Re: IRP_MJ_READ/IRP_MJ_WRITE

I hope you did not put the scenario in a production driver. The only times
that using NEITHER_IO makes sense is when you have a huge I/O buffer (think
giga-bytes) and want to handle it in pieces. This requires a lot of careful
code. Using it for an array makes little sense, also you completely forgot
to mention process context problems, and others.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply



"Uv" <yuvraaj@xxxxxxxxx> wrote in message
news:e71f7740-7c65-44ba-9078-0e54108eaaf2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 3, 5:47 am, "Don Burn" <b...@xxxxxxxxxxxxxxxxxxxx> wrote:
Using NEITHER_IO is a really bad idea. First you have to validate the
buffers yourself, and unless you build a MDL and lock it in memory, and a
get a system address you are likely to miss something. Of course if you
do
all this you have recreated DIRECT_IO so you have wasted your time.
Please
do not bother with NEITHER_IO it is one of the biggest causes of security
problems and crashes.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website:http://www.windrvr.com
Blog:http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

NEITHER_IO is not _always_ a bad idea. It _is_ reasonably dangerous to
use if you don't know what you are doing.
Furthermore, OP wants to learn. Better that he crash his system now
and learn the quick way than to hose the customer.

@OP: Neither IO means that you touch user mode memory from kernel
mode. Why is this dangerous? Because at any given instant, the user
mode virtual address space may get swapped out (because the process
got swapped out).
So your code may be happily walking down an array in user space and
between accessing one element and the next, that process gets swapped
out, so effectively at the next access you either 1: read garbage or
2: get an access violation because there is no virtual address mapping
in the new process for the pointer you are using (or because you dont
have access to that memory).
So how does a try/except block help?
In scenario 2 above, code execution lands in the except block - thats
because a memory exception was raised.
But in #1, you are hosed, because there is no exception and therefore
you dont even realize that you are using invalid data.

What option do you have then? Ans: Use other methods to simplify your
work or... MmProbeAndLockPages
Go read up on it.


.

Relevant Pages

  • Re: Unsized Arrays in Structures, and user space
    ... get a notification yet you have a lot of memory reservered. ... Windows 2k/XP/2k3 Filesystem and Driver Consulting ... >> Don Burn (MVP, Windows DDK) ... >> Remove StopSpam from the email to reply ...
    (microsoft.public.development.device.drivers)
  • Re: How to verify a user space pointer passed to kernel driver?
    ... and then the turkey tries to use the memory and it blows up. ... ProbeForRead/Write does not protect the driver, ... Don Burn (MVP, Windows DDK) ... Windows Filesystem and Driver Consulting ...
    (microsoft.public.development.device.drivers)
  • Re: can this be my drivers bug
    ... It absolutely can, someone has trashed a kernel stack, probably your driver. ... Don Burn (MVP, Windows DDK) ... > Invalid system memory was referenced. ...
    (microsoft.public.development.device.drivers)
  • Re: need a strategy for communication.
    ... Don Burn (MVP, Windows DDK) ... Windows 2k/XP/2k3 Filesystem and Driver Consulting ... > Once my driver and a user mode app get set up I would like the Kernel mode ... > Can I get my driver and the user to share memory? ...
    (microsoft.public.development.device.drivers)
  • Question about different ways of calling a driver
    ... I have created a stream driver and defined some functions in ... Scenario A: I call the driver through the standard interface. ... First I try to load the driver by calling "LoadLibrary", ... it is related to the memory mapping. ...
    (microsoft.public.windowsce.platbuilder)
Loading