Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Upcoming OSR Seminars:

Writing WDF Drivers I: Core Concepts, Nashua, NH 15-19 May, 2017
Writing WDF Drivers II: Advanced Implementation Tech., Nashua, NH 23-26 May, 2017
Kernel Debugging and Crash Analysis, Dulles, VA 26-30 June, 2017
Windows Internals & Software Driver Development, Nashua, NH 24-28 July, 2017


Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 2  
10 May 17 23:03
Rajendra Kumbhar
xxxxxx@gmail.com
Join Date: 12 Jul 2010
Posts To This List: 23
Probable bug in FltParseFilenameInformation

Hi All, We have a minifilter driver which queries file path information in Pre-Create callback. While constructing file path, we call FltParseFilenameInformation API to parse the components. Due to old MS bug, we check the parent directory sub-path in share path. But while doing this the system gets crashed. We analyzed the crash dump came to conclusion that: When call FltParseFilenameInformation API to parse this file path, length member of ParentDir is too high(-ve is have considered signed number). Have anyone come across similar kind of bug on Windows Server 2008? From crash dump analysis: 1: kd> vertarget Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible Product: Server, suite: Enterprise TerminalServer Built by: 6002.18327.x86fre.vistasp2_gdr.101014-0432 Machine Name: Kernel base = 0x8343c000 PsLoadedModuleList = 0x83553c70 1: kd> dt 0xb3497f44 _FLT_FILE_NAME_INFORMATION -b fltmgr!_FLT_FILE_NAME_INFORMATION +0x000 Size : 0n64 +0x002 NamesParsed : 0n15 +0x004 Format : 2 +0x008 Name : _UNICODE_STRING "\Device\Mup\;LanmanRedirector\;Z:0000000000126563\fs\public\" +0x000 Length : 0n120 +0x002 MaximumLength : 0n120 +0x004 Buffer : 0xb3497f88 "\Device\Mup\;LanmanRedirector\;Z:0000000000126563\fs\public\" +0x010 Volume : _UNICODE_STRING "\Device\Mup" +0x000 Length : 0n22 +0x002 MaximumLength : 0n22 +0x004 Buffer : 0xb3497f88 "\Device\Mup" +0x018 Share : _UNICODE_STRING "\;LanmanRedirector\;Z:0000000000126563\fs\public" +0x000 Length : 0n96 +0x002 MaximumLength : 0n96 +0x004 Buffer : 0xb3497f9e "\;LanmanRedirector\;Z:0000000000126563\fs\public" +0x020 Extension : _UNICODE_STRING "" +0x000 Length : 0 +0x002 MaximumLength : 0 +0x004 Buffer : (null) +0x028 Stream : _UNICODE_STRING "" +0x000 Length : 0 +0x002 MaximumLength : 0 +0x004 Buffer : (null) +0x030 FinalComponent : _UNICODE_STRING "public" +0x000 Length : 0n12 +0x002 MaximumLength : 0n12 +0x004 Buffer : 0xb3497ff2 "public" +0x038 ParentDir : _UNICODE_STRING "\" +0x000 Length : 0n65524 +0x002 MaximumLength : 0n65524 +0x004 Buffer : 0xb3497ffe "\" Length member of ParentDir is 65524 -> (-12) which is length of FinalComponent. Thanks, Rajendra.
  Message 2 of 2  
13 May 17 03:34
Petr Kurtin
xxxxxx@avast.com
Join Date: 25 Sep 2008
Posts To This List: 173
Probable bug in FltParseFilenameInformation

I know about two bugs related to ParentDir member (post-create): 1. There's a bug on Win7 x86/x64 if you open a file with FILE_OPEN_BY_FILE_ID (you can check Data->Iopb->Parameters.Create.Options). In this case, ParentDir is bogus and you should clear this variable. 2. XP bug when Share member is included in ParentDir (http://www.osronline.com/showThread.cfm?link=100426). In this case you need to repair ParentDir manually (using Share member)
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 22:48.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license