Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
10 Aug 17 10:24
Sivaller
xxxxxx@gmail.com
Join Date: 13 Jul 2017
Posts To This List: 28
Bug about IRP Mount disk

Hello , I Finded a bug a kernel windows (Windows 10). Which bug ? I'am two device _disk rawsystem _disk filesystem When i mount a disk filesystem ,the irp IRP_MN_MOUNT_VOLUME is called (sended into my driver disk filesystem) if i haven't mount a disk rawsystem , and i create a disk filesystem and i return NTSTATUS STATUS_SUCESS When i mount a disk rawsystem (since driver disk rawsystem) the irp IRP_MN_MOUNT_VOLUME is called into driver disk filesystem then i return NTSTATUS STATUS_UNRECOGNIZED_VOLUME. It's a problem : IRP_MN_MOUNT_VOLUME is never will called in my device disk filesystem !! I'am since time 6 hours ! I can not attach all the source code. If you need an extra ... I joint party sourcecode : DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING theRegistryPath) { UNICODE_STRING name, linkname; NTSTATUS status; PDEVICE_EXTENSION_MOTHER h; PFAST_IO_DISPATCH fastIoDispatch; #ifdef FILESYSD FS_FILTER_CALLBACKS FilterCallbacks; #endif KdPrintf(("DriverEntry Begin\n")); RtlZeroMemory(&DiskGlobal, sizeof(DiskGlobal)); RtlInitUnicodeString(&name, namedriver); status = IoCreateDevice(DriverObject, sizeof (DEVICE_EXTENSION_MOTHER), &name, FILE_DEVICE_VFUMS, 0, FALSE, // exclusive! &g_devcontrol); if (status != STATUS_SUCCESS) { KdPrintf(("[VFUM] DriverEntry: IoCreateDevice: 0x%x!\n", status)); goto done; } #ifdef FILESYSD status = VDFSCreateGlobalDiskDevice(DriverObject, &DiskGlobal); if ((!NT_SUCCESS(status))) { KdPrintf(("Initialization Failed Disk Volume\n")); IoDeleteDevice(g_devcontrol); goto done; } #endif //ZeroMemory(g_devcontrol,sizeof (DEVICE_EXTENSION_MOTHER)); memset(g_devcontrol->DeviceExtension,0,sizeof (DEVICE_EXTENSION_MOTHER)); h=gm(); ExInitializeResourceLite(&h->ResourceCD); ExInitializeResourceLite(&h->resservice); InitializeListHead(&h->ListSendService); // // Initialize the driver object with this driver's entry points. // DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverObject->MajorFunction[IRP_MJ_READ] = DriverObject->MajorFunction[IRP_MJ_WRITE] = DriverObject->MajorFunction[IRP_MJ_QUERY_INFORMATION] = DriverObject->MajorFunction[IRP_MJ_SET_INFORMATION] = DriverObject->MajorFunction[IRP_MJ_QUERY_EA] = DriverObject->MajorFunction[IRP_MJ_SET_EA] = DriverObject->MajorFunction[IRP_MJ_FLUSH_BUFFERS] = DriverObject->MajorFunction[IRP_MJ_QUERY_VOLUME_INFORMATION] = DriverObject->MajorFunction[IRP_MJ_SET_VOLUME_INFORMATION] = DriverObject->MajorFunction[IRP_MJ_CLEANUP] = DriverObject->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] = DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = DriverObject->MajorFunction[IRP_MJ_LOCK_CONTROL] = DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = DriverObject->MajorFunction[IRP_MJ_QUERY_SECURITY] = DriverObject->MajorFunction[IRP_MJ_SET_SECURITY] = DriverObject->MajorFunction[IRP_MJ_PNP] = (PDRIVER_DISPATCH)DrvDispatch; DriverObject->DriverUnload = VFUMS_Unload; ... ... ... .... return statut; } void configurevoldisk(PDEVICE_OBJECT dev) { dev->Flags |= DO_DIRECT_IO | DO_LOW_PRIORITY_FILESYSTEM; dev->Flags &= ~DO_DEVICE_INITIALIZING; } NTSTATUS VDFSCreateGlobalDiskDevice(IN PDRIVER_OBJECT DriverObject, PGLOBALVOL DiskGlobal) { NTSTATUS status = STATUS_NOT_IMPLEMENTED; PDEVICE_OBJECT devicenocd = NULL; PDEVICE_OBJECT devicecd = NULL; UNICODE_STRING fsDiskDeviceName; UNICODE_STRING fsCdDeviceName; KdPrintf(("InitDiskVolume\n")); RtlInitUnicodeString(&fsDiskDeviceName, VDFS_GLOBAL_FS_DISK_DEVICE_NAME); RtlInitUnicodeString(&fsCdDeviceName, VDFS_GLOBAL_FS_CD_DEVICE_NAME); status = IoCreateDevice(DriverObject, 0, &fsDiskDeviceName, FILE_DEVICE_DISK_FILE_SYSTEM, 0, FALSE, &devicenocd);; KdPrintf(("IoCreateDevice DISK NOCD %.8x Return status:%.8x\n", devicenocd,status)); if (status == STATUS_SUCCESS) { status = IoCreateDevice(DriverObject, 0, &fsCdDeviceName, FILE_DEVICE_CD_ROM_FILE_SYSTEM, 0, FALSE, &devicecd); KdPrintf(("IoCreateDevice DISK CD %.8x Return status:%.8x\n", devicecd, status)); if (!NT_SUCCESS(status)) { IoDeleteDevice(devicenocd); goto cpasbon; } configurevoldisk(devicenocd); configurevoldisk(devicecd); IoRegisterFileSystem(devicenocd); IoRegisterFileSystem(devicecd); DiskGlobal->pdiskcd = devicecd; DiskGlobal->pdiskfile = devicenocd; ObReferenceObject(devicecd); ObReferenceObject(devicenocd); } cpasbon:; return status; } NTSTATUS DrvDispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { BOOLEAN mexc = mexcept; #ifdef FILESYSD mexc = TRUE; #endif BOOLEAN AtIrqlPassiveLevel = FALSE; BOOLEAN IsTopLevelIrp = FALSE; NTSTATUS Status = STATUS_UNSUCCESSFUL; if (mexc ==TRUE) { __try { __try { AtIrqlPassiveLevel = (KeGetCurrentIrql() == PASSIVE_LEVEL); if (AtIrqlPassiveLevel) { FsRtlEnterFileSystem(); } if (!IoGetTopLevelIrp()) { IsTopLevelIrp = TRUE; IoSetTopLevelIrp(Irp); } Status = _DrvDispatch(DeviceObject, Irp); } __except (VDFSExceptionFilter(Irp, GetExceptionInformation())) { Status = VDFSExceptionHandler(DeviceObject, Irp, GetExceptionCode()); } } __finally { if (IsTopLevelIrp) { IoSetTopLevelIrp(NULL); } if (AtIrqlPassiveLevel) { FsRtlExitFileSystem(); } return Status; } } else { AtIrqlPassiveLevel = (KeGetCurrentIrql() == PASSIVE_LEVEL); if (AtIrqlPassiveLevel) { FsRtlEnterFileSystem(); } Status=_DrvDispatch(DeviceObject, Irp); if (AtIrqlPassiveLevel) { FsRtlExitFileSystem(); } return Status; } } NTSTATUS VDFSExceptionHandler(__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp, __in NTSTATUS ExceptionCode) { NTSTATUS Status; Status = ExceptionCode; if (Irp) { /*PVCB Vcb = NULL; PIO_STACK_LOCATION IrpSp; IrpSp = IoGetCurrentIrpStackLocation(Irp); Vcb = (PPARAMVCB)DeviceObject->DeviceExtension; if (NULL == Vcb) { Status = STATUS_INVALID_PARAMETER; } else if (Vcb->Identifier.Type != VCB) { Status = STATUS_INVALID_PARAMETER; } else if (IsUnmountPendingVcb(Vcb)) { Status = STATUS_NO_SUCH_DEVICE; } */ if (Status == STATUS_PENDING) { goto errorout; } //Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Status = Status; IoCompleteRequest(Irp, IO_NO_INCREMENT); } else { Status = STATUS_INVALID_PARAMETER; } errorout: return Status; } NTSTATUS _DrvDispatch ( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PIO_STACK_LOCATION irps; NTSTATUS status=STATUS_NOT_IMPLEMENTED; KdPrintf(("[VFUM] control\n")); irps=NULL; if (Irp!