

Doron_Holan · June 10, 2008, 12:12am

Is your driver a boot start driver? I would guess that you are referencing c:\ too early in the boot process, instead try L"\systemroot\system32\pro.dat"

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of cxun
Sent: Monday, June 09, 2008 8:33 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when ZwCreateFile?

I’m doing sth in sfilter. I just added sth on the sample of DDK, sfilter.
Now I faced the problem: When I used ZwCreateFile, the function always
return 0xC000000D, which is STATUS_INVALID_PARAMETER. No matter where I put
the source, at the beginning of the DriverEntry, or in other .c file, it’s
the same result.

The source is below:

HANDLE hFileHandle;
NTSTATUS ntStatus;
UNICODE_STRING uszFileName;
OBJECT_ATTRIBUTES objAttributes;
IO_STATUS_BLOCK isbCreateReadStatus;

if(KeGetCurrentIrql() >= DISPATCH_LEVEL)
return STATUS_UNSUCCESSFUL;
RtlInitUnicodeString(&uszFileName,
pFilePath);
InitializeObjectAttributes(&objAttributes,
&uszFileName,
OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
NULL,
NULL);
ntStatus = ZwCreateFile(&hFileHandle,
SYNCHRONIZE|FILE_READ_DATA,
&objAttributes,
&isbCreateReadStatus,
NULL,
0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE,
NULL,
0); // always return STATUS_INVALID_PARAMETER
if(!NT_SUCCESS(ntStatus))
{
KdPrint((“KmdReadWholeFile: Failed to open %ws. Error Code:
0x%xL\n”, pFilePath, ntStatus));
return ntStatus;
}

pFilePath is: L"\??\c:\windows\system32\pro.dat"

Please help me… Thank you…

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · June 10, 2008, 12:25am

Thanks very much for your advice. But now the return value is: 0xC000003AL,
which is STATUS_OBJECT_PATH_NOT_FOUND.
But the path do exist. This: L"\??\systemroot\system32\pro.dat"

From: “Doron Holan”
Sent: Tuesday, June 10, 2008 12:09 PM
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
ZwCreateFile?

> Is your driver a boot start driver? I would guess that you are
> referencing c:\ too early in the boot process, instead try
> L"\systemroot\system32\pro.dat"
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of cxun
> Sent: Monday, June 09, 2008 8:33 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
> ZwCreateFile?
>
> I’m doing sth in sfilter. I just added sth on the sample of DDK, sfilter.
> Now I faced the problem: When I used ZwCreateFile, the function always
> return 0xC000000D, which is STATUS_INVALID_PARAMETER. No matter where I
> put
> the source, at the beginning of the DriverEntry, or in other .c file, it’s
> the same result.
>
> The source is below:
>
> HANDLE hFileHandle;
> NTSTATUS ntStatus;
> UNICODE_STRING uszFileName;
> OBJECT_ATTRIBUTES objAttributes;
> IO_STATUS_BLOCK isbCreateReadStatus;
>
> if(KeGetCurrentIrql() >= DISPATCH_LEVEL)
> return STATUS_UNSUCCESSFUL;
> RtlInitUnicodeString(&uszFileName,
> pFilePath);
> InitializeObjectAttributes(&objAttributes,
> &uszFileName,
> OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
> NULL,
> NULL);
> ntStatus = ZwCreateFile(&hFileHandle,
> SYNCHRONIZE|FILE_READ_DATA,
> &objAttributes,
> &isbCreateReadStatus,
> NULL,
> 0,
> FILE_SHARE_READ|FILE_SHARE_WRITE,
> FILE_OPEN,
>
> FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE,
> NULL,
> 0); // always return STATUS_INVALID_PARAMETER
> if(!NT_SUCCESS(ntStatus))
> {
> KdPrint((“KmdReadWholeFile: Failed to open %ws. Error Code:
> 0x%xL\n”, pFilePath, ntStatus));
> return ntStatus;
> }
>
> pFilePath is: L"\??\c:\windows\system32\pro.dat"
>
> Please help me… Thank you…
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

anton_bassov · June 10, 2008, 1:31am

Why do you post the same question on both NTDEV and NTFSD forums??? Do you really think it is more efficient to do things this way???

Anton Bassov

OSR_Community_User · June 10, 2008, 2:06am

I’m sorry. I hope this won’t bring you too much trouble.

