Click here to Skip to main content
15,885,886 members
Search within:


Fltgetmessage returns error code 2147942406?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C++
.NET
Hello everyone I am trying to develop a mini-filter driver using fltsendmessage that interacts with a client application using fltgetmessage coded in VB.NET. I seem to have issues with either the Pinvoke statements or within the mini-filter or both. I have tried for weeks now and would apricate any help.

To start I have created a communication port like so within my Mini-Filter Driver:

PFLT_PORT ServerPort;
PSECURITY_DESCRIPTOR sd;

status = FltBuildDefaultSecurityDescriptor(&sd, FLT_PORT_ALL_ACCESS);

if (!NT_SUCCESS(status))
 break;

UNICODE_STRING name = RTL_CONSTANT_STRING(L"\\BitPort");
OBJECT_ATTRIBUTES attr;

InitializeObjectAttributes(&attr, &name, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, sd);

status = FltCreateCommunicationPort(FilterHandle, &ServerPort, &attr, NULL,PortConnectNotify, PortDisconnectNotify, PortMessageNotify, 1);

FltFreeSecurityDescriptor(sd);


I am using Winobj and can confirm that the Connection port is created successfully listed type as a FilterConnectionPort in the "\" directory.

My VB.NET Client application needs a way to connect to the connection port which requires Pinvoke to deal with unmanaged code like so:

Dim OpenPortHandle As IntPtr 

<DllImport("fltlib.dll")>
Public Shared Function FilterConnectCommunicationPort(<MarshalAs(UnmanagedType.LPWStr)>
                           portName As String,
                           options As UInteger,
                           context As IntPtr,
                           sizeOfContext As UInteger,
                           securityAttributes As IntPtr,
                           <Out> ByRef portHandle As IntPtr) As UInteger

End Function

Dim OpenPortNumber = FilterConnectCommunicationPort("\BitPort", 0, IntPtr.Zero, 0, IntPtr.Zero, OpenPortHandle)

MsgBox("Open Communication Port Status: " & OpenPortNumber & " Port Number: " & OpenPortHandle.ToString)


The Client Application MsgBox Shows this when the Communication Port is connected.
"Open Communication Port Status: 0 Port Number: 1236"

Back to the Mini-Filter Driver I have PortConnectNotify, PortDisconnectNotify, PortMessageNotify like so:

NTSTATUS PortConnectNotify(PFLT_PORT ClientPort, PVOID ServerPortCookie, PVOID ConnectionContext, ULONG SizeOfContext, PVOID* ConnectionPortCookie) {
	UNREFERENCED_PARAMETER(ServerPortCookie);
	UNREFERENCED_PARAMETER(ConnectionContext);
	UNREFERENCED_PARAMETER(SizeOfContext);
	UNREFERENCED_PARAMETER(ConnectionPortCookie);

	SendClientPort = ClientPort;
	return STATUS_SUCCESS;
}

void PortDisconnectNotify(PVOID ConnectionCookie) {
	UNREFERENCED_PARAMETER(ConnectionCookie);

	FltCloseClientPort(FilterHandle, &SendClientPort);
	SendClientPort = NULL;
}

NTSTATUS PortMessageNotify(PVOID PortCookie, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnOutputBufferLength) {
	UNREFERENCED_PARAMETER(PortCookie);
	UNREFERENCED_PARAMETER(InputBuffer);
	UNREFERENCED_PARAMETER(InputBufferLength);
	UNREFERENCED_PARAMETER(OutputBuffer);
	UNREFERENCED_PARAMETER(OutputBufferLength);
	UNREFERENCED_PARAMETER(ReturnOutputBufferLength);

	return STATUS_SUCCESS;
}


Within my drivers FLT_PREOP_CALLBACK_STATUS I have my fltsendmessage code:

if (SendClientPort) {
ULONG PROC_TAG = 0;
UNICODE_STRING processName;

processName.Length = 0;

processName.MaximumLength = (USHORT)DoSPath.MaximumLength + Data->Iopb->TargetFileObject->FileName.MaximumLength + 2;

processName.Buffer = ExAllocatePoolWithTag(PagedPool, processName.MaximumLength, PROC_TAG);

RtlCopyUnicodeString(&processName, &DoSPath);
 
RtlAppendUnicodeStringToString(&processName, &Data->Iopb->TargetFileObject->FileName);

KdPrint(("%wZ \r\n", processName));
RtlCopyUnicodeString(&ImageP, &processName);
							
RtlCopyMemory(processName.Buffer, processName.Buffer, processName.MaximumLength);

LARGE_INTEGER timeout;
timeout.QuadPart = -10000 * 100;

FltSendMessage(FilterHandle, &SendClientPort, processName.Buffer, processName.MaximumLength, NULL, NULL, &timeout);							
}


Within the VB.NET Client Application I need to get the message from the Mini-Filter Driver and have this so far:

<DllImport("fltlib.dll")>
 Public Shared Function FilterGetMessage(portHandle As IntPtr,
                        ByRef messageBuffer As FILTER_MESSAGE_HEADER,
                        messageBufferSize As Integer,
                        overlapped As IntPtr) As UInteger

 End Function

<StructLayout(LayoutKind.Sequential)>
    Public Structure FILTER_MESSAGE_HEADER
        Public ReplyLength As UInteger
        Public MessageId As ULong
    End Structure