=NULL) { irps = IoGetCurrentIrpStackLocation(Irp); //if (irps!=NULL) KdPrintfd(("[VFUM] vfums_control : Device:%x Majorfunction %x irp %x\n",DeviceObject,irps->MajorFunction,Irp)); if (DeviceObject == DiskGlobal.pdiskcd) { KdPrintf(("[CD DISK FAT]\n")); } if (DeviceObject == DiskGlobal.pdiskfile) { KdPrintf(("[FILE DISK FAT]\n")); } { if (irps->MajorFunction == IRP_MJ_CREATE) { KdPrintfd(("[F DRVDISPATCH]IRP_MJ_CREATE \n")); } if (irps->MajorFunction==IRP_MJ_SYSTEM_CONTROL) { KdPrintfd(("IRP_MJ_SYSTEM_CONTROL\n")); } #ifdef FILESYSD if (irps->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL) { KdPrintfd(("IRP_MJ_FILE_SYSTEM_CONTROL\n")); status = FAT_MJ_FILE_SYSTEM_CONTROL(DeviceObject, Irp, irps); Irp->IoStatus.Status = status; goto ANC; } #endif } /*if ((irps->MajorFunction==IRP_MN_CANCEL_REMOVE_DEVICE) || (irps->MajorFunction==IRP_MN_REMOVE_DEVICE) || (irps->MajorFunction==IRP_MJ_CLOSE) || (irps->MajorFunction==IRP_MN_QUERY_REMOVE_DEVICE) || (irps->MajorFunction==IRP_MN_STOP_DEVICE) || (irps->MajorFunction==IRP_MN_QUERY_STOP_DEVICE)) { KdPrintf(("[VDUM] DeviceDispatch invalid device OK IRP_MN_REMOVE_DEVICE\n")); status=STATUS_SUCCESS; } else { Irp->IoStatus.Status=status=STATUS_NO_MEDIA_IN_DEVICE; Irp->IoStatus.Information=0; }*/ //EFFETS DE BORD !!!!! if (irps->MajorFunction==IRP_MJ_PNP) { KdPrintf(("IRP_MJ_PNP\n")); status=STATUS_SUCCESS; switch (irps->MinorFunction) { case IRP_MN_QUERY_REMOVE_DEVICE: KdPrintf((" IRP_MN_QUERY_REMOVE_DEVICE\n")); break; case IRP_MN_SURPRISE_REMOVAL: KdPrintf((" IRP_MN_SURPRISE_REMOVAL\n")); break; case IRP_MN_REMOVE_DEVICE: KdPrintf((" IRP_MN_REMOVE_DEVICE\n")); break; case IRP_MN_CANCEL_REMOVE_DEVICE: KdPrintf((" IRP_MN_CANCEL_REMOVE_DEVICE\n")); break; case IRP_MN_QUERY_DEVICE_RELATIONS: KdPrintf((" IRP_MN_QUERY_DEVICE_RELATIONS\n")); status = STATUS_INVALID_PARAMETER; break; default: KdPrintf((" other minnor function %d\n", irps->MinorFunction)); break; //IoSkipCurrentIrpStackLocation(Irp); //status = IoCallDriver(Vcb->TargetDeviceObject, Irp); } Irp->IoStatus.Status=status; goto ANC; } /////////////////////// if (DeviceObject==g_devcontrol) { PVOID* p=NULL; if (irps->FileObject!