ZwWriteFile return 0xC0000002.. why??
in [Device Drivers]
|
From: museion on 27 Oct 2006 05:08 hi... i wrote kernel driver.. this driver write log... (C:\\log.txt) but, when file size is about 700byte over, ZwWriteFile don't writes. errero return 0xC0000002 ... why?? help me.. plz.. <code> void WriteLogFile ( ) { HANDLE FileHandle; OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatusBlock; NTSTATUS ntStatus; LARGE_INTEGER FilePos; FILE_STANDARD_INFORMATION FileInformation; CHAR *strMessage=NULL; UNICODE_STRING usFilename; RtlInitUnicodeString (&usFilename, L"\\DosDevices\\C:\\log.txt"); InitializeObjectAttributes(&ObjectAttributes, &usFilename, OBJ_CASE_INSENSITIVE, NULL, NULL); ntStatus = ZwCreateFile( &FileHandle, SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN_IF, FILE_RANDOM_ACCESS |FILE_NON_DIRECTORY_FILE|FILE_NO_INTERMEDIATE_BUFFERING|FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); if (NT_SUCCESS(ntStatus)) { DbgPrint (("ZwCreateFile succeeded\n")); ntStatus = ZwQueryInformationFile( FileHandle, &IoStatusBlock, &FileInformation, sizeof (FileInformation), FileStandardInformation ); FilePos = FileInformation.EndOfFile; if (!NT_SUCCESS(ntStatus)) { DbgPrint (("## ZwQueryInformationFile returned: %X\n", ntStatus)); FilePos.QuadPart = 0; } { LARGE_INTEGER CurrentTime; LARGE_INTEGER LocalTime; TIME_FIELDS TimeFields; KeQuerySystemTime(&CurrentTime); ExSystemTimeToLocalTime( &CurrentTime, &LocalTime ); RtlTimeToTimeFields( &LocalTime, &TimeFields ); strMessage = (CHAR *)ExAllocatePool( NonPagedPool, 99 * sizeof(CHAR)); RtlZeroMemory( strMessage, 99 * sizeof(CHAR)); sprintf( strMessage, "%4d-%02d-%02d %02d:%02d:%02d\t%s\r\n", TimeFields.Year, TimeFields.Month, TimeFields.Day, TimeFields.Hour, TimeFields.Minute, TimeFields.Second, "0123456789" ); ntStatus = ZwWriteFile( FileHandle, NULL, NULL, NULL, &IoStatusBlock, strMessage, strlen(strMessage), &FilePos, NULL ); DbgPrint (("ZwWriteFile returned: %X\n", ntStatus)); DbgPrint (("ZwWriteFile IO_STATUS_BLOCK.Status: %X\n", IoStatusBlock.Status)); DbgPrint (("ZwWriteFile IO_STATUS_BLOCK.Information: %X\n",IoStatusBlock.Information)); ExFreePool(strMessage); } ZwClose (FileHandle); } else { DbgPrint (("ZwCreateFile failed\n")); } }
From: Eliyas Yakub [MSFT] on 27 Oct 2006 09:56 Follow the KMDF nonpnp sample. It demonstrates how to use Zw functions to read/write to a file. If that works, compare the code and find out what you are doing wrong. -Eliyas "museion" <muxeion(a)gmail.com> wrote in message news:1161940082.140681.159070(a)m73g2000cwd.googlegroups.com... > hi... i wrote kernel driver.. this driver write log... (C:\\log.txt) > but, when file size is about 700byte over, ZwWriteFile don't writes. > errero return 0xC0000002 ... why?? help me.. plz.. > > > <code> > > void WriteLogFile ( ) > { > HANDLE FileHandle; > OBJECT_ATTRIBUTES ObjectAttributes; > IO_STATUS_BLOCK IoStatusBlock; > NTSTATUS ntStatus; > LARGE_INTEGER FilePos; > FILE_STANDARD_INFORMATION FileInformation; > CHAR *strMessage=NULL; > UNICODE_STRING usFilename; > > RtlInitUnicodeString (&usFilename, L"\\DosDevices\\C:\\log.txt"); > > InitializeObjectAttributes(&ObjectAttributes, &usFilename, > OBJ_CASE_INSENSITIVE, NULL, NULL); > > ntStatus = ZwCreateFile( > &FileHandle, > SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE, > &ObjectAttributes, > &IoStatusBlock, > NULL, > FILE_ATTRIBUTE_NORMAL, > FILE_SHARE_READ|FILE_SHARE_WRITE, > FILE_OPEN_IF, > FILE_RANDOM_ACCESS > |FILE_NON_DIRECTORY_FILE|FILE_NO_INTERMEDIATE_BUFFERING|FILE_SYNCHRONOUS_IO_NONALERT, > > NULL, > 0 > ); > > if (NT_SUCCESS(ntStatus)) > { > DbgPrint (("ZwCreateFile succeeded\n")); > > ntStatus = ZwQueryInformationFile( > FileHandle, > &IoStatusBlock, > &FileInformation, > sizeof (FileInformation), > FileStandardInformation > ); > > FilePos = FileInformation.EndOfFile; > > if (!NT_SUCCESS(ntStatus)) > { > DbgPrint (("## ZwQueryInformationFile returned: %X\n", ntStatus)); > FilePos.QuadPart = 0; > } > > > { > LARGE_INTEGER CurrentTime; > LARGE_INTEGER LocalTime; > TIME_FIELDS TimeFields; > > KeQuerySystemTime(&CurrentTime); > ExSystemTimeToLocalTime( &CurrentTime, &LocalTime ); > RtlTimeToTimeFields( &LocalTime, &TimeFields ); > > strMessage = (CHAR *)ExAllocatePool( NonPagedPool, 99 * sizeof(CHAR)); > RtlZeroMemory( strMessage, 99 * sizeof(CHAR)); > > sprintf( strMessage, "%4d-%02d-%02d %02d:%02d:%02d\t%s\r\n", > TimeFields.Year, > TimeFields.Month, > TimeFields.Day, > TimeFields.Hour, > TimeFields.Minute, > TimeFields.Second, > "0123456789" > ); > > ntStatus = ZwWriteFile( > FileHandle, > NULL, > NULL, > NULL, > &IoStatusBlock, > strMessage, > strlen(strMessage), > &FilePos, > NULL > ); > > DbgPrint (("ZwWriteFile returned: %X\n", ntStatus)); > DbgPrint (("ZwWriteFile IO_STATUS_BLOCK.Status: %X\n", > IoStatusBlock.Status)); > DbgPrint (("ZwWriteFile IO_STATUS_BLOCK.Information: > %X\n",IoStatusBlock.Information)); > > ExFreePool(strMessage); > } > > ZwClose (FileHandle); > } > else > { > DbgPrint (("ZwCreateFile failed\n")); > } > } >
From: Tim Roberts on 28 Oct 2006 01:19 "museion" <muxeion(a)gmail.com> wrote: > >hi... i wrote kernel driver.. this driver write log... (C:\\log.txt) >but, when file size is about 700byte over, ZwWriteFile don't writes. >errero return 0xC0000002 ... why?? help me.. plz.. >... You need to read the documentation. > ntStatus = ZwCreateFile( > &FileHandle, > SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE, > &ObjectAttributes, > &IoStatusBlock, > NULL, > FILE_ATTRIBUTE_NORMAL, > FILE_SHARE_READ|FILE_SHARE_WRITE, > FILE_OPEN_IF, > FILE_RANDOM_ACCESS > |FILE_NON_DIRECTORY_FILE|FILE_NO_INTERMEDIATE_BUFFERING|FILE_SYNCHRONOUS_IO_NONALERT, > NULL, > 0 > ); When you specify FILE_NO_INTERMEDIATE_BUFFERING, the byte offset and data length must both be a multiple of the sector size. Remove that one. You don't really need GENERIC_READ and GENERIC_WRITE. FILE_APPEND_DATA should be enough. > > DbgPrint (("ZwCreateFile succeeded\n")); > > ntStatus = ZwQueryInformationFile( > FileHandle, > &IoStatusBlock, > &FileInformation, > sizeof (FileInformation), > FileStandardInformation > ); > > FilePos = FileInformation.EndOfFile; > > if (!NT_SUCCESS(ntStatus)) > { > DbgPrint (("## ZwQueryInformationFile returned: %X\n", ntStatus)); > FilePos.QuadPart = 0; > } You don't need the ZwQueryInformationFile call. As the documentation says, if you set this: FilePos.HighPart = -1; FilePos.LowPart = FILE_WRITE_TO_END_OF_FILE; then ZwWriteFile will always write at the end. -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: museion on 28 Oct 2006 23:04 ^^ Thank you for your reply. You right!! i remove FILE_NO_INTERMEDIATE_BUFFERING flag.. and file write sucess. thank you^^ Tim Roberts wrote: > "museion" <muxeion(a)gmail.com> wrote: > > > >hi... i wrote kernel driver.. this driver write log... (C:\\log.txt) > >but, when file size is about 700byte over, ZwWriteFile don't writes. > >errero return 0xC0000002 ... why?? help me.. plz.. > >... > > You need to read the documentation. > > > ntStatus = ZwCreateFile( > > &FileHandle, > > SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE, > > &ObjectAttributes, > > &IoStatusBlock, > > NULL, > > FILE_ATTRIBUTE_NORMAL, > > FILE_SHARE_READ|FILE_SHARE_WRITE, > > FILE_OPEN_IF, > > FILE_RANDOM_ACCESS > > |FILE_NON_DIRECTORY_FILE|FILE_NO_INTERMEDIATE_BUFFERING|FILE_SYNCHRONOUS_IO_NONALERT, > > NULL, > > 0 > > ); > > When you specify FILE_NO_INTERMEDIATE_BUFFERING, the byte offset and data > length must both be a multiple of the sector size. Remove that one. > > You don't really need GENERIC_READ and GENERIC_WRITE. FILE_APPEND_DATA > should be enough. > > > > > DbgPrint (("ZwCreateFile succeeded\n")); > > > > ntStatus = ZwQueryInformationFile( > > FileHandle, > > &IoStatusBlock, > > &FileInformation, > > sizeof (FileInformation), > > FileStandardInformation > > ); > > > > FilePos = FileInformation.EndOfFile; > > > > if (!NT_SUCCESS(ntStatus)) > > { > > DbgPrint (("## ZwQueryInformationFile returned: %X\n", ntStatus)); > > FilePos.QuadPart = 0; > > } > > You don't need the ZwQueryInformationFile call. As the documentation says, > if you set this: > FilePos.HighPart = -1; > FilePos.LowPart = FILE_WRITE_TO_END_OF_FILE; > > then ZwWriteFile will always write at the end. > -- > Tim Roberts, timr(a)probo.com > Providenza & Boekelheide, Inc.
|
Pages: 1 Prev: Signtool problems Next: NDIS virtual miniport receive packet indication? |