BTH_DEVICE_INFO_LIST IOCTL Execution

Question

I am trying to execute IOCTL_BTH_GET_DEVICE_INFO for this purpose,as a beginner I write following code

#include <ntddk.h>
#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
#include <ntddk.h>
#include <wdf.h>
#include <initguid.h> 
#include <ntstrsafe.h>
#include <bthdef.h>
#include <ntintsafe.h>
#include <bthguid.h>
#include <bthioctl.h>
#include <sdpnode.h>
#include <bthddi.h>
#include <bthsdpddi.h>
#include <bthsdpdef.h>
#include <wdfobject.h>
#include <wdfdriver.h>
#include <wdm.h>

DRIVER_INITIALIZE DriverEntry;
EVT_WDF_DRIVER_DEVICE_ADD KmdfHelloWorldEvtDeviceAdd;
UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\MyDeivce123");
PDEVICE_OBJECT DeviceObject = NULL;
UNICODE_STRING SymLinkName = RTL_CONSTANT_STRING(L"\\??\mydevicelink123");
NTSTATUS BleDispatchCreate(PDEVICE_OBJECT device_obj, PIRP Irp)
{
KdPrint((" Inside BleDispatchCreate "));
KdPrint((" BleDispatchCreate Execution complete"));
//need to return status
return STATUS_SUCCESS;
}

NTSTATUS BleDispatchDeviceControl(PDEVICE_OBJECT device_obj, PIRP Irp)
{
KdPrint((" Inside BleDispatchDeviceControl "));

KdPrint((" BleDispatchDeviceControl Execution complete"));
//need to return status
return STATUS_SUCCESS;
}
//removed Unload function
NTSTATUS BleTest(PDEVICE_OBJECT device_obj, PIRP Irp)
{
PBTH_DEVICE_INFO_LIST PBLRI = (PBTH_DEVICE_INFO_LIST)Irp- >AssociatedIrp.SystemBuffer;
NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION irp_sl = IoGetCurrentIrpStackLocation(Irp);
KdPrint(("Number of devices are before i/ocall  %lu", PBLRI->numOfDevices));
status = IoCallDriver(device_obj, Irp);
if (status == STATUS_SUCCESS) {
    KdPrint(("IOCALLDRIVER  SUCCESS : \n "));
    KdPrint(("Number of devices are %lu", PBLRI->numOfDevices));
}
else {
    KdPrint(("Driver call Failed!\r\n"));
    return status;
}
return status;
}
NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING 
RegistryPath) {
NTSTATUS status = STATUS_SUCCESS;
int i;
DriverObject->DriverUnload = Unload;

status = IoCreateDevice(DriverObject, 0, 
&DeviceName,FILE_DEVICE_BLUETOOTH,FILE_CHARACTERISTIC_PNP_DEVICE, FALSE, 
&DeviceObject);
if (!NT_SUCCESS(status)){
    KdPrint(("creating device failed \n "));
    return status;
}else
    KdPrint(("Device creation successful\r\n"));
status = IoCreateSymbolicLink(&SymLinkName, &DeviceName);
if (!NT_SUCCESS(status)){
    KdPrint(("creating symbolic link failed \n"));
    IoDeleteDevice(DeviceObject);
    return status;
}else
    KdPrint(("Symbolic link creation successful\r\n"));
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = 
BleDispatchDeviceControl;
/********fill IRP *****************************/
PIRP Irp = NULL;
ULONG IoControlCode = IOCTL_BTH_GET_DEVICE_INFO;
ULONG InputBufferLength = sizeof(BTH_DEVICE_INFO_LIST);
BTH_DEVICE_INFO_LIST  InputBuffer;
ULONG OutputBufferLength = sizeof(BTH_DEVICE_INFO_LIST);
BTH_DEVICE_INFO_LIST  OutputBuffer;
BOOLEAN InternalDeviceIoControl = FALSE;
PKEVENT Event = NULL;
IO_STATUS_BLOCK ISB;
PIO_STATUS_BLOCK IoStatusBlock = &ISB;
Irp = IoBuildDeviceIoControlRequest(IoControlCode, DeviceObject,&InputBuffer, 
InputBufferLength, &OutputBuffer, OutputBufferLength,InternalDeviceIoControl, 
Event, IoStatusBlock);
/* IO_COMPLETION_ROUTINE CdDevCtrlCompletionRoutine;
NTSTATUS
    CdDevCtrlCompletionRoutine(
        _In_ PDEVICE_OBJECT DeviceObject,
        _In_ PIRP Irp,
        _In_reads_opt_(_Inexpressible_("varies")) PVOID Contxt
    );*/
BleTest(DeviceObject, Irp);
KdPrint(("Driver LOAD ENDS returning success \n "));
return status;
}

Output log file is

• Device creation successful
• Symbolic link creation successful
• Number of devices are before I/O call 1313444832
• Inside BleDispatchDeviceControl
• BleDispatchDeviceControl Execution complete
• IOCALLDRIVER SUCCESS :
• Number of devices are 1313444832
• Driver LOAD ENDS returning success
• Driver unload called

It print some garbage value in my opinion.Please point out to the mistake I made init ? I am beginner in this field.If this is post is not clear please point me.I will try to make it more consise.

Answer 1

The code you provided is incomplete, DeviceObject, OutputBufferLength and device_obj are undefined. So I have no way to test it, I will tell you the issues I see so far, but if they cannot fix the error, please make a Minimal Reproducible Example.

1. InputBuffer or OutputBuffer currently means an array with sizeof(BTH_DEVICE_INFO_LIST) elements and the element type is PVOID, which is obviously wrong. They should be BTH_DEVICE_INFO_LIST Input; BTH_DEVICE_INFO_LIST Output;, and then use them this way &Input &Output. But this issue should not affect the results, they will just take up more stack space and are meaningless.

2. \InternalDeviceIoControl I'm not sure what the '\' means here.

3. Irp may be asynchronous, according to the MSDN description, if you pass NULL to the Event parameter, you must supply an IoCompletion routine.

4. The MSDN does not say that the IoStatusBlock parameter allows NULL, so please always pass a pointer to a variable of type IO_STATUS_BLOCK.

5. What is the return value of IoCallDriver? STATUS_PENDING or something else?

6. Changing (*PBLRI).numOfDevices to PBLRI->numOfDevices would be better.

The error you are facing is most likely due to point 3, so consider supplying an IoCompletion routine or passing an initialized KEVENT variable, and then waiting for the Irp to complete.