<StructLayout(LayoutKind.Sequential)>
    Public Structure DATA_RECEIVE
        Public messageHeader As FILTER_MESSAGE_HEADER
        Public messageContent() As Byte
    End Structure

 Dim dataReceive As DATA_RECEIVE = New DATA_RECEIVE()
 dataReceive.messageContent = New Byte(BUFFER_SIZE - 1) {}

 Dim headerSize As Integer = Marshal.SizeOf(dataReceive.messageHeader)
 Dim dataSize As Integer = Marshal.SizeOf(dataReceive)

Dim status As UInteger = FilterGetMessage(OpenPortHandle,dataReceive.messageHeader,dataSize,Nothing)

MsgBox("FltGetMessage Status Code: " & status)


this is the error code I see within the Message box
"FltGetMessage Status Code: 2147942406"

Researching this error code says:
PInvoke.HResult.Code.E_HANDLE = 2147942406 -> PInvoke.HResult.Code

Here is a link to the project from my google drive in hopes someone can take a closer look and help out:

BitMon – Google Drive[^]

Please Help thank you! :)

What I have tried:

Tried everything I can think of google search two driver books and related questions here on code project.
Posted
Updated 24-Jul-22 14:44pm
v3
Add a Solution
Comments
11917640 Member 24-Jul-22 8:49am    
I see at least one PInvoke problem: ByRef overlapped As IntPtr, should be without ByRef. I think you need to write first native client, having it working, translate it to VB. One problem at time.
Dale Seeley 24-Jul-22 20:39pm    
Once I have changed that the error code returned now is hex 0x8007007A and decimal 2147942522 which states ERROR_INSUFFICIENT_BUFFER. Are you able to see where in my VB.NET code this is happening?
11917640 Member 25-Jul-22 0:08am    
Again, write client code first in C/C++. It is difficult to solve both the problems with driver communication and .NET interoperability at the same time.
Dale Seeley 24-Jul-22 21:19pm    
In my VB.NET application I changed the Buffer to 4kb instead of 1024 from:

Dim dataReceive As DATA_RECEIVE = New DATA_RECEIVE()
dataReceive.messageContent = New Byte(BUFFER_SIZE - 1) {}

To this:

Dim dataReceive As DATA_RECEIVE = New DATA_RECEIVE()
dataReceive.messageContent = New Byte(1 << 12) {}

Now it shows 4097 But it doesn't fix my issue?
Dale Seeley 25-Jul-22 0:01am    
I have found this code but I am unaware of how to convert this to VB.Net

public unsafe struct DATA_RECEIVE
{
public FILTER_MESSAGE_HEADER messageHeader;
public fixed byte messageContent[BUFFER_SIZE];
}

1 solution

The error code in hex is 80070006.
The 8 at the beginning is the severity code and indicates this is a Warning error.
The 007 is the facility code and indicates FACILITY_WIN32, which means a general Windows error.
Anf the final four digits 0006 is the error code, which in this case is ERROR_INVALID_HANDLE as listed at System Error Codes (0-499) (WinError.h) - Win32 apps | Microsoft Docs[^]. So you need to debug your code to find out why a handle that you are trying to use is not valid.
 
Share this answer
 
Posted
Comments
Dale Seeley 24-Jul-22 20:43pm    
It appears removing Byref was the cause of the invalid handle thank you but now I get a new returned error code 0x8007007A and decimal 2147942522 which states ERROR_INSUFFICIENT_BUFFER. I would imagine this to be the buffer length I specify in my VB.NET application but its set to max, any ideas?
Richard MacCutchan 25-Jul-22 3:19am    
You are passing the size of the DATA_RECEIVE structure, which is not the size of the actual messageContent buffer, which is dynamically allocated. See FilterGetMessage function (fltuser.h) - Win32 apps | Microsoft Docs[^] for correct usage.
Dale Seeley 25-Jul-22 8:30am    
So the message content is prone to change and be dynamic I have looked at the usage of fltGetMessage but because C coding conversion to VB.NET can be tricky it's hard for me to see what I need to change. How is the message content size not the same? Thank you in advance.
Richard MacCutchan 25-Jul-22 9:06am    
The problem is that you have used the sizeof operator to get the size of the structure. But sizeof is handled at compile time, so it will be the size of
Public Structure DATA_RECEIVE
        Public messageHeader As FILTER_MESSAGE_HEADER
        Public messageContent() As Byte
    End Structure

But the messageContent part at this point is just a pointer to a Byte which is 32 or 64 bits. Later when you allocate the actual space for the messageContent you are still passing an invalid size to your system call. So change the size value to:
Dim dataSize As Integer = Marshal.(SizeOf(dataReceive) + BUFFER_SIZE) ' the actual size of the message buffer.
Dale Seeley 25-Jul-22 11:12am    
OK! That's great! Thank you very much I see now what your saying sorry I wasn't clear before I will change this once I get home today and hopefully see some progress. I have one more area I am unsure about and that is the Sendmessage part in my driver can you confirm if this looks correct?
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Fltsendmessage & fltgetmessage issues
Executenonquery returns an error after finishing insert
Clear the error in this code?
What is the error in the following code?
What is the error for this java code
MSBuild returned error code :-1
Code module returning "unhashable type: list" error when sending result through fast API
Asp ajax webmethod return error although full code is being executed
Createevent returns error code 5 sometimes
Error in my code: crtlsvalidheappointer(block)

Advertise
Privacy
Cookies
Terms of Use
Last Updated 24 Jul 2022
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900