none
KMDF Driver open the Beep Device sucessfully. but Set Beep failed . It doesn't work RRS feed

  • Question

  • I want to access the system's beep device. I opened the Beep Device successfuly. but It doesn'work with dobeep(). I don't know what's wrong with the code. In the beepIoctlRequestCompletionRoutine. CompletionParams->IoStatus.Status return 0xc0000001.

    NTSTATUS DoBeep(WDFDEVICE device, unsigned int Duration, unsigned int Frequency)
    {
    NTSTATUS status = STATUS_SUCCESS;
    BEEP_SET_PARAMETERS input;
    WDFMEMORY wdfMemory = NULL;
    WDFREQUEST request;
    WDF_OBJECT_ATTRIBUTES attributes;
    PDEVICE_EXTENSION pDeviceExtension = DeviceGetContext(device);
    // WDF_REQUEST_SEND_OPTIONS options;

    KdPrint(("beep into"));

    status = WdfRequestCreate(WDF_NO_OBJECT_ATTRIBUTES,
    pDeviceExtension->BeepTarget,
    &request);

    if (!NT_SUCCESS(status))
    {
    KdPrint(("beep WdfRequestCreate failed.status=0x%x!", status));
    return status;
    }

    WDF_OBJECT_ATTRIBUTES_INIT(&attributes);

    attributes.ParentObject = request;

    input.Duration = Duration;
    input.Frequency = Frequency;


    WdfMemoryCreatePreallocated(&attributes, &input, sizeof(BEEP_SET_PARAMETERS), &wdfMemory);
    status = WdfIoTargetFormatRequestForIoctl(pDeviceExtension->BeepTarget,
    request,
    IOCTL_BEEP_SET,
    wdfMemory,
    NULL,
    wdfMemory,
    NULL);
    if (!NT_SUCCESS(status)) {
    KdPrint(("beep WdfIoTargetFormatRequestForIoctl failed.status=0x%x!", status));
    return status;
    }

    WdfRequestSetCompletionRoutine(request,
    beepIoctlRequestCompletionRoutine,
    NULL);

    // WDF_REQUEST_SEND_OPTIONS_INIT(&options,
    // WDF_REQUEST_SEND_OPTION_SYNCHRONOUS);
    // 
    // if (!WdfRequestSend(request,
    // pDeviceExtension->BeepTarget,
    // &options)) {
    // status = WdfRequestGetStatus(request);
    // if (!NT_SUCCESS(status)) {
    // KdPrint(("beep WdfRequestSend failed! 0x%0.4x", status));
    // return status;
    // }
    // }

    if (WdfRequestSend(request, pDeviceExtension->BeepTarget, WDF_NO_SEND_OPTIONS) == FALSE)
    {
    status = WdfRequestGetStatus(request);
    KdPrint(("beep WdfRequestSend failed 0x%x\n", status));
    return status;
    }
    KdPrint(("beep before success!"));
    // KeSleep(Duration);
    // KeSleep(50000);
    WaitMicroSecond(100);

    KdPrint(("beep success!"));
    return status;
    }

    NTSTATUS OpenBeepDevice(WDFDEVICE Device, WDFIOTARGET* Target)
    {
    WDF_IO_TARGET_OPEN_PARAMS   openParams;
    NTSTATUS status = STATUS_SUCCESS;
    WDFIOTARGET                 ioTarget;
    WDF_OBJECT_ATTRIBUTES       attributes;

    WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&attributes, BEEP_DEVICE_INFO);
    DECLARE_UNICODE_STRING_SIZE(SymbolicLink, 128);
    status = WdfIoTargetCreate(Device,
    &attributes,
    &ioTarget);
    if (!NT_SUCCESS(status)) {
    KdPrint(("beep WdfIoTargetCreate failed 0x%x\n", status));
    return status;
    }


    status = RtlUnicodeStringPrintf(&SymbolicLink, L"\\Device\\%s", L"Beep");
    if (!NT_SUCCESS(status)) {
    return status;
    }


