Skip to main content

 none
createfile does not work after creating and installing my device driver RRS feed

  • Question

  • i have created and installed my driver mybeep.sys successfuly, but the createfile function fails with getlasterror = 1

    some kernel part:

    /* Create the device */
        Status = IoCreateDevice(DriverObject,
            sizeof(DEVICE_EXTENSION),
            &DeviceName,
            FILE_DEVICE_BEEP,
            0,
            FALSE,
            &DeviceObject);
        //KdPrint(("status from iocreatedevice 0x%x\n", Status));
        if (!NT_SUCCESS(Status)) return Status;

        /* Make it use buffered I/O */
        DeviceObject->Flags |= DO_BUFFERED_IO;

        /* Setup the Driver Object */
        DriverObject->MajorFunction[IRP_MJ_CREATE] = BeepCreate;
        DriverObject->MajorFunction[IRP_MJ_CLOSE] = BeepClose;
        DriverObject->MajorFunction[IRP_MJ_CLEANUP] = BeepCleanup;
        DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = BeepDeviceControl;
        DriverObject->DriverUnload = BeepUnload;
        DriverObject->DriverStartIo = BeepStartIo;

    // etc...

    the user mode part:

    HANDLE hbeep =
                            CreateFile(pdidd->DevicePath,
                                GENERIC_READ | GENERIC_WRITE,
                                FILE_SHARE_READ | FILE_SHARE_WRITE,
                                NULL,
                                OPEN_EXISTING,
                                FILE_ATTRIBUTE_NORMAL,
                                NULL);

    hbeep = -1 and getlasterror = 1

    note that the device path is valid .

    Friday, January 18, 2019 7:28 PM

Answers

  • Well, there's your problem. Applications cannot see kernel objects. You need to create a symbolic link name to make the device object visible to applications.

    Why are you using WDM instead of WDF?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 8:00 PM
    Moderator

All replies

  • Have you created a symbolic link for the device object?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 7:53 PM
    Moderator
  • no , why
    Friday, January 18, 2019 7:58 PM
  • Well, there's your problem. Applications cannot see kernel objects. You need to create a symbolic link name to make the device object visible to applications.

    Why are you using WDM instead of WDF?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 8:00 PM
    Moderator
  • it is just for study
    Friday, January 18, 2019 8:03 PM
  • the symbolick name should be RTL_CONSTANT_STRING(L"\\Device\\Beep0"); or RTL_CONSTANT_STRING(L"\\DosDevices\\Beep0");?

    Friday, January 18, 2019 8:06 PM
  • The only object manager directories that applications can see into are BaseNamedObjects and DosDevices, so you should use the latter

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 8:11 PM
    Moderator
  • it does not work if i put these changes :

    UNICODE_STRING dn = RTL_CONSTANT_STRING(L"\\Device\\Beep0"); // on the top of the file
    UNICODE_STRING sl = RTL_CONSTANT_STRING(L"\\DosDevices\\Beep0"); // on the top of the file

    IoCreateSymbolicLink(&sl, &dn); // in driver entry

    IoDeleteSymbolicLink(&sl); // in driver unload

    Friday, January 18, 2019 8:26 PM
  • Did you check the return status from IoCreateSymbolicLink?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 8:29 PM
    Moderator
  • Have you already tried any similar example (consisting of a device and usermode app) on Microsoft's github? If not, please do.

    -- pa

    Friday, January 18, 2019 8:30 PM
  • the debug view does not show any informations even if i put the kdprint(...) line just after the iocreatesymboliklink

          Status =  IoCreateSymbolicLink(&sl, &dn);
          KdPrint(("status from IoCreateSymbolicLink0x%x\n", Status));

    note : it does not work if i specify sl or dn for the DeviceName parameter of the iocreatedevice function.


    i install the driver via the pnp manager
    Friday, January 18, 2019 8:41 PM
  • As Pavel pointed out, you should look at the samples in the WDK, specifically General\IOCTL\Wdm\Sys

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, January 18, 2019 8:45 PM
    Moderator
  • i am trying to rebuilding the beep sample from github, the sample works with the OSR LOADER but it does not work with the pnp manager and giving the mentioned results
    Friday, January 18, 2019 8:46 PM
  • So you want to know what's the difference between the OSR loader and Dev. Manager? 

    The OSR loader installs non-PnP drivers and it does not use inf files. Exactly what's needed for your study.

    -- pa

    Saturday, January 19, 2019 3:41 AM