Handling memory inside kernel

Discussion in 'Windows Vista Drivers' started by sinosoidal, Aug 14, 2009.

  1. sinosoidal

    sinosoidal Guest

    Hi,

    I'm using a deviceiocontrol to pass data to my driver.

    I copy the passed memory object to the device context with the following code:

    bytesToTansfer = sizeof(CONTACT) * 100;

    if (InputBufferLength < bytesToTansfer) {
    status = STATUS_BUFFER_TOO_SMALL;
    break;
    }

    status = WdfRequestRetrieveInputMemory(Request, &inputMemory);

    if (!NT_SUCCESS(status)) {
    DebugPrint(("WdfRequestRetrieveInputMemory failed %x\n", status));
    break;
    }

    status = WdfMemoryCopyToBuffer(inputMemory,
    0,
    &devContext->Contacts ,
    bytesToTansfer);

    if (!NT_SUCCESS(status)) {
    DebugPrint(("WdfMemoryCopyFromBuffer failed %x\n", status));
    break;
    }

    bytesTransferred = bytesToTansfer;

    // can't receive more contact buffer while the current hasn't been
    completly processed
    devContext->HasContactsToReport = TRUE;

    break;

    It happens that when I access devContext->Contacts inside another function
    (which makes HID reports, i have a blue screen)

    Before the blue screen happens, I try to look into the memory using the
    locals panel and it says memory access error.

    I know that the data is being well copied because in other places I can
    inspect is successfully and the data is there correctly.

    However, in other places I cant access it without having a fatal error.

    How can I access this memory buffer in other functions/places without
    causing a kernel panic?

    Thanks,

    Nuno
     
    sinosoidal, Aug 14, 2009
    #1
    1. Advertisements

  2. Where did you allocate the memory for devContext->Contacts?

    Have a nice day
    GV
     
    Gianluca Varenni, Aug 14, 2009
    #2
    1. Advertisements

  3. sinosoidal

    sinosoidal Guest

    Hi Gianluca,

    I have allocated the memory on the function

    EvtDeviceD0Entry

    The code I have pasted is on

    EvtIoDeviceControlFromRawPdo

    And if i use the debugger to inspect contacts just right after the retrieval
    of the memory buffer from the DeviceIoControl, all the data passed is there,
    correctly!

    However, when I tried to access it, and it is accessed on a function called
    CompleteReadReport which is called from time to time from a WdfTimer, the
    windows blows with a blue screen and the error

    IRQL_NOT_LESS_OR_EQUAL

    I believe that I need some other operation in order to access this data to
    avoid the blow, I just don't know what and how...

    Any tips?

    Thanks,

    Nuno
     
    sinosoidal, Aug 14, 2009
    #3
  4. Can you show the code where you allocate such memory?

    GV
     
    Gianluca Varenni, Aug 14, 2009
    #4
  5. sinosoidal

    Don Burn Guest

    Why are you using WdfRequestRetrieveInputMemory instead of
    WdfRequestRetrieveInputBuffer which would have gotten you a direct access to
    the buffer, which you could then have RtlCopyMemory to where ever, if you
    could not have used the raw input.


    --
    Don Burn (MVP, Windows DKD)
    Windows Filesystem and Driver Consulting
    Website: http://www.windrvr.com
    Blog: http://msmvps.com/blogs/WinDrvr
    Remove StopSpam to reply





    __________ Information from ESET NOD32 Antivirus, version of virus signature database 4335 (20090814) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com
     
    Don Burn, Aug 14, 2009
    #5
  6. sinosoidal

    sinosoidal Guest

    Yes

    status = WdfMemoryCreate(
    WDF_NO_OBJECT_ATTRIBUTES,
    NonPagedPool,
    0,
    sizeof(CONTACT)*100,
    &devContext->ContactsMemory,
    &devContext->Contacts
    );
     
    sinosoidal, Aug 14, 2009
    #6
  7. sinosoidal

    sinosoidal Guest

    Hi Don,

    I'm still not aware of many details of windows kernel development as i'm
    only into this for little more than a month.

    I tried your suggestion like this in the IOCTL handle switch:

    case IOCTL_DPXMTT_REQ_REPORT_CONTACT:
    //
    // Buffer is too small, fail the request
    //
    bytesToTansfer = sizeof(CONTACT) * 100;

    if (InputBufferLength < bytesToTansfer) {
    status = STATUS_BUFFER_TOO_SMALL;
    break;
    }

    status =
    WdfRequestRetrieveInputBuffer(Request,bytesToTansfer,&devContext->Contacts,bytesToTansfer);

    But it gave me an Access Violation....

    Any tips?

    Thanks,

    Nuno
     
    sinosoidal, Aug 14, 2009
    #7
  8. For sure this is wrong, the last parameter should be either NULL or a
    pointer to a size_t variable.

    Have a nice day
    GV
     
    Gianluca Varenni, Aug 14, 2009
    #8
  9. status = WdfMemoryCopyToBuffer(inputMemory,

    This code is wrong, it should probably be

    status = WdfMemoryCopyToBuffer(inputMemory,
    0,
    devContext->Contacts ,
    bytesToTansfer);

    Have a nice day
    GV
     
    Gianluca Varenni, Aug 14, 2009
    #9
  10. sinosoidal

    sinosoidal Guest

    Hi Gianluca,

    I'm having strange results.

    First of all if I try to obtain the memory buffer directly to use less cod I
    always get a buffer right but with invalid data (this is, is not what I sent).

    For other side, the only way I have acomplished to get the data I sent in
    the device io control is to make

    WdfMemoryCopyToBuffer(inputMemory,0,&pInputBuffer ,bytesToTansfer);

    Note the '&' on pInpuBuffer. I realized that this wrong because it messes
    with all of my variables in scope causing kernel panic.

    However, other way I always get similar results like getting the buffer
    pointer.

    What am I missing here in order to get the data from the memory using the
    buffer?

    Thanks,

    Nuno
     
    sinosoidal, Aug 18, 2009
    #10
  11. Do you process other IOCTLs in your IOCTL handler? Do they work?

    I would probably try to create a very simple IOCTL passing let's say a ULONG
    from user mode and see if I get it right in the driver.

    Can you show the user code sending the IOCTL?

    Thanks
    GV
     
    Gianluca Varenni, Aug 18, 2009
    #11
  12. Use the !wdfrequest debugger extension to dump more information about the
    request. It should print out the address of the input buffer that is
    associated with the request. Examine the input buffer contents in the
    debugger to see if it contains the data that your user mode application
    sent.
     
    Abhishek R [MSFT], Aug 18, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.