    WDF_IO_TARGET_OPEN_PARAMS_INIT_OPEN_BY_NAME(
    &openParams,
    &SymbolicLink,
    STANDARD_RIGHTS_ALL);

    openParams.ShareAccess = FILE_SHARE_WRITE | FILE_SHARE_READ;


    status = WdfIoTargetOpen(ioTarget, &openParams);

    if (!NT_SUCCESS(status)) {
    KdPrint(("beep WdfIoTargetOpen failed with status 0x%x\n", status));
    WdfObjectDelete(ioTarget);
    return status;
    }

    KdPrint(("beep WdfIoTargetOpen Successfully!\n"));

    *Target = ioTarget;
    return status;
    }

    VOID
    beepIoctlRequestCompletionRoutine(
    IN WDFREQUEST                  Request,
    IN WDFIOTARGET                 Target,
    PWDF_REQUEST_COMPLETION_PARAMS CompletionParams,
    IN WDFCONTEXT                  Context
    )

    {
    UNREFERENCED_PARAMETER(Context);
    UNREFERENCED_PARAMETER(Request);
    UNREFERENCED_PARAMETER(Target);
    // targetInfo = GetTargetDeviceInfo(Target);

    KdPrint(("beep CompletionParams.IoStatus.status =%x ", CompletionParams->IoStatus.Status));

    //status = 0xc0000001

    }


    • Edited by perlinson Saturday, October 17, 2015 8:53 AM
    Saturday, October 17, 2015 8:52 AM

Answers

  • I know it has been a few years, but I finally needed to dust off my Beep device code and figure out why it wasn't working: Microsoft changed how the Beep device converts IOCTL_BEEP_SET to sound.

    PlaySndSrv sends IOCTLs to the Beep device on behalf of each user session in the system (note: not session #0), which the Beep device queues. When Beep gets IOCTL_BEEP_SET, it looks up the session ID using IoGetRequestorSessionId, passing in the PETHREAD value in Irp->Tail.Overlay.Thread, and uses that to find the PlaySndSrv IRP for the user's session, and then completes that IRP with the parameters from IOCTL_BEEP_SET, and the sound gets processed in user-mode and comes out the user's speakers. If the PETHREAD address is not set in the IRP, the idiot Beep driver will return STATUS_UNSUCCESSFUL, which is one of the worst status values ever defined and should be banned.

    Setting the PETHREAD in a driver-created WDFREQUEST's shadow IRP to a valid thread in the user's session will work (I grab the PETHREAD value (using PsGetCurrentThread) when a handle is opened to my device, and use that later when creating a WDFREQUEST).

    irp = WdfRequestWdmGetIrp (device_ctx->beep_request);
    irp->Tail.Overlay.Thread = handle_ctx->thread;
    

    -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Sunday, August 18, 2019 9:27 PM
    Moderator

All replies

  • Looks pretty close. What values are you using for Frequency and Duration?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Saturday, October 17, 2015 10:50 PM
    Moderator
  • Frequency = Duration = 500  (ms)
    Sunday, October 18, 2015 2:48 AM
  • you are leaking the request. you should really be sending it synchronously from DoBeep. if you use the SendIoctlSynchronous call, you don't need the preallaocted WDFMEMORY either. note that starting in win7, the beep driver calls back into user mode to make the beep sound, you could be sending the beep request before UM is ready.

    also, this is not necessary

    status = RtlUnicodeStringPrintf(&SymbolicLink, L"\\Device\\%s", L"Beep");

    it can easily be RtlInitUnicodeString(&SymbolicLink, "\\Device\\Beep");


    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Sunday, October 18, 2015 3:41 AM
  • thankyou for your answer! How do I know that the user model is ready?   Use IoRegisterPlugPlayNotification?

    Can you show sample code about it?  I was try to use sending the request synchronously from DoBeep() but It also doest't work

    Sunday, October 18, 2015 6:30 AM
  • yes. when I type "CTRL + G".  After "Enter" It works well
    Sunday, October 18, 2015 11:08 AM
  • this state is not exposed. have you tried calling HalMakeBeep?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Sunday, October 18, 2015 10:06 PM
  • What should I do if I want the beep to work.
    Wednesday, October 21, 2015 1:19 AM
  • When I wrote my driver that uses Beep, I used synchronous I/O, and I didn't have a problem. I used a frequency of 7000 and a duration of 500

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, October 21, 2015 1:24 AM
    Moderator
  • Would you please write your sourcecode in here .Thank you very much

