ZwCreateSection returns STATUS_INVALID_USER_BUFFER

NTFSD
1

On rare occasion when I call ZwCreateSection it returns
STATUS_INVALID_USER_BUFFER. Since no buffer is actually passed, except
&hSection which is a local variable, I am perplexed as to what the
problem could be.

In this case my service process is passing the driver an open File
Object (pFileObject), I call ObOpenObjectByPointer to get a handle into
“KernelHandle” that is passed to ZwCreateSection. The file in question
is a .pst file which is open so I’m mapping it so I can read locked
data. This normally works, so why in some cases does it not?

Below is the code.

Thanks,

Ken

status = ObOpenObjectByPointer(

pFileObject, //IN
PVOID Object,

OBJ_KERNEL_HANDLE, //IN ULONG
HandleAttributes,

NULL, //IN
PACCESS_STATE PassedAccessState OPTIONAL,

0,
//IN ACCESS_MASK DesiredAccess,

*IoFileObjectType, //IN
POBJECT_TYPE ObjectType,

KernelMode, //IN
KPROCESSOR_MODE AccessMode,

&KernelHandle //OUT
PHANDLE Handle

);

if (NT_SUCCESS(status))

{

status = ZwCreateSection(

&hSection, //OUT
PHANDLE SectionHandle,

SECTION_MAP_READ,
//SECTION_ALL_ACCESS, // IN ACCESS_MASK DesiredAccess,

NULL, //
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,

NULL, //IN
PLARGE_INTEGER MaximumSize OPTIONAL,

PAGE_READONLY, //IN ULONG
SectionPageProtection,

SEC_COMMIT, //IN ULONG
AllocationAttributes,

KernelHandle //IN
HANDLE FileHandle OPTIONAL

);

2

you have no access to the file.

3

The file is already opened and we do this all the time for files opened
exclusively, we do the mapping when the file is byte range locked and
normally this works, but not for this file for some reason.

How can I get the access I need?
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, October 25, 2007 5:33 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

you have no access to the file.

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

Could you be overlapping a byte-range lock?

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@emc.com
Sent: Thursday, October 25, 2007 10:25 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

The file is already opened and we do this all the time for files opened
exclusively, we do the mapping when the file is byte range locked and
normally this works, but not for this file for some reason.

How can I get the access I need?
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, October 25, 2007 5:33 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

you have no access to the file.

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

Well that is the whole point, since it is byte range locked I was told
by Microsoft that mapping the file was a way to get around the byte
range locking. And normally it works, but apparently not always.
Note that it is failing on the ZwCreateSection, which is BEFORE I
actually map the section to a part of the file. The mapping is when I’d
expect to get a conflict, but previously have not seen this as a
problem.

Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@emc.com
Sent: Thursday, October 25, 2007 12:04 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

Could you be overlapping a byte-range lock?

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@emc.com
Sent: Thursday, October 25, 2007 10:25 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

The file is already opened and we do this all the time for files opened
exclusively, we do the mapping when the file is byte range locked and
normally this works, but not for this file for some reason.

How can I get the access I need?
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, October 25, 2007 5:33 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

you have no access to the file.

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

Ken,

The assumption you are making is that it is YOUR invalid user buffer. It is equally possible that something else in the system is passing in an invalid user buffer (a NULL pointer dereference might do this, for example.)

If you can observe this behavior on a system that you control, my advice is to build a special version of the driver that, when it obtains this error, breakpoints and then issues the call again. That way you can walk through the code and find the cause of the invalid user buffer. I’d also watch the exceptions that are raised, since my guess is that this is getting trapped inside MM by the exception handler and being converted from STATUS_ACCESS_VIOLATION into STATUS_INVALID_USER_BUFFER.

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

7

Tony,
Very interesting. I wish I could do what you say. Unfortunately this is
happening at a customers site. Any others ideas?
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, October 25, 2007 1:16 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

Ken,

The assumption you are making is that it is YOUR invalid user buffer.
It is equally possible that something else in the system is passing in
an invalid user buffer (a NULL pointer dereference might do this, for
example.)

If you can observe this behavior on a system that you control, my advice
is to build a special version of the driver that, when it obtains this
error, breakpoints and then issues the call again. That way you can
walk through the code and find the cause of the invalid user buffer.
I’d also watch the exceptions that are raised, since my guess is that
this is getting trapped inside MM by the exception handler and being
converted from STATUS_ACCESS_VIOLATION into STATUS_INVALID_USER_BUFFER.

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

8

Turns out the file was on a network path.
So much for detailed error reporting.
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@emc.com
Sent: Monday, October 29, 2007 6:18 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

Tony,
Very interesting. I wish I could do what you say. Unfortunately this is
happening at a customers site. Any others ideas?
Thanks,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, October 25, 2007 1:16 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] ZwCreateSection returns STATUS_INVALID_USER_BUFFER

Ken,

The assumption you are making is that it is YOUR invalid user buffer.
It is equally possible that something else in the system is passing in
an invalid user buffer (a NULL pointer dereference might do this, for
example.)

If you can observe this behavior on a system that you control, my advice
is to build a special version of the driver that, when it obtains this
error, breakpoints and then issues the call again. That way you can
walk through the code and find the cause of the invalid user buffer.
I’d also watch the exceptions that are raised, since my guess is that
this is getting trapped inside MM by the exception handler and being
converted from STATUS_ACCESS_VIOLATION into STATUS_INVALID_USER_BUFFER.

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com