Newbie to VC++ and DDK question--developing an IFS

Newbie to VC++ and DDK question--developing an IFS

Post by Subzer » Fri, 29 Aug 2008 01:25:08


Hello,

I am developing a minifilter for filesystem. Also, my filter works fine when
I remove the function below but when I
enable it, I get an BSOD. Can you guys see what's wrong here? Or am I
missing something??!

BOOLEAN
ScannerpCheckParentDir (
__in PUNICODE_STRING ParentDir
)
/*++

Routine Description:

Checks if this file's parent dir is something we are interested in

Arguments

ParentDir - Pointer to the file parent dir

Return Value

TRUE - Yes we are interested
FALSE - No
--*/
{
const UNICODE_STRING *path;
UNICODE_STRING BufferString;

if (ParentDir->Length == 0) {

return FALSE;
}

//
// Check if it matches any one of our static extension list
//

path = ScannerPathsToScan;

while (path->Buffer != NULL)
{
if (ParentDir->Length >= path->Length)
{
RtlUnicodeStringCbCopyStringN(
&BufferString,
ParentDir,
path->Length
);

if (RtlCompareUnicodeString( &BufferString, path, TRUE ) == 0)
{

//
// A match. We are interested in this file
//

return TRUE;
}
}

path++;
}

return FALSE;
}

Best Regards,

SZ
 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Doron Hola » Fri, 29 Aug 2008 02:54:37

how about attaching a kernel de *** and seeing where it is blowing up?

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Volodymyr » Fri, 29 Aug 2008 04:32:37

What is the bugcheck code? Tried to use analyze -v on dump ... ? The output
should help a lot. Could be an access to paged pool at high IRQL?

--
Volodymyr, blog: http://www.yqcomputer.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Subzer » Fri, 29 Aug 2008 22:35:32

Yesterday I downloaded Windbg.exe from MSFT site yet it does not seem to
open/accept .sys as binary type! What would you suggest?

Thanks,

SZ

"Doron Holan [MSFT]" < XXXX@XXXXX.COM >, iletisinde 艧unu yazd谋,
 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Subzer » Fri, 29 Aug 2008 22:37:14

Since I am a beginner, what you say seems French to me. Where should I enter
those? I simply changed the filesys/miniFilter/scanner/filter example with
VC2008 and then compiled with checkedenvironment for Vista/AMD64 with the
command "build". That's all!!

"Volodymyr M. Shcherbyna" < XXXX@XXXXX.COM >, iletisinde nu
 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Don Bur » Fri, 29 Aug 2008 22:41:35

You have to choose WinDBG kernel debugging, this is not like debugging a
program you are debugging a DLL (your driver) in the Windows kernel. Take a
look at the Getting Started document I referenced to you in a previous
thread, it explains how to set up and use WinDBG.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.yqcomputer.com/
Blog: http://www.yqcomputer.com/
Remove StopSpam to reply
 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Subzer » Fri, 29 Aug 2008 23:51:12

ill do, thanks.

"Don Burn" < XXXX@XXXXX.COM >, iletisinde nu yazd?
news:% XXXX@XXXXX.COM ...

 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by Volodymyr » Sat, 30 Aug 2008 17:29:45

rench is much harder, believe me :). Once there is BSOD you have to wait
until windows generated memory dump file. Usually the place for dump file is
C:\WINDOWS\memory.dmp but it can be changed in properties of "my computer".
Once you have a dump file, you can open it using WinDbg.exe and wait while
debugger process it. After that you can issue an analyze -v in command line
and see the output.

--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)

"Subzero" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


 
 
 

Newbie to VC++ and DDK question--developing an IFS

Post by jeromeC » Sun, 31 Aug 2008 05:01:02

"Volodymyr M. Shcherbyna" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...

Pas du tout ;)

UNICODE_STRING BufferString; Is not allocated nor Initialized to anything I
bet that's the problem.

Jerome.

Once there is BSOD you have to wait