=NULL) p=irps->FileObject->FsContext2; KdPrintfd(("Control VFUM irp %x irps %x context %x\n",Irp,irps,p)); status=controldispatch(DeviceObject,Irp,irps); Irp->IoStatus.Status=status; KdPrintfdnotimpl(("Return information AV : %x\n",Irp->IoStatus.Information)); KdPrintfd(("Control VFUM return status %x\n",status)); } #if SUPPORTRAWDISK else if (IsRawDisk(DeviceObject)==TRUE) { KdPrintfd (("In RawDisk\n")); KeEnterCriticalRegion(); status=controldiskrawsystem(DeviceObject,Irp,irps); KeLeaveCriticalRegion(); if (status==STATUS_PENDING) return status; } #endif else { #ifdef FILESYSD .... .... .... .... .... .... } NTSTATUS ConnectIRPVCB(PDEVICE_OBJECT DeviceObject, PIO_STACK_LOCATION irps, PDEVICE_OBJECT volDeviceObject) { NTSTATUS status = STATUS_INVALID_PARAMETER; PVPB vpb = irps->Parameters.MountVolume.Vpb; if (vpb != NULL) { vpb->DeviceObject = volDeviceObject; vpb->VolumeLabelLength= (USHORT)wcslen(VOLUME_LABEL) * sizeof(WCHAR); RtlStringCchCopyW(vpb->VolumeLabel, sizeof(vpb->VolumeLabel) / sizeof(WCHAR), VOLUME_LABEL); vpb->SerialNumber = 0x11188966; status = STATUS_SUCCESS; } return status; } #ifdef FILESYSD NTSTATUS FAT_MJ_FILE_SYSTEM_CONTROL(PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irps) { NTSTATUS status = STATUS_NOT_IMPLEMENTED; switch (irps->MinorFunction) { case IRP_MN_MOUNT_VOLUME: { KdPrintfd((" IRP_MN_MOUNT_VOLUME\n")); status = STATUS_UNRECOGNIZED_VOLUME; if (vcbmount) { PPARAMVDF vdf = NULL; KdPrintf(("[IRP_MN_MOUNT_VOLUME]BeginMountVolume\n")); if (DeviceObject!=NULL) vdf = vdf_GetParam(DeviceObject); if (vdf == NULL) { KdPrintf(("[IRP_MN_MOUNT_VOLUME]vdf==NULL\n")); DeviceObject = irps->Parameters.MountVolume.DeviceObject; KdPrintf(("DeviceObject finded : %.8x\n", DeviceObject)); if (DeviceObject!=NULL) vdf = vdf_GetParam(DeviceObject); } if (vdf != NULL) { PDRIVER_OBJECT DriverObject = DeviceObject->DriverObject; PDEVICE_OBJECT volDeviceObject = NULL; KdPrintf(("[IRP_MN_MOUNT_VOLUME]IoCreateDevice DeviceType:%d Characteristics:%d\n",vdf->Devicetype,vdf->Characteristics)); status = IoCreateDevice(DriverObject, // DriverObject sizeof(TPARAMVCB), // DeviceExtensionSize NULL, // DeviceName vdf->Devicetype, // DeviceType vdf->Characteristics, // DeviceCharacteristics FALSE, // Not Exclusive &volDeviceObject); // DeviceObject KdPrintf(("[IRP_MN_MOUNT_VOLUME]IoCreateDevice return status:%.8x\n", status)); if (NT_SUCCESS(status)) { status = ConnectIRPVCB(DeviceObject, irps, volDeviceObject); KdPrintf(("[IRP_MN_MOUNT_VOLUME]ConnectIRPVCB return status:%.8x\n", status)); if (NT_SUCCESS(status)) { vdf->Tdisk.VCB = volDeviceObject; PPARAMVCB pvcb = (PPARAMVCB)volDeviceObject->DeviceExtension; pvcb->Tdisk.DCB = vdf->Tdisk.DCB; pvcb->Tdisk.VCB = volDeviceObject; pvcb->identifier = CIdentifier; ////REQUIRED ELSE DRIVE NOT WORK pvcb->sidentifier = CIdentifierVCB; ////Recommanded volDeviceObject->Flags |= DO_DIRECT_IO; volDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; ObReferenceObject(volDeviceObject); KdPrintf(("[IRP_MN_MOUNT_VOLUME]OK\n")); } else { KdPrintf(("[IRP_MN_MOUNT_VOLUME] cancel \n")); IoDeleteDevice(volDeviceObject); } } } else { KdPrintf(("NO PARAMVDF\n")); } KdPrintf(("[IRP_MN_MOUNT_VOLUME]EndMountVolume with status :%.8x\n",status)); } } break; } return status; } #define VOLUME_LABEL L"VDFS_DISK" Thank.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 07:10.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license