Re: Problem with WdfRequestRetrieveOutputMemory

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Doron Holan [MS]" <doronh@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 31 Jan 2006 19:06:27 -0800

---

a few things are going on here
1)  you are allocating paged memory for a transfer, it needs to be non paged
2)  WdfRequestRetrieveInputBuffer/Memory and RetrieveOutputBuffer/Memory 
refer to the action that you are going to perform on the buffer.  You 
retrieve an ouput buffer when you will write to it and you retrieve an input 
buffer when you read from it. so for a IRP_MJ_READ irp, you would retrieve 
an output buffer b/c you are going to write to it.
3)  why are you calling WdfObjectGetTypedContext directly?  use the accessor 
routine that you declared in WDF_DECLARE_CONTEXT_TYPE.

d

-- 
Please do not send e-mail directly to this alias. this alias is for 
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.


"Lorenzo Fracassi" <l.fracassi@xxxxxxxxxxxx> wrote in message 
news:1138710950.438332.57180@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hello to all,
> I'm developing a driver for an USB device using KMDF.
> This is my problem (please, evaluate also my approach):
>
> I want my driver to be completely asynchronous, in order to do so, I
> process DeviceIOControl requests in this way:
> when a new request arrives, I create a new WDFREQUEST using this code:
>
>
> WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&_object_attributes,
> MY_IOCTL_CONTEXT);
> WdfRequestCreate(&_object_attributes, NULL, &_tx_request);
>
>
> In the context structure I store original user mode request and an
> offset.
> I create a new WDFMEMORY object using this code:
>
>
> WDF_OBJECT_ATTRIBUTES_INIT(&_object_attributes);
> _object_attributes.ParentObject=_tx_request;
> WdfMemoryCreate(&_object_attributes, PagedPool, MYMEMTAG,
> _tx_buffer_size, &_tx_memory, &_tx_buffer);
>
>
> _tx_buffer_size is larger than original request input buffer because I
> need to add some protocol bytes. After, I write the request to bus
> driver using this functions:
>
>
> WdfUsbTargetPipeFormatRequestForWrite(_tx_pipe, _tx_request,
> _tx_memory, NULL);
> WdfRequestSetCompletionRoutine(_tx_request, _my_tx_completion_routine,
> NULL);
> WdfRequestSend(_tx_request, WdfUsbTargetPipeGetIoTarget(_tx_pipe),
> NULL);
>
>
> In _my_tx_completion_routine first, I verify if all gone right, if yes:
> I've to read device response considering that I have to remove protocol
> bytes and some other informations that are not interesting for user
> mode application; I use this code (we are always in my 'write phase'
> completion routine):
>
>
> WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&_object_attributes,
> MY_IOCTL_CONTEXT);
> WdfRequestCreate(&_object_attributes, NULL, &_rx_request);
>
>
> Next, I copy IOCTL context structure received as parameter (it contains
> the original user mode request and its response buffer offset):
>
>
> _new_ioctl_context=WdfObjectGetTypedContext(_rx_request,
> MY_IOCTL_CONTEXT);
> RtlCopyMemory(_new_ioctl_context, _tx_request_context,
> sizeof(MY_IOCTL_CONTEXT));
>
>
> I create a new WDFMEMORY object that will be used to read from device:
>
>
> WDF_OBJECT_ATTRIBUTES_INIT(&_object_attributes);
> _object_attributes.ParentObject=_rx_request;
> WdfMemoryCreate(&_object_attributes, PagedPool, MYMEMTAG, 512,
> &_rx_memory, NULL);
>
>
> Keep in mind tha last code line because I'll return on it later. Always
> in my 'write phase' completion routine I attempt to read from device
> using this code:
>
>
> WdfUsbTargetPipeFormatRequestForRead(_rx_pipe, _rx_request, _rx_memory,
> NULL);
> WdfRequestSetCompletionRoutine(_rx_request, _my_rx_completion_routine,
> NULL);
> WdfRequestSend(_rx_request, WdfUsbTargetPipeGetIoTarget(_rx_pipe),
> NULL);
>
>
> At this point I free the write request using WdfObjectDelete() and I
> leave _my_tx_completion_routine callback.
>
>
> Once device responds, _my_rx_completion_routine callback is invoked:
> from status block I verify that read request was completed fine and
> that I received from device the expected amount of data. The 'Request'
> parameter is the read request that I've created in my 'write phase'
> completion callback; and now, finally, the problem:
> before complete the original user mode request, I've to copy to its
> output buffer the data that I've received from device excluding
> protocol bytes. When I use WdfRequestRetrieveOutputMemory on 'Request'
> parameter to parse received data, it always fails due to
> STATUS_INVALID_DEVICE_REQUEST error.
> But, the stranger things must still arrive; in order to avoid the
> problem I have tried the following:
> do you remember the WdfMemoryCreate call in _my_tx_completion_routine
> callback? If I replace the NULL last parameter with a pointer to a
> buffer (in order to store output buffer pointer in the context
> structure instead of using WdfRequestRetrieveOutputMemory) a bug check
> occurs and my test machine restarts. All parameters supplied to
> WdfMemoryCreate are valid (except for the last parameter that is
> currently a reference to PUCAHR _buffer=NULL).
> It is still not the end: if I bring back to NULL the WdfMemoryCreate
> call last parameter, and exacly below I use WdfMemoryGetBuffer, I
> obtain a pointer that, once stored in the context structure, when
> _my_rx_completion_routine is invoked, stores the data received from the
> device. At this point I can complete the original user mode request
> correctly.
>
> What's wrong with first attempt using WdfRequestRetrieveOutputMemory?
> What I'm mistaking?
> Thank you for the patience.
> 


.

---

• Follow-Ups:
  • Re: Problem with WdfRequestRetrieveOutputMemory
    • From: Lorenzo Fracassi

• Prev by Date: Re: Errors using usbser.sys with an OHCI controller
• Next by Date: Help on NDISUIO
• Previous by thread: Re: Errors using usbser.sys with an OHCI controller
• Next by thread: Re: Problem with WdfRequestRetrieveOutputMemory
• Index(es):
  • Date
  • Thread

---

Relevant Pages [NT] Vulnerability Report for Windows SMB DoS ... cross-platform mechanism for client systems to request file services from ... In order to exploit the vulnerability a user account is needed for the ... is therefore vulnerable to a denial of service attack. ... Later in the processing of the request, at SRV.SYS+33209h another buffer ... (Securiteam) Scenario to make recv(MSG_WAITALL) stuck ... Below is a scenario how to make recvwith MSG_WAITALL flag get stuck. ... Let's the size of the receive buffer is SOBUF_SIZE. ... TCP window probes. ... partial SOBUF_SIZE request. ... (freebsd-net) Re: Scenario to make recv(MSG_WAITALL) stuck ... Below is a scenario how to make recvwith MSG_WAITALL flag get stuck. ... Let's the size of the receive buffer is SOBUF_SIZE. ... TCP window probes. ... partial SOBUF_SIZE request. ... (freebsd-net) Re: DMA operation to 64-bits PC platform ... completing the request with IoCompleteRequest? ... your application buffer. ... FPGA to PC memory) at its own initiative. ... The driver recognises this request and pends it indefinitely, ... (comp.arch.fpga) Re: DMA operation to 64-bits PC platform ... completing the request with IoCompleteRequest? ... your application buffer. ... FPGA to PC memory) at its own initiative. ... The driver recognises this request and pends it indefinitely, ... (comp.arch.fpga)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2006-02