NO_MORE_IRP_STACK_LOCATIONS in minifiter when call IoCallDriver

i used this function many time inorder detect USB bus

it work very well in Disk filter and legacy file system filter driver

but i cant use it in minifilter

BSOD with NO_MORE_IRP_STACK_LOCATIONS code
in status = IoCallDriver (DiskDeviceObject, NewIrp);

NTSTATUS QueryDeviceType(PDEVICE_OBJECT DiskDeviceObject, BOOLEAN *IsUSBVolume)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
KEVENT WaitEvent;
STORAGE_PROPERTY_QUERY propQuery;
PIRP NewIrp;
CHAR buf[1024];
PSTORAGE_DEVICE_DESCRIPTOR pDevDesc;
IO_STATUS_BLOCK IoStatus;

pDevDesc = (PSTORAGE_DEVICE_DESCRIPTOR) buf;

PAGED_CODE ();

propQuery.PropertyId = StorageDeviceProperty;
propQuery.QueryType = PropertyStandardQuery;

KeInitializeEvent ( &WaitEvent, NotificationEvent, FALSE );

NewIrp = IoBuildDeviceIoControlRequest (
IOCTL_STORAGE_QUERY_PROPERTY, DiskDeviceObject,

&propQuery, sizeof(propQuery),
buf,1024 ,

FALSE, & WaitEvent, & IoStatus);

if (NULL == NewIrp) // cant create new irp
{
DbgPrint (“BusTypeUnknown \n”);
return status;
}
status = IoCallDriver (DiskDeviceObject, NewIrp);
if (status == STATUS_PENDING)
{
status = KeWaitForSingleObject (& WaitEvent, Executive, KernelMode, FALSE, NULL);
status = IoStatus.Status;
}
if (! NT_SUCCESS (status))
{
DbgPrint (“BusTypeUnknown \n”);
return status;
}
pDevDesc = (PSTORAGE_DEVICE_DESCRIPTOR) buf;
if (pDevDesc-> BusType == BusTypeUsb)
{
DbgPrint ("GetStorageDeviceBusType ");

* IsUSBVolume = TRUE;
}

return status;
}

usage :

this function is InstanceSetupCallback and i need minifilter attach to usb bus only
NTSTATUS
PtInstanceSetup (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_SETUP_FLAGS Flags,
__in DEVICE_TYPE VolumeDeviceType,
__in FLT_FILESYSTEM_TYPE VolumeFilesystemType
)
{
BOOLEAN IsUSB=FALSE;
NTSTATUS Status;
PDEVICE_OBJECT DiskDeviceObject;

UNREFERENCED_PARAMETER( Flags );
UNREFERENCED_PARAMETER( VolumeDeviceType );
UNREFERENCED_PARAMETER( VolumeFilesystemType );
PAGED_CODE();
//TODO: Make sure you contemplate removing it

Status=FltGetDiskDeviceObject(FltObjects->Volume,&DiskDeviceObject);
if(NT_SUCCESS(Status))
return STATUS_FLT_DO_NOT_ATTACH;

if(DiskDeviceObject==NULL)
{
DbgPrint(“NUll\r\n”);
return STATUS_FLT_DO_NOT_ATTACH;
}

QueryDeviceType(DiskDeviceObject,&IsUSB);
if(!IsUSB) // Don’t attach and monitor
{
ObDereferenceObject(DiskDeviceObject);
DbgPrint(“is not usb \r\n”);
// return STATUS_FLT_DO_NOT_ATTACH;
}
ObDereferenceObject(DiskDeviceObject);
return STATUS_SUCCESS;
}

what is my problem ?
regard

>Status=FltGetDiskDeviceObject(FltObjects->Volume,&DiskDeviceObject);

if(NT_SUCCESS(Status))
return STATUS_FLT_DO_NOT_ATTACH;
…
QueryDeviceType(DiskDeviceObject,&IsUSB);

You’re calling your query function, in case FltGetDiskDeviceObject *fails*.
The device object pointer probably contains garbage.

this is stupid bug in my code

if(NT_SUCCESS(Status))
return STATUS_FLT_DO_NOT_ATTACH;