Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 5  
01 Sep 17 02:00
Ryu Dong Cher
xxxxxx@korea.com
Join Date: 01 Sep 2017
Posts To This List: 3
[MiniFilter]ERROR_INSUFFICIENT_BUFFER Problem

I Studying MiniFSWatcher Project(C#) - https://github.com/CenterDevice/MiniFSWatcher/tree/master/MiniFSWatcher I want to add functionality (MiniFSWatch + Scanner) - C# I have not been able to solve it for a month. I have a few problems, and I need your help. Kernel-Mode Code : #define SCANNER_READ_BUFFER_SIZE 1024 typedef struct _SCANNER_NOTIFICATION { ULONG BytesToScan; ULONG Reserved; // for quad-word alignement of the Contents structure UCHAR Contents[SCANNER_READ_BUFFER_SIZE]; } SCANNER_NOTIFICATION, *PSCANNER_NOTIFICATION; typedef struct _SCANNER_REPLY { BOOLEAN SafeToOpen; } SCANNER_REPLY, *PSCANNER_REPLY; BOOLEAN safe = TRUE; PVOID buffer = NULL; ULONG replyLength, length; PSCANNER_NOTIFICATION notification = NULL; PFLT_VOLUME volume = NULL; FLT_VOLUME_PROPERTIES volumeProps; LARGE_INTEGER offset; ULONG bytesRead; Status = FltGetVolumeFromInstance(FltObjects->Instance, &volume); if (!NT_SUCCESS(Status)) { returnStatus = FLT_PREOP_SUCCESS_WITH_CALLBACK; } Status = FltGetVolumeProperties(volume, &volumeProps, sizeof(volumeProps), &length); if (NT_ERROR(Status)) { returnStatus = FLT_PREOP_SUCCESS_WITH_CALLBACK; } length = max(SCANNER_READ_BUFFER_SIZE, volumeProps.SectorSize); buffer = FltAllocatePoolAlignedWithTag(FltObjects->Instance, NonPagedPool, length, 'nacS'); if (NULL == buffer) { Status = STATUS_INSUFFICIENT_RESOURCES; } notification = ExAllocatePoolWithTag(NonPagedPool, sizeof(SCANNER_NOTIFICATION), 'nacS'); if (NULL == notification) { Status = STATUS_INSUFFICIENT_RESOURCES; } offset.QuadPart = bytesRead = 0; //strcpy((char *)buffer, "Driver Test!"); ////notification->BytesToScan = (ULONG)bytesRead; //notification->BytesToScan = sizeof(buffer); //RtlCopyMemory(&notification->Contents, // buffer, // min(notification->BytesToScan, SCANNER_READ_BUFFER_SIZE)); RtlCopyMemory(&notification->Contents, "DriverTest", sizeof("DriverTest")); replyLength = sizeof(SCANNER_REPLY); Status = FltSendMessage(MiniFSWatcherData.Filter, &MiniFSWatcherData.ClientPort, notification, sizeof(SCANNER_NOTIFICATION), notification, &replyLength, NULL); if (STATUS_SUCCESS == Status) { safe = ((PSCANNER_REPLY)notification)->SafeToOpen; } User-Mode Code : [StructLayout(LayoutKind.Sequential)] public struct OVERLAPPED { public IntPtr Internal; public IntPtr InternalHigh; public UInt32 Offset; public UInt32 OffsetHigh; public IntPtr Pointer; public IntPtr EventHandle; }; [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] internal static extern bool GetQueuedCompletionStatus(SafePortHandle CompletionPort , out uint lpNumberOfBytesTransferred , out IntPtr lpCompletionKey , out IntPtr lpOverlapped , uint dwMilliseconds); private void ScannerWorker(IntPtr pcontext) { GCHandle gHandle = GCHandle.FromIntPtr(pcontext); _SCANNER_THREAD_CONTEXT context = (_SCANNER_THREAD_CONTEXT)gHandle.Target; NativeMethods.OVERLAPPED Ovlp = new NativeMethods.OVERLAPPED(); IntPtr pOvlp = Marshal.AllocHGlobal(Marshal.SizeOf(Ovlp)); Marshal.StructureToPtr(Ovlp, pOvlp, false); /* GetQueuedCompletionStatus ===> 122(ERROR_INSUFFICIENT_BUFFER) Confirm : string errorMessage = new Win32Exception(Marshal.GetLastWin32Error()).Message; Only False Return Why? What's wrong? */ bool result = NativeMethods.GetQueuedCompletionStatus(context.Completion, out outSize, out key, out pOvlp, 0xFFFFFFFF); /* Error 0x80070006 E_HANDLE Why? */ Marshal.FreeHGlobal(pOvlp); }
  Message 2 of 5  
01 Sep 17 02:22
Ryu Dong Cher
xxxxxx@korea.com
Join Date: 01 Sep 2017
Posts To This List: 3
[MiniFilter]ERROR_INSUFFICIENT_BUFFER Problem

Dev OS ===== Window7 x32 7601 build - test mode use VS2015 Windows Software Development Kit - Windows 10.0.15063/468 Windows Driver Kit - Windows 10.0.15063.0
  Message 3 of 5  
01 Sep 17 08:55
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 942
List Moderator
[MiniFilter]ERROR_INSUFFICIENT_BUFFER Problem

Did you start by making sure the C app provided with the sample works properly in your environment? Something is probably wrong with the way you marshaled the arguments to FilterGetMessage. Note that the user mode structures associated with the message are different from the kernel mode structures when using a Communication Port (see SCANNER_MESSAGE and SCANNER_REPLY_MESSAGE) -scott OSR @OSRDrivers wrote in message news:102968@ntfsd... Dev OS ===== Window7 x32 7601 build - test mode use VS2015 Windows Software Development Kit - Windows 10.0.15063/468 Windows Driver Kit - Windows 10.0.15063.0
  Message 4 of 5  
03 Sep 17 20:59
Ryu Dong Cher
xxxxxx@korea.com
Join Date: 01 Sep 2017
Posts To This List: 3
[MiniFilter]ERROR_INSUFFICIENT_BUFFER Problem

Thank Scott minispy c application succeeded ( Microsoft C Sample ) Marshal's problem? I know that the memory size of kernel and user mode should be the same. I thought OVERLAPPED Struct was a problem. If it's a matter of marshal, how do I fix it? For reference, outsize goes well with the kernel.
  Message 5 of 5  
12 Sep 17 10:37
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 942
List Moderator
[MiniFilter]ERROR_INSUFFICIENT_BUFFER Problem

(Sorry, was away teaching last week) The way you've described the relevant structures in C# must not match the way they're laid out by the C compiler. This is a PInvoke problem then and not a driver problem. When I've done this in the past, I've just hidden the communication port interfaces behind a PInvoke friendly C DLL. Makes life much easier in the long run. -scott OSR @OSRDrivers wrote in message news:102973@ntfsd... Thank Scott minispy c application succeeded ( Microsoft C Sample ) Marshal's problem? I know that the memory size of kernel and user mode should be the same. I thought OVERLAPPED Struct was a problem. If it's a matter of marshal, how do I fix it? For reference, outsize goes well with the kernel.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 03:08.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license