    Wednesday, October 21, 2015 3:30 AM
  • NTSTATUS BEEP$open										// Open the BEEP device
    	(
    	IN WDFDEVICE	Device_obj							// Handle to the WDF device object
    	)
    
    //++
    //
    // DESCRIPTION:		Create a remote I/O target for the Beep device, and open it
    //
    // ASSUMPTIONS:		Kernel mode, IRQ = PASSIVE
    //
    // RETURN VALUES:
    //
    //		STATUS_SUCCESS					Normal, successful completion
    //
    // SIDE EFFECTS:
    //
    //--
    
    {
    NTSTATUS					status = STATUS_SUCCESS;			// Assume successful completion
    pDEVICE_CONTEXT				device_ctx = DEV$get_device_context (Device_obj);
    WDF_OBJECT_ATTRIBUTES		attrs;
    WDF_IO_TARGET_OPEN_PARAMS	open_params;
    UNICODE_STRING				beep_name;
    pBEEP_TARGET_CONTEXT		beep_target_ctx;
    
    
    	_DBG_ENTER_ROUTINE (BEEP$open, == PASSIVE);
    
    	//+
    	// Create the I/O target
    	//-
    
    	WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE (&attrs, BEEP_TARGET_CONTEXT);
    
    	if (NT_SUCCESS (status = WdfIoTargetCreate (Device_obj, &attrs, &device_ctx->beep_target)))
    		{
    
    		//+
    		// Fill in the I/O target's context block
    		//-
    
    		beep_target_ctx = BEEP$get_target_context (device_ctx->beep_target);
    		beep_target_ctx->morse_device = Device_obj;
    
    		//+
    		// Build a Unicode string descriptor containing the name of the Beep device object
    		//-
    
    		RtlInitUnicodeString (&beep_name, DD_BEEP_DEVICE_NAME_U);
    
    		//+
    		// Fill in the I/O target open parameters structure with the name of the Beep device
    		// and the access mask.  Set the sharing type.
    		//-
    
    		WDF_IO_TARGET_OPEN_PARAMS_INIT_CREATE_BY_NAME (&open_params, &beep_name, STANDARD_RIGHTS_ALL);
    		open_params.ShareAccess = FILE_SHARE_WRITE;
    
    		//+
    		// Open the Beep I/O target
    		//-
    
    		if (NT_SUCCESS (status = WdfIoTargetOpen (device_ctx->beep_target, &open_params)))
    			{
    
    			//+
    			// Create the I/O request that will be sent to the Beep I/O target
    			//-
    
    			WDF_OBJECT_ATTRIBUTES_INIT (&attrs);
    			attrs.ParentObject = device_ctx->beep_target;
    
    			if (NT_SUCCESS (status = WdfRequestCreate (&attrs, device_ctx->beep_target, &beep_target_ctx->beep_request)))
    				{
    
    				//+
    				// Allocate a buffer to hold the parameters for the IOCTL
    				//-
    
    				WDF_OBJECT_ATTRIBUTES_INIT (&attrs);
    
    				if (NT_SUCCESS (status = WdfMemoryCreate (&attrs, NonPagedPool, 'trbm', sizeof (BEEP_SET_PARAMETERS), 
    						&beep_target_ctx->params_memory, &beep_target_ctx->beep_params)))
    					{
    					PBEEP_SET_PARAMETERS		beep_params = beep_target_ctx->beep_params;
    
    					BEEP$$tone (Device_obj, 7000, 500);
    					}
    				else
    					{
    					_DBG_ERROR (("Error creating memory object for IOCTL, status = %08x\n", status));
    					}
    
    				}
    			else
    				{
    				_DBG_ERROR (("Error allocating I/O request, status = %08x\n", status));
    
    				//+
    				// Close the Beep I/O target, because the I/O request creation failed
    				//-
    
    				WdfIoTargetClose (device_ctx->beep_target);
    				}
    
    			}
    		else
    			{
    			_DBG_ERROR (("Error opening the Beep I/O target, status = %08x\n", status));
    
    			//+
    			// Delete the Beep I/O target, because the open failed
    			//-
    
    			WdfObjectDelete (device_ctx->beep_target);
    			}
    
    		}
    	else
    		{
    		_DBG_ERROR (("Error creating Beep device I/O target, status = %08x\n", status));
    		}
    
