OSR Developer Community

ZwReadFile returning STATUS_END_OF_FILE

Rob_Linegar October 4, 2000, 12:43pm 1

Hi,

In my driver I have a timer which gets initialised in DriverEntry.
In a worker item queued by this timer I try to open and read from a file.

Using ZwCreateFile I can open the file successfully.

ntStatus = ZwCreateFile( &hFile,
FILE_READ_DATA | FILE_WRITE_DATA,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_WRITE_THROUGH |
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0 );

After the file is opened I do the following to get a file object from the
file handle.

ntStatus = ObReferenceObjectByHandle( hFile, 0, NULL, KernelMode,
&pFileObject, NULL );

If the file doesn’t exist ( IoStatusBlock.Information == FILE_CREATED ).
I can then write to the file successfully.

Generic read/write functions are used to access the file and they both do
the following
to ensure a valid handle.

ntStatus = ObOpenObjectByPointer( pFileObject,
0,
NULL,
FILE_READ_DATA |
FILE_WRITE_DATA,
NULL,
KernelMode ,
&hFile );

However if the file did exist I try to read in the contents of the file
(about 20 bytes).
The file will always be a minimum of HEADER_STRUCTURE bytes in length .

ULONG dwLength;
LARGE_INTEGER li;
HEADER_STRUCTURE HeaderStructure;

li.QuadPart = 0; // read from offset 0
dwLength = sizeof( HEADER_STRUCTURE ); // about 20 bytes

ntStatus = ZwReadFile( hFile, NULL, NULL, NULL, &IoStatusBlock,
&HeaderStructure, dwLength, &li, NULL );
ZwClose(hFile)

ZwReadFile returns STATUS_END_OF_FILE. Neither the data buffer or the
IoStatusBlock are changed.

Why isn’t this isn’t working?

Rob Linegar
Software Engineer
Data Encryption Systems Limited

OSR_Community_User October 4, 2000, 1:13pm 2

Rob,

Why do you expect there to be any data in the file after you open it?

I ask because you specify FILE_OVERWRITE_IF, which indicates that if the
file DOES exist, you wish to have its contents discarded. Perhaps you would
prefer FILE_OPEN_IF which would preserve the contents if the file DOES
exist, and create a new file if it does NOT exist.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Rob Linegar [mailto:xxxxx@des.co.uk]
Sent: Wednesday, October 04, 2000 12:41 PM
To: File Systems Developers
Subject: [ntfsd] ZwReadFile returning STATUS_END_OF_FILE

Hi,

In my driver I have a timer which gets initialised in DriverEntry.
In a worker item queued by this timer I try to open and read from a file.

Using ZwCreateFile I can open the file successfully.

ntStatus = ZwCreateFile( &hFile,
FILE_READ_DATA | FILE_WRITE_DATA,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_WRITE_THROUGH |
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0 );

After the file is opened I do the following to get a file object from the
file handle.

ntStatus = ObReferenceObjectByHandle( hFile, 0, NULL, KernelMode,
&pFileObject, NULL );

If the file doesn’t exist ( IoStatusBlock.Information == FILE_CREATED ).
I can then write to the file successfully.

Generic read/write functions are used to access the file and they both do
the following
to ensure a valid handle.

ntStatus = ObOpenObjectByPointer( pFileObject,
0,
NULL,
FILE_READ_DATA |
FILE_WRITE_DATA,
NULL,
KernelMode ,
&hFile );

However if the file did exist I try to read in the contents of the file
(about 20 bytes).
The file will always be a minimum of HEADER_STRUCTURE bytes in length .

ULONG dwLength;
LARGE_INTEGER li;
HEADER_STRUCTURE HeaderStructure;

li.QuadPart = 0; // read from offset 0
dwLength = sizeof( HEADER_STRUCTURE ); // about 20 bytes

ntStatus = ZwReadFile( hFile, NULL, NULL, NULL, &IoStatusBlock,
&HeaderStructure, dwLength, &li, NULL );
ZwClose(hFile)

ZwReadFile returns STATUS_END_OF_FILE. Neither the data buffer or the
IoStatusBlock are changed.

Why isn’t this isn’t working?

Rob Linegar
Software Engineer
Data Encryption Systems Limited

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Rob_Linegar October 5, 2000, 4:22am 3

One word… “Doh!”
My test machine has now been named in tony’s honour.

-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: 04 October 2000 18:09
To: File Systems Developers
Subject: [ntfsd] RE: ZwReadFile returning STATUS_END_OF_FILE

Rob,

Why do you expect there to be any data in the file after you open it?

I ask because you specify FILE_OVERWRITE_IF, which indicates
that if the
file DOES exist, you wish to have its contents discarded.
Perhaps you would
prefer FILE_OPEN_IF which would preserve the contents if the file DOES
exist, and create a new file if it does NOT exist.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Rob Linegar [mailto:xxxxx@des.co.uk]
Sent: Wednesday, October 04, 2000 12:41 PM
To: File Systems Developers
Subject: [ntfsd] ZwReadFile returning STATUS_END_OF_FILE

Hi,

In my driver I have a timer which gets initialised in DriverEntry.
In a worker item queued by this timer I try to open and read
from a file.

Using ZwCreateFile I can open the file successfully.

ntStatus = ZwCreateFile( &hFile,
FILE_READ_DATA |
FILE_WRITE_DATA,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_WRITE_THROUGH |
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0 );

After the file is opened I do the following to get a file
object from the
file handle.

ntStatus = ObReferenceObjectByHandle( hFile, 0, NULL, KernelMode,
&pFileObject, NULL );

If the file doesn’t exist ( IoStatusBlock.Information ==
FILE_CREATED ).
I can then write to the file successfully.

Generic read/write functions are used to access the file and
they both do
the following
to ensure a valid handle.

ntStatus = ObOpenObjectByPointer( pFileObject,
0,
NULL,
FILE_READ_DATA |
FILE_WRITE_DATA,
NULL,
KernelMode ,
&hFile );

However if the file did exist I try to read in the contents
of the file
(about 20 bytes).
The file will always be a minimum of HEADER_STRUCTURE bytes
in length .

ULONG dwLength;
LARGE_INTEGER li;
HEADER_STRUCTURE HeaderStructure;

li.QuadPart = 0; // read from offset 0
dwLength = sizeof( HEADER_STRUCTURE ); // about 20 bytes

ntStatus = ZwReadFile( hFile, NULL, NULL, NULL, &IoStatusBlock,
&HeaderStructure, dwLength, &li, NULL );
ZwClose(hFile)

ZwReadFile returns STATUS_END_OF_FILE. Neither the data buffer or the
IoStatusBlock are changed.

Why isn’t this isn’t working?

Rob Linegar
Software Engineer
Data Encryption Systems Limited

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

You are currently subscribed to ntfsd as: xxxxx@des.co.uk
To unsubscribe send a blank email to $subst(‘Email.Unsub’)