Can't send newly created IRP to lower device driver in serial filter
My Win2K/XP serial filter driver snoops on the PPP negotiation between Windows and a modem and needs to generate an IRP_MJ_WRITE request from scratch and pass it down to the lower driver. However, it seems I'm missing an important step since IoCallDriver fails.
Here's my latest code. I am getting a STATUS_UNSUCCESSFUL from IoCallDriver. I took a look at passed down IRP_MJ_WRITE requests that the driver forwards to the next lower driver and have taken a look at the related IRP and IO_STACK_LOCATION structures, hoping to find an answer to my problem. However, the structures are similar to what mine look like. The only major difference I've been seeing is in the Flags member of the IRP structure: I have seen a value of 0x40000200 on IRP_MJ_WRITE requests, which means IRP_WRITE_OPERATION (0x200) and something else that I haven't been able to track down (the 0x40000000).
I'm about to go insane with this. Top few lines just pass the current request down without doing anything with it (and it works fine). Please note that this code is all part of the master dispatch handler of my driver. Also note that pbFakeWrite has been allocated from NonPagedPool.
---cut here---
(...)
// Pass request down without additional processing
status = IoAcquireRemoveLock(&pdx->
if(!NT_SUCCESS(status))
{
ExFreePool(pbFakeWrite);
return CompleteRequest(Irp, status, 0);
}
IoSkipCurrentIrpStackLocat
status = IoCallDriver(pdx->LowerDev
IoReleaseRemoveLock(&pdx->
// my extra code to send a custom IRP_MJ_WRITE to the lower driver
if(pbFakeWrite != NULL)
{
NTSTATUS status2 = STATUS_SUCCESS;
PIRP pNewIrp = NULL;
PIO_STACK_LOCATION pStack = NULL;
LARGE_INTEGER startingOffset;
startingOffset.QuadPart = 0;
pNewIrp = IoBuildAsynchronousFsdRequ
if(pNewIrp == NULL)
{
ExFreePool(pbFakeWrite);
status2 = STATUS_INSUFFICIENT_RESOUR
return status2;
}
pNewIrp->Flags |= IRP_WRITE_OPERATION; // not sure if that is needed
status2 = IoAcquireRemoveLock(&pdx->
if(!NT_SUCCESS(status2))
{
IoFreeIrp(pNewIrp);
ExFreePool(pbFakeWrite);
return status2;
}
pStack = IoGetNextIrpStackLocation(
KdPrint(("pStack->Paramete
IoSetCompletionRoutine(pNe
status2 = IoCallDriver(pdx->LowerDev
if(!NT_SUCCESS(status2))
{
KdPrint(("IoCallDriver failed (%08X)\n", status2));
}
}
(...)
---cut here---
Here's my latest code. I am getting a STATUS_UNSUCCESSFUL from IoCallDriver. I took a look at passed down IRP_MJ_WRITE requests that the driver forwards to the next lower driver and have taken a look at the related IRP and IO_STACK_LOCATION structures, hoping to find an answer to my problem. However, the structures are similar to what mine look like. The only major difference I've been seeing is in the Flags member of the IRP structure: I have seen a value of 0x40000200 on IRP_MJ_WRITE requests, which means IRP_WRITE_OPERATION (0x200) and something else that I haven't been able to track down (the 0x40000000).
I'm about to go insane with this. Top few lines just pass the current request down without doing anything with it (and it works fine). Please note that this code is all part of the master dispatch handler of my driver. Also note that pbFakeWrite has been allocated from NonPagedPool.
---cut here---
(...)
