Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Kernel Debugging | 9-13 Sept 2024 | Live, Online |
Developing Minifilters | 15-19 July 2024 | Live, Online |
Internals & Software Drivers | 11-15 Mar 2024 | Live, Online |
Writing WDF Drivers | 20-24 May 2024 | Live, Online |
Comments
Is it allowed using C run-times such as _snprintf() in Kernel Driver?
</quote>
Allowed by WHOM, exactly? If you use or, or if you don't, the police aren't going to come and arrest you. Can you build your driver with it? Can you install it? Then it's allowed. End of story.
That doesn't make it a good idea.
But... you already know that using this function isn't a good idea (even Walter Oney said so more than ten years ago). At best, it's considered poor programming practice, and there's no reason not to use the equivalent kernel-mode Safe String Handling functions (or, in user mode, the equivalent user-mode safe string handling function).
Soooo... you already know this. But you're still asking "Is it allowed."
Thus, my answer is, "Yes, there is nothing that prevents driver devs who want to write or support code that is prone to error and does not represent long-established best practices from using this function."
Peter
OSR
@OSRDrivers
Peter Viscarola
OSR
@OSRDrivers
I have serious reasons to ask about snprintf() using...
1. I found this _snprintf() in one old driver
2. I see it inside stack in Crash Dump which I was asked to check.
3. My opinion, this snprintf() may be suspected as reason for crash. But long history and really huge number of success working driver instances whispers me continue searching - problem is other.
There are reasons.
By the way, crash occurs in DPC.
Regards,
MG.
I think you got it right. The problem lies not with the use of unsafe function per se but with the fact that your DPC is calling a function that , apparently, may be called only at PASSIVE_LEVEL just like its safe RtlXXXX cousins. Apparently, this routine''s code is pageable so that you just hit a page fault on code. Taking into consideration the RAM size of modern computers, there is very little surprise that this bug does not reveal itself every other time you run your code....
Certainly, I am not saying that this is the only possible reason for a crash, but this bug most certainly needs to get fixed...
Anton Bassov
d
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of [email protected]
Sent: Thursday, May 24, 2018 8:16 AM
To: Windows System Software Devs Interest List <[email protected]>
Subject: RE:[ntdev] Using snprintf() inside Driver
Peter,
I have serious reasons to ask about snprintf() using...
1. I found this _snprintf() in one old driver
2. I see it inside stack in Crash Dump which I was asked to check.
3. My opinion, this snprintf() may be suspected as reason for crash. But long history and really huge number of success working driver instances whispers me continue searching - problem is other.
There are reasons.
By the way, crash occurs in DPC.
Regards,
MG.
---
NTDEV is sponsored by OSR
Visit the list online at: <https://na01.safelinks.protection.outlook.com/?url=http://www.osronline.com/showlists.cfm?list=ntdev&data=02|01|[email protected]|7e0c1089096440d1eebd08d5c1898b6a|72f988bf86f141af91ab2d7cd011db47|1|0|636627718855448143&sdata=iHQntDhL1bKFHVg+FBrRNkmbW2GwYQ77RRs0Mt+itzg=&reserved=0>
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at <https://na01.safelinks.protection.outlook.com/?url=http://www.osr.com/seminars&data=02|01|[email protected]|7e0c1089096440d1eebd08d5c1898b6a|72f988bf86f141af91ab2d7cd011db47|1|0|636627718855448143&sdata=nWajSoQkcJrMFf1riEJ6IDIORweKDKoTh7XvdKw+8X0=&reserved=0>
To unsubscribe, visit the List Server section of OSR Online at <https://na01.safelinks.protection.outlook.com/?url=http://www.osronline.com/page.cfm?name=ListServer&data=02|01|[email protected]|7e0c1089096440d1eebd08d5c1898b6a|72f988bf86f141af91ab2d7cd011db47|1|0|636627718855448143&sdata=nXjrIecq39b5rmcR730SkdHU0WCJCbhijDLDRqy1Iqk=&reserved=0>
<ironical mode>
OMG - I just imagine someone getting arrested by NTDEV police for calling unsafe function
(not using KMDF, sharing memory or otherwise getting at odds with "the best practices" of the day),
and being brought in front of "The Hanging Judge"
</ironical mode>
Anton Bassov
formatted string printing, I use:
RtlStringCchPrintfW()
On Thu, May 24, 2018 at 12:17 PM [email protected] <
[email protected]> wrote:
> >the police aren't going to come and arrest you.
>
>
>
>
> OMG - I just imagine someone getting arrested by NTDEV police for calling
> unsafe function
> (not using KMDF, sharing memory or otherwise getting at odds with "the
> best practices" of the day),
> and being brought in front of "The Hanging Judge"
>
>
>
>
>
> Anton Bassov
>
> ---
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
--
Jamey Kirby
Disrupting the establishment since 1964
*This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.*
> The question is easy: Is it allowed using C run-times such as _snprintf() in Kernel Driver?
Yes. The library libcntpr.lib contains a virtually complete
implementation of the C run-time library for kernel drivers. Just about
the only major omission is file I/O.
Note that I am not arguing that this is the BEST option, but it is
available.
Â
> Other (sub)question: Is it allowed using _snprintf() on DISPATCH_LEVEL or PASSIVE_LEVEL only?
