1

I have a user app that opens a file and then calls CreateFileMapping. I have a driver that creates/opens the file which I have traced and successfully executes. The problem is that CreateFileMapping always returns error 193. I have successfully mapped against other files so I'm thinking must be an issue on the driver side. Windows 8.1 x64 (driver obviously 64bit) and the application as well. I have used dependency walker to check any dll issues and all seem to be fine.

Driver snippet:

InitializeObjectAttributes(&fileAttributes,
    &fileName,
    OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
    NULL, // RootDirectory
    NULL // SecurityDescriptor
    );

if (KeGetCurrentIrql() != PASSIVE_LEVEL)
    return STATUS_INVALID_DEVICE_STATE;

status = ZwCreateFile(
    &context->FileHandle,
    SYNCHRONIZE | FILE_GENERIC_WRITE | FILE_GENERIC_READ | DELETE, 
    &fileAttributes,
    &ioStatus,
    NULL, // alloc size = none
    FILE_ATTRIBUTE_NORMAL,
    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
    FILE_OPEN_IF,
    FILE_RANDOM_ACCESS | 
    FILE_NON_DIRECTORY_FILE | FILE_DELETE_ON_CLOSE | 
    FILE_SYNCHRONOUS_IO_NONALERT | FILE_DEVICE_SECURE_OPEN,
    NULL, // eabuffer
    0 // ealength
);

User app snippet:

LPCWSTR dev_path = L"\\\\.\\testdisk.txt";
fd = CreateFile(dev_path, FILE_GENERIC_READ | FILE_GENERIC_WRITE,
    FILE_SHARE_READ | FILE_SHARE_WRITE, // FILE_SHARE_DELETE
    NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

if (fd == INVALID_HANDLE_VALUE)
{
    error("open device %ls failed, %s (%u)\n", dev_path, strerror(errno), GetLastError());
    exit(EXIT_FAILURE);
}
mapFile = CreateFileMapping(
    fd,
    NULL,
    PAGE_READWRITE,
    0, // maximum object size (high-order DWORD)
    1,   // maximum object size (low-order DWORD)
    NULL);

Edit 1: The filename in the driver is #define DEV_PATH L"\\DosDevices\\C:\\testdisk.txt" The symbolic link is #define DEV_SYMBOLIC_LINK L"\\DosDevices\\testdrive.txt" using the function WdfDeviceCreateSymbolicLink and I set the device name to #define DEV_NAME L"\\Device\\testdrive.txt" using the function WdfDeviceInitAssignName

Edit 2: I have updated the device and file paths. I still get 193 error when accessing the file from user space \\.\qqdevice\test.txt and if I use C:\qqdevice\test.txt then the file gets created but the driver never gets notified.

#define DEV_NAME L"\\Device\\qqdevice"
#define DEV_SYMBOLIC_LINK L"\\DosDevices\\qqdevice"
#define DEV_FILE_PATH L"\\DosDevices\\C:\\qqdevice\\test.txt"
Luis
  • 114
  • 2
  • 10
  • 1
    Um, the handle passed to `CreateFileMapping` must be a file handle. It looks like you're passing a device handle. – Raymond Chen Apr 17 '16 at 15:43
  • Help me understand, when the file, which is `dev_path` in this case, is accessed `EvtDeviceFileCreate` function is fired in that function I use `ZwCreateFile` function to create/open the file, are you saying this is a device? How can I make `fd` be a file handle and not device handle – Luis Apr 17 '16 at 16:25
  • If the filename is `c:\testdisk.txt` why does your user application open `\\.\testdisk.txt` ? They're not at all the same thing. – Harry Johnston Apr 17 '16 at 23:04
  • @HarryJohnston I had tried using c:\testdisk.txt but the `EvtDeviceFileCreate` function configured using `WDF_FILEOBJECT_CONFIG_INIT` only gets called when using `\\.\testdisk.txt`. `WdfDeviceCreateSymbolicLink` takes device and a unicode string as L`\\DosDevices\testdisk.txt` as params – Luis Apr 18 '16 at 12:05
  • Normally those would be two different steps - first you would ask the driver to create the file, and then you would open it. What are you actually trying to achieve? – Harry Johnston Apr 18 '16 at 21:28
  • 1
    `EvtDeviceFileCreate` is called when the app creates a handle to a device. But presumably you want the app to create a handle to a file, so you can map it. I think there's some underlying confusion about devices and files. You can't seem to make up your mind whether you want the app to create a device handle or a file handle. – Raymond Chen Apr 19 '16 at 05:53
  • \\.\qqdevice throws error 5 permission denied. In the inf the class is set to `HKR,,Security,,"D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)" ` which I have verified in the registry. I guess the question no longer applies to the problem – Luis Apr 19 '16 at 14:21
  • If I correctly understand what the device driver is doing, then the application should *first* open `\\.\qqdevice\test.txt` (which causes the driver to create a file on the C drive) and *then* open `c:\test.txt`, i.e., the file the driver just created. You can't do it in one step, or at least not the way the driver is currently set up. – Harry Johnston Apr 19 '16 at 22:04
  • @HarryJohnston thanks :) it works! I didn't know the two steps process. – Luis Apr 20 '16 at 06:25

0 Answers0