F
Frankooo
Guest
i really can't figure out where are the problem exactly . i have searched and couldn't find a helpful answer most of the ppl that faced this problem was because of using it with USB driver . but am trying to use it with my own driver and its failing with ERROR_INVALID_FUNCTION . here is the code.
also things that i have tried =
1- change CreateFileA to only File_Write , Generic_write but still no luck.
2 - also added
pDeviceObject->Flags |= DO_BUFFERED_IO;
as i forgot to add it to my driver but still the same error.
here is the full code :
Kernel side
NTSTATUS OnIRPWrite(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
{
UNREFERENCED_PARAMETER(pDriverObject);
NTSTATUS Status;
char szBuffer[255] = { 0 };
strcpy(szBuffer, pIrp->AssociatedIrp.SystemBuffer);
DbgPrint("User message received: %s(%u)", szBuffer, strlen(szBuffer));
if (strcmp(szBuffer, "read_shared_memory"))
{
KeAcquireGuardedMutex(&g_IrpReadMutex);
ReadSharedMemory(); // reads shared memory from UM.
KeReleaseGuardedMutex(&g_IrpReadMutex);
}
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = strlen(szBuffer);
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
{
UNREFERENCED_PARAMETER(pDriverObject);
PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
switch (pStack->MajorFunction)
{
case IRP_MJ_WRITE:
OnIRPWrite(pDriverObject, pIrp);
break;
default:
pIrp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) {
NTSTATUS status = STATUS_SUCCESS;
UNREFERENCED_PARAMETER(pRegistryPath);
KeInitializeGuardedMutex(&g_IrpReadMutex);
DbgPrintEx(0, 0, "Driver loaded !!\n");
UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
RtlInitUnicodeString(&deviceNameUnicodeString, DeviceName);
RtlInitUnicodeString(&deviceSymLinkUnicodeString, DosDeviceName);
PDEVICE_OBJECT pDeviceObject = NULL;
status = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "Failed to create IoCreateDevice %p\n", status);
return status;
}
DbgPrintEx(0, 0, "created device object %p\n", status);
// Create the symbolic link
status = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "Failed creating a device symbolicLink: %p\n", status);
return status;
}
DbgPrintEx(0, 0, "created symbolic link : %p\n", status);
// Register driver major callbacks
//for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
// pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
pDriverObject->DriverUnload = driverUnload;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = OnMajorFunctionCall;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCall;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCall;
pDeviceObject->Flags |= DO_BUFFERED_IO;
CreateSharedMemory();
DbgPrintEx(0, 0, "driver entry completed!\n");
return STATUS_SUCCESS;
}
user mode :
auto hDriver = CreateFileA(SymbolicLink.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (!hDriver || hDriver == INVALID_HANDLE_VALUE)
{
printf("CreateFileA fail! Error: %u\n", GetLastError());
}
char str[] = "read_shared_memory";
DWORD dwBytesWritten = 0;
if (WriteFile(hDriver, str, strlen(str), &dwBytesWritten, NULL) == FALSE)
{
printf("WriteFile(write) fail! Error: %u\n", GetLastError());
system("pause");
}
printf("Read Message sent \n");
CloseHandle(hDriver);
system("pause");
am still searching as am writing this post.
Continue reading...
also things that i have tried =
1- change CreateFileA to only File_Write , Generic_write but still no luck.
2 - also added
pDeviceObject->Flags |= DO_BUFFERED_IO;
as i forgot to add it to my driver but still the same error.
here is the full code :
Kernel side
NTSTATUS OnIRPWrite(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
{
UNREFERENCED_PARAMETER(pDriverObject);
NTSTATUS Status;
char szBuffer[255] = { 0 };
strcpy(szBuffer, pIrp->AssociatedIrp.SystemBuffer);
DbgPrint("User message received: %s(%u)", szBuffer, strlen(szBuffer));
if (strcmp(szBuffer, "read_shared_memory"))
{
KeAcquireGuardedMutex(&g_IrpReadMutex);
ReadSharedMemory(); // reads shared memory from UM.
KeReleaseGuardedMutex(&g_IrpReadMutex);
}
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = strlen(szBuffer);
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
{
UNREFERENCED_PARAMETER(pDriverObject);
PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
switch (pStack->MajorFunction)
{
case IRP_MJ_WRITE:
OnIRPWrite(pDriverObject, pIrp);
break;
default:
pIrp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) {
NTSTATUS status = STATUS_SUCCESS;
UNREFERENCED_PARAMETER(pRegistryPath);
KeInitializeGuardedMutex(&g_IrpReadMutex);
DbgPrintEx(0, 0, "Driver loaded !!\n");
UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
RtlInitUnicodeString(&deviceNameUnicodeString, DeviceName);
RtlInitUnicodeString(&deviceSymLinkUnicodeString, DosDeviceName);
PDEVICE_OBJECT pDeviceObject = NULL;
status = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "Failed to create IoCreateDevice %p\n", status);
return status;
}
DbgPrintEx(0, 0, "created device object %p\n", status);
// Create the symbolic link
status = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "Failed creating a device symbolicLink: %p\n", status);
return status;
}
DbgPrintEx(0, 0, "created symbolic link : %p\n", status);
// Register driver major callbacks
//for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
// pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
pDriverObject->DriverUnload = driverUnload;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = OnMajorFunctionCall;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCall;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCall;
pDeviceObject->Flags |= DO_BUFFERED_IO;
CreateSharedMemory();
DbgPrintEx(0, 0, "driver entry completed!\n");
return STATUS_SUCCESS;
}
user mode :
auto hDriver = CreateFileA(SymbolicLink.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (!hDriver || hDriver == INVALID_HANDLE_VALUE)
{
printf("CreateFileA fail! Error: %u\n", GetLastError());
}
char str[] = "read_shared_memory";
DWORD dwBytesWritten = 0;
if (WriteFile(hDriver, str, strlen(str), &dwBytesWritten, NULL) == FALSE)
{
printf("WriteFile(write) fail! Error: %u\n", GetLastError());
system("pause");
}
printf("Read Message sent \n");
CloseHandle(hDriver);
system("pause");
am still searching as am writing this post.
Continue reading...