none
New Device Driver Writer Issue RRS feed

  • Question

  • I'm trying to create my first IRP to my driver. The driver prints it successfully created the device. The program for the IRP prints "INVALID HANDLE ERROR." Can anyone help me figure out the issue here?

        #include <windows.h>
        #include <iostream>
    
        HANDLE DeviceHandle;
        LPCTSTR DeviceName = "\\Device\\MyDevice";
        DWORD NumBytesRead;
    
        int main(){
            char Buffer[1024];
        
            DeviceHandle = CreateFile(DeviceName,
                                      GENERIC_READ,
                                      0,
                                      NULL,
                                      OPEN_EXISTING,
                                      FILE_ATTRIBUTE_NORMAL,
                                      NULL);
             if(DeviceHandle == INVALID_HANDLE_VALUE){
                std::cout << "Invalid handle error.";
                system("pause");
                return 1;
            }
        
            if(ReadFile(DeviceHandle, Buffer, 500, &NumBytesRead, NULL)){
                std::cout << Buffer;
            }
            else{
                std::cout << "File failed to read.";
                return 1;
            }
    
        
            system("pause");        
            return 0;    
        }

    THE DRIVER

    #include "ntddk.h"
    
        DRIVER_UNLOAD Unload;
    
        __drv_dispatchType(IRP_MJ_CREATE) DRIVER_DISPATCH Open;
        __drv_dispatchType(IRP_MJ_CLOSE) DRIVER_DISPATCH Close;
        __drv_dispatchType(IRP_MJ_READ) DRIVER_DISPATCH Read;
        __drv_dispatchType(IRP_MJ_WRITE) DRIVER_DISPATCH Write;
        __drv_dispatchType(IRP_MJ_DEVICE_CONTROL) DRIVER_DISPATCH IOControl;
    
        const WCHAR DeviceNameBuffer[] = L"\\Device\\MyDevice";
        PDEVICE_OBJECT g_Device;
    
        NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath){
        
            NTSTATUS ntStatus;
            UNICODE_STRING DeviceName;
            RtlInitUnicodeString(&DeviceName, DeviceNameBuffer);
            ntStatus = IoCreateDevice( DriverObject,
                                       0,
                                       &DeviceName,
                                       0x00001234,
                                       0,
                                       TRUE,
                                       &g_Device);
                        
            if(NT_SUCCESS(ntStatus))
                DbgPrint("Success");
            else{
                DbgPrint("Error Code: %x /n Failed.", ntStatus);
            }
        
        
            DbgPrint("Entering...");
        
            DriverObject->DriverUnload = Unload;
            DriverObject->MajorFunction[IRP_MJ_CREATE] = Open;
            DriverObject->MajorFunction[IRP_MJ_CLOSE] = Close;
            DriverObject->MajorFunction[IRP_MJ_READ] = Read;
            DriverObject->MajorFunction[IRP_MJ_WRITE] = Write;
            DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IOControl;
        
            return STATUS_SUCCESS;     
        }
    
        VOID CreateDevice(IN PDRIVER_OBJECT *DriverObject, IN OUT PDEVICE_OBJECT *DeviceObject){
            UNICODE_STRING DeviceName;
            RtlInitUnicodeString(&DeviceName, L"\\Device\\Rootkit");
            IoCreateDevice( DriverObject,
                            0,
                            &DeviceName,
                            0x00001234,
                            0,
                            TRUE,
                            &DeviceObject);     
         
        }
    
        VOID Unload(IN PDRIVER_OBJECT DriverObject){
            DbgPrint("Driver unloaded");
        }
    
        NTSTATUS Open(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
            DbgPrint("File opened");
            return STATUS_SUCCESS;            
        }
        NTSTATUS Close(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
            DbgPrint("File closed");
            return STATUS_SUCCESS;           
        }
        NTSTATUS Read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
            DbgPrint("File read");
            return STATUS_SUCCESS;           
        }
         NTSTATUS Write(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
             DbgPrint("File writen");
             return STATUS_SUCCESS;           
         }
         NTSTATUS IOControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
            DbgPrint("IOControl");
            return STATUS_SUCCESS;           
         }
    

    Thursday, October 2, 2014 7:52 AM

Answers

  • To open the device by name like that, you need to create a symbolic link under \DosDevices\ in the driver and then use a \\.\ prefix in CreateFile. Introduction to MS-DOS Device Names describes this and recommends using device interfaces instead. Also, if this is a new driver, consider using WDF.
    Thursday, October 2, 2014 8:48 AM

All replies

  • To open the device by name like that, you need to create a symbolic link under \DosDevices\ in the driver and then use a \\.\ prefix in CreateFile. Introduction to MS-DOS Device Names describes this and recommends using device interfaces instead. Also, if this is a new driver, consider using WDF.
    Thursday, October 2, 2014 8:48 AM
  • "To open the device by name like that, you need to create a symbolic link under \DosDevices\ in the driver and then use a \\.\ prefix in CreateFile"

    I HAVE to? I mean it's absolutely required? Where can I read more about this?



    Found. Thanks.
    Thursday, October 2, 2014 8:57 AM
  • While your basic question was answered, a bigger question for you is why are you writing a driver in WDM?  Any professional driver writer for Windows will do the work in KMDF if at all possible.  What you are writing at the moment is a legacy device driver, while there are cases these are useful, they are a terrible way to get started in the kernel since most of the challenges will come later, and your design will not work for them.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com

    Thursday, October 2, 2014 11:23 AM
  • yes, you have to. The \Device does not exist in win32, the \DosDevices symbolic link namespace does exist in win32.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, October 2, 2014 4:24 PM
  • I just found this in the Windows documentation:

    "However, a handle could be opened to that device using any APIs that support the NT namespace absolute path of the format "\Device\Xxx""

    Based on what I've been told, I'm confused. I thought \Device was no in the namespace?

    Article: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx

    Friday, October 3, 2014 2:20 AM
  • \Device is a namespace, just not one exposed to win32 through documented win32 APIs. the internal undocumented Nt APIs provide access to all namespaces names (normal security still applied)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, October 3, 2014 3:39 AM