From:
Sent: Tuesday, June 10, 2008 1:31 PM
To: “Windows System Software Devs Interest List”
Subject: RE:[ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
ZwCreateFile?

> Why do you post the same question on both NTDEV and NTFSD forums??? Do you
> really think it is more efficient to do things this way???
>
> Anton Bassov
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

OSR_Community_User · June 10, 2008, 2:55am

Well even I can see that’s not the path Doran suggested…

Alan

“cxun” wrote in message news:xxxxx@ntdev…
> Thanks very much for your advice. But now the return value is:
> 0xC000003AL, which is STATUS_OBJECT_PATH_NOT_FOUND.
> But the path do exist. This: L"\??\systemroot\system32\pro.dat"
>
> --------------------------------------------------
> From: “Doron Holan”
> Sent: Tuesday, June 10, 2008 12:09 PM
> To: “Windows System Software Devs Interest List”
> Subject: RE: [ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
> ZwCreateFile?
>
>> Is your driver a boot start driver? I would guess that you are
>> referencing c:\ too early in the boot process, instead try
>> L"\systemroot\system32\pro.dat"
>>
>> d
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of cxun
>> Sent: Monday, June 09, 2008 8:33 PM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
>> ZwCreateFile?
>>
>> I’m doing sth in sfilter. I just added sth on the sample of DDK, sfilter.
>> Now I faced the problem: When I used ZwCreateFile, the function always
>> return 0xC000000D, which is STATUS_INVALID_PARAMETER. No matter where I
>> put
>> the source, at the beginning of the DriverEntry, or in other .c file,
>> it’s
>> the same result.
>>
>> The source is below:
>>
>> HANDLE hFileHandle;
>> NTSTATUS ntStatus;
>> UNICODE_STRING uszFileName;
>> OBJECT_ATTRIBUTES objAttributes;
>> IO_STATUS_BLOCK isbCreateReadStatus;
>>
>> if(KeGetCurrentIrql() >= DISPATCH_LEVEL)
>> return STATUS_UNSUCCESSFUL;
>> RtlInitUnicodeString(&uszFileName,
>> pFilePath);
>> InitializeObjectAttributes(&objAttributes,
>> &uszFileName,
>> OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
>> NULL,
>> NULL);
>> ntStatus = ZwCreateFile(&hFileHandle,
>> SYNCHRONIZE|FILE_READ_DATA,
>> &objAttributes,
>> &isbCreateReadStatus,
>> NULL,
>> 0,
>> FILE_SHARE_READ|FILE_SHARE_WRITE,
>> FILE_OPEN,
>>
>> FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE,
>> NULL,
>> 0); // always return STATUS_INVALID_PARAMETER
>> if(!NT_SUCCESS(ntStatus))
>> {
>> KdPrint((“KmdReadWholeFile: Failed to open %ws. Error Code:
>> 0x%xL\n”, pFilePath, ntStatus));
>> return ntStatus;
>> }
>>
>> pFilePath is: L"\??\c:\windows\system32\pro.dat"
>>
>> Please help me… Thank you…
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>

OSR_Community_User · June 10, 2008, 2:55am

Cross posting is against the rules - the rules you agreed to follow when you joined the lists. Flaunting those roles and then being rude about it to other members of the list is not likely to make you any friends here.

Doron’s suggestion was a good one, but you didn’t follow it - you changed the name and then found it failed. Why don’t you try writing a user mode application and get it working right FIRST and then when you have it working in user mode, move it to kernel mode.

And choose to post in only one forum.

Tony
OSR

OSR_Community_User · June 10, 2008, 3:58am

I’m so sorry. I didn’t know cross posting is against the rules. I’m new here
and I promise I’ll follow the rule from now on. Thank you and thank Doron.

I’ll try it on user mode later.

Thanks again.

cxun

From:
Sent: Tuesday, June 10, 2008 2:55 PM
To: “Windows System Software Devs Interest List”
Subject: RE:[ntdev] Why ALWAYS return STATUS_INVALID_PARAMETER when
ZwCreateFile?

> Cross posting is against the rules - the rules you agreed to follow when
> you joined the lists. Flaunting those roles and then being rude about it
> to other members of the list is not likely to make you any friends here.
>
> Doron’s suggestion was a good one, but you didn’t follow it - you changed
> the name and then found it failed. Why don’t you try writing a user mode
> application and get it working right FIRST and then when you have it
> working in user mode, move it to kernel mode.
>
> And choose to post in only one forum.
>
> Tony
> OSR
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>