    	_DBG_LEAVE_ROUTINE;
    
    	return status;
    }												// End routine BEEP$open
    
    
    NTSTATUS BEEP$$tone										// Tell the Beep device to play a tone
    	(
    	IN WDFDEVICE	Device_obj,							// Handle to the WDF device object
    	IN ULONG		Frequency,							// Frequency of tone to play
    	IN ULONG		Duration							// Duration of tone
    	)
    
    //++
    //
    // DESCRIPTION:		Send an I/O request to the Beep device and tell it to make a tone
    //
    // ASSUMPTIONS:		Kernel mode, IRQ = PASSIVE
    //
    // RETURN VALUES:
    //
    //		STATUS_SUCCESS					Normal, successful completion
    //
    // SIDE EFFECTS:
    //
    //--
    
    {
    NTSTATUS					status = STATUS_SUCCESS;			// Assume successful completion
    pDEVICE_CONTEXT				device_ctx = DEV$get_device_context (Device_obj);
    pBEEP_TARGET_CONTEXT		beep_target_ctx = BEEP$get_target_context (device_ctx->beep_target);
    PBEEP_SET_PARAMETERS		beep_params = beep_target_ctx->beep_params;
    WDF_REQUEST_SEND_OPTIONS	send_options;
    ULONG						length;
    
    
    	_DBG_ENTER_ROUTINE (BEEP$$tone, == PASSIVE);
    
    	//+
    	// Fill in the parameters
    	//-
    
    	beep_params->Frequency = Frequency;
    	beep_params->Duration = Duration;
    
    	//+
    	// Build the I/O request
    	//-
    
    	if (NT_SUCCESS (status = WdfIoTargetFormatRequestForIoctl (device_ctx->beep_target, beep_target_ctx->beep_request,
    			IOCTL_BEEP_SET, beep_target_ctx->params_memory, 0, 0, 0)))
    		{
    
    		//+
    		// Set the send options so this request will be sent synchronously
    		//-
    
    		WDF_REQUEST_SEND_OPTIONS_INIT (&send_options, WDF_REQUEST_SEND_OPTION_SYNCHRONOUS);
    
    		//+
    		// Send the request to the Beep device
    		//-
    
    		if (NT_SUCCESS (status = WdfRequestSend (beep_target_ctx->beep_request, device_ctx->beep_target, &send_options)))
    			{
    			}
    		else
    			{
    			_DBG_ERROR (("Error sending IOCTL to Beep device, status = %08x\n", status));
    			}
    
    		}
    	else
    		{
    		_DBG_ERROR (("Error formatting IOCTL request, status = %08x\n", status));
    		}
    
    	_DBG_LEAVE_ROUTINE;
    
    	return status;
    }												// End routine BEEP$$tone
    
    
    

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, October 21, 2015 3:53 AM
    Moderator
  • Thank you very very much!

    Would you please tell me your Operation System Version ?  Win xp,  7 or 8

    Thank you very much!

    Thursday, October 22, 2015 11:50 AM
  • I wrote it in 2011, and it was built with VS2010. Looking at the last build log, I see that it was built for 32-bit XP with the Win7 WDK. I'm pretty sure it ran on XP-Win7, and I don't see anything that would prevent it from running on Win8-10 - as long as the hardware support was there.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thursday, October 22, 2015 6:10 PM
    Moderator
  • NTSTATUS BEEP_tone          // Tell the Beep device to play a tone
    (
    IN WDFDEVICE Device_obj,       // Handle to the WDF device object
    IN ULONG  Frequency,       // Frequency of tone to play
    IN ULONG  Duration       // Duration of tone
    )

    //++
    //
    // DESCRIPTION:  Send an I/O request to the Beep device and tell it to make a tone
    //
    // ASSUMPTIONS:  Kernel mode, IRQ = PASSIVE
    //
    // RETURN VALUES:
    //
    //  STATUS_SUCCESS     Normal, successful completion
    //
    // SIDE EFFECTS:
    //
    //--

