J
Jacek Chodak
Hi
I'm working on a mouse filter driver. The filter send new IRP to the
driver, but the driver (mouclass) send exception 0xC0000005:
STATUS_ACCESS_VIOLATION (a memory access violation occurred).
Here is a piece of source code:
//---------------------------------------------------
NTSTATUS Dispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
..
..
..
//Create buffer
Buffer =
ExAllocatePoolWithTag(NonPagedPool,sizeof(MOUSE_INPUT_DATA),'BHVM');
//call function
status = MakeAsynchronousRequest(MouFilterDevice, Buffer,
sizeof(MOUSE_INPUT_DATA));
..
..
..
}
NTSTATUS
MakeAsynchronousRequest (
PDEVICE_OBJECT TopOfDeviceStack,
PVOID WriteBuffer,
ULONG NumBytes
)
/*++
Arguments:
TopOfDeviceStack -
WriteBuffer - Buffer to be sent to the TopOfDeviceStack.
NumBytes - Size of buffer to be sent to the TopOfDeviceStack.
--*/
{
NTSTATUS status;
PIRP irp;
LARGE_INTEGER startingOffset;
PIO_STACK_LOCATION nextStack;
PVOID context;
startingOffset.QuadPart = (LONGLONG) 0;
irp = IoBuildAsynchronousFsdRequest(
IRP_MJ_READ,
TopOfDeviceStack,
WriteBuffer,
NumBytes,
&startingOffset, // Optional
NULL
);
if (NULL == irp) {
return STATUS_INSUFFICIENT_RESOURCES;
}
context = ExAllocatePoolWithTag(NonPagedPool, sizeof(ULONG_PTR),
'ITag');
if (NULL == context) {
IoFreeIrp(irp);
return STATUS_INSUFFICIENT_RESOURCES;
}
IoSetCompletionRoutine(irp,
MakeAsynchronousRequestCompletion,
context,
TRUE,
TRUE,
TRUE);
nextStack = IoGetNextIrpStackLocation(irp);
//
// Change the MajorFunction code to something appropriate.
//
nextStack->MajorFunction = IRP_MJ_READ;
nextStack->Parameters.Read.Length = sizeof(MOUSE_INPUT_DATA);
//irp->IoStatus.Status = STATUS_SUCCESS;
//irp->IoStatus.Information = sizeof(MOUSE_INPUT_DATA);
status = IoCallDriver(TopOfDeviceStack, irp);
return STATUS_SUCCESS;
}
NTSTATUS
MakeAsynchronousRequestCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PMDL mdl, nextMdl;
PMOUSE_INPUT_DATA MouData;
MouData = (PMOUSE_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
MouData->Flags = MOUSE_MOVE_RELATIVE;
MouData->LastX = 10;
if(Irp->AssociatedIrp.SystemBuffer && (Irp->Flags &
IRP_DEALLOCATE_BUFFER) ) {
ExFreePool(Irp->AssociatedIrp.SystemBuffer);
}
else if (Irp->MdlAddress != NULL) {
for (mdl = Irp->MdlAddress; mdl != NULL; mdl = nextMdl) {
nextMdl = mdl->Next;
MmUnlockPages( mdl ); IoFreeMdl( mdl ); // This function
will also unmap pages.
}
Irp->MdlAddress = NULL;
}
if(Context) {
ExFreePool(Context);
}
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
//---------------------------------------------------
Whot I'm doing wrong ?
Thanks in advance.
I'm working on a mouse filter driver. The filter send new IRP to the
driver, but the driver (mouclass) send exception 0xC0000005:
STATUS_ACCESS_VIOLATION (a memory access violation occurred).
Here is a piece of source code:
//---------------------------------------------------
NTSTATUS Dispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
..
..
..
//Create buffer
Buffer =
ExAllocatePoolWithTag(NonPagedPool,sizeof(MOUSE_INPUT_DATA),'BHVM');
//call function
status = MakeAsynchronousRequest(MouFilterDevice, Buffer,
sizeof(MOUSE_INPUT_DATA));
..
..
..
}
NTSTATUS
MakeAsynchronousRequest (
PDEVICE_OBJECT TopOfDeviceStack,
PVOID WriteBuffer,
ULONG NumBytes
)
/*++
Arguments:
TopOfDeviceStack -
WriteBuffer - Buffer to be sent to the TopOfDeviceStack.
NumBytes - Size of buffer to be sent to the TopOfDeviceStack.
--*/
{
NTSTATUS status;
PIRP irp;
LARGE_INTEGER startingOffset;
PIO_STACK_LOCATION nextStack;
PVOID context;
startingOffset.QuadPart = (LONGLONG) 0;
irp = IoBuildAsynchronousFsdRequest(
IRP_MJ_READ,
TopOfDeviceStack,
WriteBuffer,
NumBytes,
&startingOffset, // Optional
NULL
);
if (NULL == irp) {
return STATUS_INSUFFICIENT_RESOURCES;
}
context = ExAllocatePoolWithTag(NonPagedPool, sizeof(ULONG_PTR),
'ITag');
if (NULL == context) {
IoFreeIrp(irp);
return STATUS_INSUFFICIENT_RESOURCES;
}
IoSetCompletionRoutine(irp,
MakeAsynchronousRequestCompletion,
context,
TRUE,
TRUE,
TRUE);
nextStack = IoGetNextIrpStackLocation(irp);
//
// Change the MajorFunction code to something appropriate.
//
nextStack->MajorFunction = IRP_MJ_READ;
nextStack->Parameters.Read.Length = sizeof(MOUSE_INPUT_DATA);
//irp->IoStatus.Status = STATUS_SUCCESS;
//irp->IoStatus.Information = sizeof(MOUSE_INPUT_DATA);
status = IoCallDriver(TopOfDeviceStack, irp);
return STATUS_SUCCESS;
}
NTSTATUS
MakeAsynchronousRequestCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PMDL mdl, nextMdl;
PMOUSE_INPUT_DATA MouData;
MouData = (PMOUSE_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
MouData->Flags = MOUSE_MOVE_RELATIVE;
MouData->LastX = 10;
if(Irp->AssociatedIrp.SystemBuffer && (Irp->Flags &
IRP_DEALLOCATE_BUFFER) ) {
ExFreePool(Irp->AssociatedIrp.SystemBuffer);
}
else if (Irp->MdlAddress != NULL) {
for (mdl = Irp->MdlAddress; mdl != NULL; mdl = nextMdl) {
nextMdl = mdl->Next;
MmUnlockPages( mdl ); IoFreeMdl( mdl ); // This function
will also unmap pages.
}
Irp->MdlAddress = NULL;
}
if(Context) {
ExFreePool(Context);
}
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
//---------------------------------------------------
Whot I'm doing wrong ?
Thanks in advance.