none
ntddk.h bug in IO_DRIVER_CREATE_CONTEXT definition in WDK 10.0.10586.0 RRS feed

  • General discussion

  • The IO_DRIVER_CREATE_CONTEXT is defined in the header like this for everything Vista and above

    typedef struct _IO_DRIVER_CREATE_CONTEXT {
        CSHORT Size;
        struct _ECP_LIST *ExtraCreateParameter;
        PVOID DeviceObjectHint;
        PTXN_PARAMETER_BLOCK TxnParameters;
        PESILO SiloContext;
    } IO_DRIVER_CREATE_CONTEXT, *PIO_DRIVER_CREATE_CONTEXT;

    But the PESILO member is only available only after windows 10 threshold (see here ). The structure should have a definition something like this:

    typedef struct _IO_DRIVER_CREATE_CONTEXT {
        CSHORT Size;
        struct _ECP_LIST *ExtraCreateParameter;
        PVOID DeviceObjectHint;
        PTXN_PARAMETER_BLOCK TxnParameters;

    #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)

        PESILO SiloContext;

    #endif

    } IO_DRIVER_CREATE_CONTEXT, *PIO_DRIVER_CREATE_CONTEXT;

    The reason is that FltCreateFileEx2 will return STATUS_INVALID_PARAMETER when checking the size of the structure. It is going to expect 0x20 but IoInitializeDriverCreateContext will initialize it to 0x28.

    So basically you could fix it yourself by dynamically decreasing the Size member of the structure by a sizeof(PVOID) for versions of windows below threshold.

    Good luck,

    Gabriel.

    www.kasardia.com


    B.Gabriel

    Tuesday, July 12, 2016 9:51 AM

All replies

  • This will be fixed in the WDK release

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, July 13, 2016 3:51 PM