    {
     NTSTATUS     status = STATUS_SUCCESS;   // Assume successful completion
     PDEVICE_EXTENSION   device_ctx = DeviceGetContext(Device_obj);
     PBEEP_DEVICE_INFO   beep_target_ctx = GetBeepDeviceInfo(device_ctx->beep_target);
     PBEEP_SET_PARAMETERS  beep_params = beep_target_ctx->beep_params;
     WDF_REQUEST_SEND_OPTIONS send_options;


     //_DBG_ENTER_ROUTINE(BEEP_tone, == PASSIVE);

     //+
     // Fill in the parameters
     //-

     beep_params->Frequency = Frequency;
     beep_params->Duration = Duration;

     //+
     // Build the I/O request
     //-

     if (NT_SUCCESS(status = WdfIoTargetFormatRequestForIoctl(device_ctx->beep_target,
      beep_target_ctx->beep_request,
      IOCTL_BEEP_SET,
      beep_target_ctx->params_memory,
      0,
      0,
      0)))
     {

      //+
      // Set the send options so this request will be sent synchronously
      //-

      WDF_REQUEST_SEND_OPTIONS_INIT(&send_options, WDF_REQUEST_SEND_OPTION_SYNCHRONOUS);

      //+
      // Send the request to the Beep device
      //-

      if (NT_SUCCESS(status = WdfRequestSend(beep_target_ctx->beep_request, device_ctx->beep_target, &send_options)))
      {
      }
      else
      {
       //_DBG_ERROR(("Error sending IOCTL to Beep device, status = %08x\n", status));
       KdPrint(("Error sending IOCTL to Beep device, status = %08x\n", status));
      }

     }
     else
     {
      KdPrint(("Error formatting IOCTL request, status = %08x\n", status));
     }
     return status;
    }            // End routine BEEP$$tone

    NTSTATUS Beep_Open          // Open the BEEP device
    (
    IN WDFDEVICE Device_obj       // Handle to the WDF device object
    )

    //++
    //
    // DESCRIPTION:  Create a remote I/O target for the Beep device, and open it
    //
    // ASSUMPTIONS:  Kernel mode, IRQ = PASSIVE
    //
    // RETURN VALUES:
    //
    //  STATUS_SUCCESS     Normal, successful completion
    //
    // SIDE EFFECTS:
    //
    //--

    {
     NTSTATUS     status = STATUS_SUCCESS;   // Assume successful completion
     PDEVICE_EXTENSION    device_ctx = DeviceGetContext(Device_obj);
     WDF_OBJECT_ATTRIBUTES  attrs;
     WDF_IO_TARGET_OPEN_PARAMS open_params;
     UNICODE_STRING    beep_name;
     PBEEP_DEVICE_INFO   beep_target_ctx;


     //_DBG_ENTER_ROUTINE(BEEP$open, == PASSIVE);
     KdPrint(("BEEP_open in"));

     //+
     // Create the I/O target
     //-

     WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&attrs, BEEP_DEVICE_INFO);

     if (NT_SUCCESS(status = WdfIoTargetCreate(Device_obj, &attrs, &device_ctx->beep_target)))
     {

      //+
      // Fill in the I/O target's context block
      //-

      beep_target_ctx = GetBeepDeviceInfo(device_ctx->beep_target);
      beep_target_ctx->morse_device = Device_obj;

      //+
      // Build a Unicode string descriptor containing the name of the Beep device object
      //-

      RtlInitUnicodeString(&beep_name, DD_BEEP_DEVICE_NAME_U);

      //+
      // Fill in the I/O target open parameters structure with the name of the Beep device
      // and the access mask.  Set the sharing type.
      //-

      WDF_IO_TARGET_OPEN_PARAMS_INIT_CREATE_BY_NAME(&open_params, &beep_name, STANDARD_RIGHTS_ALL);
      open_params.ShareAccess = FILE_SHARE_WRITE;

      //+
      // Open the Beep I/O target
      //-

      if (NT_SUCCESS(status = WdfIoTargetOpen(device_ctx->beep_target, &open_params)))
      {

       //+
       // Create the I/O request that will be sent to the Beep I/O target
       //-

       WDF_OBJECT_ATTRIBUTES_INIT(&attrs);
       attrs.ParentObject = device_ctx->beep_target;

       if (NT_SUCCESS(status = WdfRequestCreate(&attrs, device_ctx->beep_target, &beep_target_ctx->beep_request)))
       {

