I have a function that determines processname from the process id inside
a tdi driver. The code seems to get the process name correctly in most
cases, but the problem is that after this function is called ‘n’ times,
my system blue screens with the 7e error. The blue screen appears to
happen at random times, and does not depend on running any particular
process. The entire code snippet is given below. Can someone give me
pointers as to what could be going wrong?
Some issues are:
- I had to hard code the definitions of system structures used by
ZwQuerySystemInformation. - There is a for(;
which I’m not sure is a good idea inside tdi
code.
I got the original function from
http://www.alexfedotov.com/samples/threads.asp
Regards,
-Charu
#define MIN(a,b) ((a) > (b) ? (b) : (a))
/* Function to determine current process name in the kernel */
int MyTdi_GetCurrentProcessName(char *ProcessName)
{
ULONG cbBuffer = 0x10000; // declare initial size of buffer
- 64
NTSTATUS Status;
PSYSTEM_PROCESS_INFORMATION pInfo;
KIRQL irql;
int ret = FALSE;
__try {
ULONG pid = (ULONG)PsGetCurrentProcessId();
DbgPrint(“MyTdi_GetCurrentProcessName\r\n”);
KeAcquireSpinLock(&ns_getprocname_lock, &irql);
do
{
if(!gBuffer)
gBuffer = ExAllocatePool
(NonPagedPool, cbBuffer); //allocate memory for the buffer of size
cbBuffer
if (gBuffer == NULL) // if memory allocation
failed, exit
{
DbgPrint(“MyTdi_GetCurrentProcessName: no memory\r\n”);
goto done;
}
// try to obtain system information into the
buffer
Status = ZwQuerySystemInformation(
SystemProcessesAndThreadsInformation, gBuffer, cbBuffer, NULL);
// if the size of the information is larger than
the size of the buffer
if (Status == STATUS_INFO_LENGTH_MISMATCH)
{
ExFreePool(gBuffer); // free the
memory associated with the buffer
gBuffer = NULL;
cbBuffer *= 2; // and increase
buffer size twice its original size
DbgPrint(“MyTdi_GetCurrentProcessName: realloc 0x%x\r\n”, cbBuffer);
}
else if (!NT_SUCCESS(Status)) // if operation is
not succeeded by any other reason
{
DbgPrint(“MyTdi_GetCurrentProcessName: zwqsi err 0x%x\r\n”, Status);
goto done;
}
}
while (Status == STATUS_INFO_LENGTH_MISMATCH);
pInfo = (PSYSTEM_PROCESS_INFORMATION)gBuffer;
for (; // forever do
{
PWSTR pszProcessName;
int len = 0;
short size = 0;
if (!pInfo) {
DbgPrint(“No more pInfo\r\n”);
break;
}
if (pInfo->ProcessId == pid) // check its
process ID against the pid we are looking for
{ // if they matched
// Check if name exists
if (!pInfo->ProcessName.Length ||
!pInfo->ProcessName.Buffer) {
// if no name available
DbgPrint(“No name found,
using default\r\n”);
strcpy(ProcessName,
“idle”); // set it to something
break;
}
// convert wide character string
“pszProcessName” to character string “ProcessName”
pszProcessName =
pInfo->ProcessName.Buffer; // assign a process name to a new variable
size = pInfo->ProcessName.Length /
2;
DbgPrint(“Before wcstombs, Buf 0x%x,
length %d\r\n”, pszProcessName, size);
len =
wcstombs(ProcessName,pszProcessName,MIN(MAX_PATH,pInfo->ProcessName.Leng
th));
DbgPrint(“After wcstombs %d\r\n”,
len);
if((len > 0) && (len < MAX_PATH)) {
ProcessName[len] = 0;
ret = TRUE;
}
else {
DbgPrint(“wcstombs
failed %d\r\n”, len);
ProcessName[0] = 0;
}
break; // exit the loop
}
if (pInfo->NextEntryDelta == 0) // if there are
no other entries in pInfo
break; // exit the loop
// if we are still in the loop, current entry
does not contain
// the process we are looking for, but there is
at least one more entry in pInfo
pInfo =
(PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)pInfo)+ pInfo->NextEntryDelta);
// obtain that new entry
}
done:
KeReleaseSpinLock(&ns_getprocname_lock, irql);
DbgPrint(“MyTdi_GetCurrentProcessName: ret %d\r\n”, ret);
return ret; // and exit
}
__except(1) {
DbgPrint(“MyTdi_GetCurrentProcessName
EXCEPTION!!!\r\n”);
return FALSE;
}
return FALSE;
}
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Wednesday, December 07, 2005 12:16 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Printer Warning Dialogbox
If I use the ICopyHook COM extension in the windows Shell to tap all
copy, move, rename etc operations in the Windows explorer, and set the
CopyCallBack function to notify me of these events, then will this
callback be triggered if I copy/move/rename any file from the command
prompt program cmd.exe. Or do I have to hook somewhere else for tapping
those?
— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a
blank email to xxxxx@lists.osr.com