// Pass request down without additional processing
status = IoAcquireRemoveLock(&pdx->
if(!NT_SUCCESS(status))
{
ExFreePool(pbFakeWrite);
return CompleteRequest(Irp, status, 0);
}
IoSkipCurrentIrpStackLocat
status = IoCallDriver(pdx->LowerDev
IoReleaseRemoveLock(&pdx->
// my extra code to send a custom IRP_MJ_WRITE to the lower driver
if(pbFakeWrite != NULL)
{
NTSTATUS status2 = STATUS_SUCCESS;
PIRP pNewIrp = NULL;
PIO_STACK_LOCATION pStack = NULL;
LARGE_INTEGER startingOffset;
startingOffset.QuadPart = 0;
pNewIrp = IoBuildAsynchronousFsdRequ
if(pNewIrp == NULL)
{
ExFreePool(pbFakeWrite);
status2 = STATUS_INSUFFICIENT_RESOUR
return status2;
}
pNewIrp->Flags |= IRP_WRITE_OPERATION; // not sure if that is needed
status2 = IoAcquireRemoveLock(&pdx->
if(!NT_SUCCESS(status2))
{
IoFreeIrp(pNewIrp);
ExFreePool(pbFakeWrite);
return status2;
}
pStack = IoGetNextIrpStackLocation(
KdPrint(("pStack->Paramete
IoSetCompletionRoutine(pNe
status2 = IoCallDriver(pdx->LowerDev
if(!NT_SUCCESS(status2))
{
KdPrint(("IoCallDriver failed (%08X)\n", status2));
}
}
(...)
---cut here---
jkr
What is the status code?
>>I am getting a STATUS_UNSUCCESSFUL from IoCallDriver
Disregard my last comment :o)
Disregard my last comment :o)
Extending jkr's question a little bit..
Have you checked the Status value returned in the IO_STATUS block of your new IRP after you get the error ?
There is a chance that you'll find a "better" error code there.
Btw I'm just curious, is there a specific reason why you picked IoBuildAsynchronousFsdRequ
I am not saynig there is something wrong with it.. but I used to use the "old" IoBuildDeviceIoControlRequ
ASKER
I'm at DISPATCH_LEVEL so I can't wait on an event (well, unless it's a zero wait, which kind of defeats the purpose of it all). It was suggested to me that IoBuildAsynchronousFsdRequ
As for the IO_STATUS_BLOCK, I'll take another look at it and post my findings, if any.
As for the IO_STATUS_BLOCK, I'll take another look at it and post my findings, if any.
ASKER
Just checked: the IO_STATUS_BLOCK contains the same error code (0xc0000001, STATUS_UNSUCCESSFUL) returned by IoCallDriver.
>> Just checked: the IO_STATUS_BLOCK contains the same error code (0xc0000001, STATUS_UNSUCCESSFUL) returned by IoCallDriver.
Did you pass in a valid address of an IO_STATUS_BLOCK to IoBuildAsynchronousFsdRequ
Looks like you are passing NULL instead .
>> pNewIrp = IoBuildAsynchronousFsdRequ
ASKER
I just tried it (again) and whether or not I am passing an IO_STATUS_BLOCK pointer, it doesn't make any difference.
okay.. one last thing and I quit :)
Its been a while and sorry if I'm worng.
Is it buffered IO or Direct IO ?
I guess you should use MDL's to pass a buffer to a lower layer driver if it supports DirectIO.
I am talking about your pbFakeWrite buffer.
ASKER
From what I understand, this is the main advantage of using IoBuildAsynchronousFsdRequ
ASKER
I needed to fill the FileObject member of the IRP. This seems to work now. Question can be deleted.
Hwoo!! I thought all that happens automatically when you build the irp.
Btw, how did you figure that out ?
ASKER
Everything else seems to be done automatically, but from what I was able to learn, the FileObject member is used to keep track of some kind of context data. I was just trying semi-random things and ended up noticing that mine was NULL. Since my write request needs to be seen as a system generated one, I just copied the FileObject from the last IRP_MJ_WRITE into my IRP. Now IoCallDriver no longer fails...
Interesting.. anyway.. nice that its working..
Goog luck. :)
~j
ASKER
This question can be closed, as I stumbled upon the answer myself.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.