Re: NativeOverlapped, does it work??

Soren,

How are you passing the pointer to the NativeOverlapped structure? You need to keep that fixed in memory, and if you are using a fixed statement (you might have it on the stack, in which case, you have to store the structure somewhere) the memory location of the structure is subject to change.

My guess is that you aren't passing the structure correctly.

Instead, I would pin the structure (and then get the unsafe pointer to the structure), or marshal it to unmanaged memory, where you can hold onto the pointer for the life of the call (and dispose of it appropriately when done).

--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx


"Soren S. Jorgensen" <no@xxxxxxxxxxxx> wrote in message news:OyyZHF0PIHA.5140@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I'm trying to read some messages (native structs) from a kernel mode mini-filter driver. I'm using my own implementation of IAsyncResult to pack/unpack the NativeOverlapped structure, and waiting for the result to arrive.

To read the messages frm the kernek driver i'm using native function:
HRESULT WINAPI FilterGetMessage(
IN HANDLE hPort,
IN OUT PFILTER_MESSAGE_HEADER lpMessageBuffer,
IN DWORD dwMessageBufferSize,
IN LPOVERLAPPED lpOverlapped OPTIONAL);

- in C# it looks like:
[DllImport("FltLib", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Auto)]
unsafe private static extern int FilterGetMessage(
SafeFileHandle hPort,
IntPtr lpMessageBuffer,
int dwMessageBufferSize,
NativeOverlapped* lpOverlapped);

The code at first glance seems to be working - no errors on either side (not in the driver and not in the user mode app) - but the data that's being transferred are invalid. The data is a simple structure of ULONG's with a total size of 24 bytes.

I know what is written from kernel mode (i wrote the driver myself), but when the data is received in user mode it's changed!!

One the that puzzles me is that the C# counter part of the data structure has to be 16 bytes longer than the C++ structure, which perhaps can be explained by the four int's reserved at the end of the NativeOverlapped??

I'm able to send data to the driver (synchronously, not using overlapped) with no problems.

Has anyone gotten NativeOverlapped to work, and if so, please point me to examples.
I build my code greatly inspired from the "Concurrent Affairs" article in MSDN magazine june 2007 by Jeffrey Richter

Thanks SSJ




.

Relevant Pages

  • Re: Writing and reading from a physical address
    ... If you just return the pointer to the memory you got from ... driver to read or write some registers on the hardware. ... How can I do this through a driver. ... run my complete application in kernel mode. ...
    (microsoft.public.windowsce.app.development)
  • Re: Writing and reading from a physical address
    ... MmMapIoSpaceinto my application memory. ... driver to read or write some registers on the hardware. ... How can I do this through a driver. ... run my complete application in kernel mode. ...
    (microsoft.public.windowsce.app.development)
  • Re: Writing and reading from a physical address
    ... I am also looking into using a function to map a chuck of physical memory ... Else have you written a driver dedicated to it? ... run my complete application in kernel mode. ...
    (microsoft.public.windowsce.app.development)
  • about CeSafeCopyMemory in CE 6
    ... Will CeSafeCopyMemory do the memory marshalling when I call it in my ... kernel mode driver to access memory pointed by a embedded user space ... an user space pointer except the security problem? ... When process switch to kernel mode, is the page table of user space's ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Question about FILE_OBJECT
    ... the use of FsContext and FsContext2 are dictated by each driver in the ... PFILE_OBJECT pointer and the same pointer value you put into FsContext. ... On the open call I allocate a context structure and add it ... on susequent irp's instead of accessing the context memory at ...
    (microsoft.public.win32.programmer.kernel)
Loading