Anything that uses Unicode requires PASSIVE_LEVEL.
--
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Tim Roberts, [email protected]
Software Wizard Emeritus
> API (xprintf, safe string functions RtlUnicodeStringXxx, etc) requires
> PASSIVE_LEVEL. If you stick to other types, dispatch level and above is
> allowed.
>
> d
Doron, even %s requires PASSIVE? (when both source and destination are non-paged of course). Looks like I'm not alone surprised....
--pa
Looks like I'm not alone surprised....
</quote>
*MY* understanding was that the IRQL PASSIVE_LEVEL restriction only applied to UNICODE. This could have changed, or I could be wrong.
Peter
OSR
@OSRDrivers
Peter Viscarola
OSR
@OSRDrivers
In those huge bureaucratic places, you cannot "modernize" something ugly or worth improvement. They have procedures. An issue must be opened, prioritized, scheduled, assigned (no, you can't just do it yourself!) only then you get permit to fix. And then - code reviews and tests. There has to be a big deal: violation of a known rule or security flaw. Else it just stays there.
Regards,
-- pa
d
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of [email protected]
Sent: Thursday, May 24, 2018 12:48 PM
To: Windows System Software Devs Interest List <[email protected]>
Subject: RE:[ntdev] Using snprintf() inside Driver
<quote>
Looks like I'm not alone surprised....
</quote>
*MY* understanding was that the IRQL PASSIVE_LEVEL restriction only applied to UNICODE. This could have changed, or I could be wrong.
Peter
OSR
@OSRDrivers
---
NTDEV is sponsored by OSR
Visit the list online at: <https://na01.safelinks.protection.outlook.com/?url=http://www.osronline.com/showlists.cfm?list=ntdev&data=02|01|[email protected]|2e168ba8200c40d35d7808d5c1af3fa9|72f988bf86f141af91ab2d7cd011db47|1|0|636627880784046961&sdata=BUy/Ht24dCNsubtCNb9GoDn7qT7EpFG5O3ogvEeG6V4=&reserved=0>
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at <https://na01.safelinks.protection.outlook.com/?url=http://www.osr.com/seminars&data=02|01|[email protected]|2e168ba8200c40d35d7808d5c1af3fa9|72f988bf86f141af91ab2d7cd011db47|1|0|636627880784046961&sdata=4EEFsjKgACwa4IDr1TtRJMmlf8UIh8d4q7+kdrff5oI=&reserved=0>
To unsubscribe, visit the List Server section of OSR Online at <https://na01.safelinks.protection.outlook.com/?url=http://www.osronline.com/page.cfm?name=ListServer&data=02|01|[email protected]|2e168ba8200c40d35d7808d5c1af3fa9|72f988bf86f141af91ab2d7cd011db47|1|0|636627880784046961&sdata=DLnaiSJamcqaF45XXeNtYaFF2eTRfD9bUBVifFe9EYc=&reserved=0>
In those huge bureaucratic places
...
Else it just stays there.
</quote>
I guess there's some logic to that. You don't what people randomly changing shit to make it more attractive.
Peter
OSR
@OSRDrivers
Peter Viscarola
OSR
@OSRDrivers
In those huge bureaucratic places, you cannot "modernize" something ugly or worth improvement. They have procedures. An issue must be opened, prioritized, scheduled, assigned (no, you can't just do it yourself!) only then you get permit to fix. And then - code reviews and tests. There has to be a big deal: violation of a known rule or security flaw. Else it just stays there.
</quote>
Well, the idea in itself is perfectly reasonable - as they say, if it ain't broke don't fix it. After all,
don't forget that writing _any_ code is potentially fraught with introducing bugs. Therefore, what is the point of taking the risk of introducing new bugs to the code that, despite its obvious shortcomings and rusty spots, works just fine ???
Anton Bassov
The libcntpr.lib will stay, narrow strings won't become UTF-8 or something else.
-- pa
I continued working for problem. (For example, I found in Dump that it's seen code segment with output_l() which called from nt!snprint() was damaged (swapped?).
I have some additional questions:
1. One of the line which return me !vm command is:
...
Free System PTEs: 4294977283 (17179909132 Kb)
******* 70592 kernel stack PTE allocations have failed ******
...
Unfortunately there is not significant information about "PTE allocations have failed" problem in Inet. But probably it was hardware problem only?
2. I try to find more information about using libcntpr.lib inside driver and way it may help. There is no information about it target using in Inet.
3. By the way, _snprintf() in the map resolved by ntoskrnl:ntoskrnl.exe:
0001:0059a8ea _snprintf 000000014059b8ea f ntoskrnl:ntoskrnl.exe
....
0003:000004d8 __imp__snprintf 00000001406184d8 ntoskrnl:ntoskrnl.exe
I try to understand way its using inside driver (in condition of control output size) may cause crash?
>
> I continued working for problem. (For example, I found in Dump that it's seen code segment with output_l() which called from nt!snprint() was damaged (swapped?).
Well, I don't think you have showed us any of the dump here, so all of us are just guessing blindly. Show us the dump analysis and the code you called, and perhaps one of us can spot the flaw.
—
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Tim Roberts, [email protected]
Software Wizard Emeritus