        //+
        // Allocate a buffer to hold the parameters for the IOCTL
        //-

        WDF_OBJECT_ATTRIBUTES_INIT(&attrs);

        if (NT_SUCCESS(status = WdfMemoryCreate(&attrs, NonPagedPool, 'trbm', sizeof(BEEP_SET_PARAMETERS),
         &beep_target_ctx->params_memory, &beep_target_ctx->beep_params)))
        {
         //PBEEP_SET_PARAMETERS  beep_params = beep_target_ctx->beep_params;

         BEEP_tone(Device_obj, 500, 500);
        }
        else
        {
         KdPrint(("Error creating memory object for IOCTL, status = %08x\n", status));
        }

       }
       else
       {
        KdPrint(("Error allocating I/O request, status = %08x\n", status));

        //+
        // Close the Beep I/O target, because the I/O request creation failed
        //-

        WdfIoTargetClose(device_ctx->beep_target);
       }

      }
      else
      {
       KdPrint(("Error opening the Beep I/O target, status = %08x\n", status));

       //+
       // Delete the Beep I/O target, because the open failed
       //-

       WdfObjectDelete(device_ctx->beep_target);
      }

     }
     else
     {
      KdPrint(("Error creating Beep device I/O target, status = %08x\n", status));
     }

     // _DBG_LEAVE_ROUTINE;
     KdPrint(("BEEP_open out"));

     return status;
    }            // End routine BEEP$open

    void Fun_BeepKeyOn(WDFDEVICE device)
    {

     PDEVICE_EXTENSION pDeviceExtension;
     pDeviceExtension = DeviceGetContext(device);

     WdfTimerStart(pDeviceExtension->timerForBeep, WDF_REL_TIMEOUT_IN_MS(10));
    }

    VOID
    fireflyEvtTimerBeep(
    __in WDFTIMER timer
    )
    {
     PTIMER_BEEP_CONTEXT timer_context = GetBeepTimerContext(timer);

     KdPrint(("Beep time off"));

     Beep_Open(timer_context->Device);

    }

    I use VS2013 and WDK8.1  .But no sound.

    Saturday, October 24, 2015 5:32 AM
  • how to make beep through the Audio Device if the beep Device isn't exsit on the target machine ? and if the beep device exsit . it can do work.

    Saturday, October 24, 2015 7:30 AM
  • So again, do you call it too early? Do you hear the sound when the system is fully started?

    I am sure the system is fully started.

    I try in many machine. I can heard the sound on only  one machine.

    Monday, October 26, 2015 6:52 AM
  • In Windows 7,  Beep was rewritten to pass the beep to the default sound device for the session.  This is normally the sound card, except when run under Terminal Services, in which case the beep is rendered on the client. Is there a sound output device on those systems, and is the default sound device setup?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, October 26, 2015 7:07 PM
    Moderator
  • I can play the music in all machine  and Each machine  has only one user
    Tuesday, October 27, 2015 5:01 AM
  • I know it has been a few years, but I finally needed to dust off my Beep device code and figure out why it wasn't working: Microsoft changed how the Beep device converts IOCTL_BEEP_SET to sound.

    PlaySndSrv sends IOCTLs to the Beep device on behalf of each user session in the system (note: not session #0), which the Beep device queues. When Beep gets IOCTL_BEEP_SET, it looks up the session ID using IoGetRequestorSessionId, passing in the PETHREAD value in Irp->Tail.Overlay.Thread, and uses that to find the PlaySndSrv IRP for the user's session, and then completes that IRP with the parameters from IOCTL_BEEP_SET, and the sound gets processed in user-mode and comes out the user's speakers. If the PETHREAD address is not set in the IRP, the idiot Beep driver will return STATUS_UNSUCCESSFUL, which is one of the worst status values ever defined and should be banned.

    Setting the PETHREAD in a driver-created WDFREQUEST's shadow IRP to a valid thread in the user's session will work (I grab the PETHREAD value (using PsGetCurrentThread) when a handle is opened to my device, and use that later when creating a WDFREQUEST).

    irp = WdfRequestWdmGetIrp (device_ctx->beep_request);
    irp->Tail.Overlay.Thread = handle_ctx->thread;
    

    -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Sunday, August 18, 2019 9:27 PM
    Moderator