none
I get blue screen after using the RtlIntegerToUnicodeString() function in a legacy device driver RRS feed

  • Question

  • this is the writedispatch function code:

    NTSTATUS USE_WRITE_FUNCTION(PDEVICE_OBJECT DeviceObject, PIRP irp)
    {
    NTSTATUS NtStatus = STATUS_SUCCESS;

    DbgPrint("write function called");

    IO_STACK_LOCATION * isl = IoGetCurrentIrpStackLocation(irp);
    //DbgPrint((CHAR*)irp->AssociatedIrp.SystemBuffer);

    UNICODE_STRING s1;
    RtlIntegerToUnicodeString(isl->Parameters.DeviceIoControl.InputBufferLength, 10, &s1);
    UNICODE_STRING s2;
    RtlIntegerToUnicodeString(isl->Parameters.DeviceIoControl.OutputBufferLength, 10, &s2);

    /*ANSI_STRING d1;
    RtlUnicodeStringToAnsiString(&d1, &s1, TRUE);
    DbgPrint(d1.Buffer);
    ANSI_STRING d2;
    RtlUnicodeStringToAnsiString(&d2, &s2, TRUE);
    DbgPrint(d2.Buffer);*/
    irp->IoStatus.Status = STATUS_SUCCESS;
    irp->IoStatus.Information = 0;
    IoCompleteRequest(irp, IO_NO_INCREMENT);

    return NtStatus;

    }

    it gives me a blue screen with 0x8E error using that function. so any suggestions or fixings?

    Tuesday, January 30, 2018 12:50 PM

Answers

  • The Unicode_string must be properly initialized with a large enough buffer. Same for the ansi_string structures you commented out. From the api docs, it says clearly Pointer to a UNICODE_STRING structure that receives the string representation of Value. The buffer specified by the Buffer of String must be large enough to hold the result.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, January 30, 2018 3:07 PM

All replies

  • The Unicode_string must be properly initialized with a large enough buffer. Same for the ansi_string structures you commented out. From the api docs, it says clearly Pointer to a UNICODE_STRING structure that receives the string representation of Value. The buffer specified by the Buffer of String must be large enough to hold the result.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, January 30, 2018 3:07 PM
  • The blue screen codes reference is here. So your 8E is KERNEL_MODE_EXCEPTION_NOT_HANDLED. It's time to get the debugger and debug. It's likely because your s1, s2 are not initialized. "The buffer specified by the Buffer of String must be large enough to hold the result."

    -- pa

    Tuesday, January 30, 2018 3:18 PM
  • done

    https://blogs.msdn.microsoft.com/doronh/2006/02/27/how-to-correctly-initialize-a-unicode_string/


    Tuesday, January 30, 2018 5:02 PM