Hi All,
I am experiencing a problem with Symantec “Norton Internet Security 2003”
when our filter is in the stack, actually even if our driver is not in the
stack it bugchecks with:
a) Other active filter drivers
b) Checked build
c) Driver Verifier
The problem seems to emanate from SYMTDI.SYS. If I look through the stack
dump everything seems to stem from there. The problem is that ZwCreateFile
is being called at DISPATCH_LEVEL and I have an assert in my IRP_MJ_CREATE
handler to let me know (while debugging) if we are being called illegally.
Interestingly it is only a problem with the firewall component, it doesn’t
seem to cause a problem with just the AV component.
According to the DDK documentation ZwCreateFile should only be called at
PASSIVE_LEVEL, so I consider the calling of ZwCreateFile by this component
to be in violation of a pretty fundamental OS requirement.
Has anyone else experienced this problem?
Regards
Ben Curley
Data Encryption Systems Ltd.
Email: xxxxx@des.co.uk
Web: http://www.deslock.com