Hello. Im tryin to read a file from kernel driver. Im gettin C000000D (invalid_parameter) error. I also tried also passing simple char[1000] array and it gave same error. All the size/allocation goes OK, whats is wrong then?
Code: Select all
NTSTATUS ReadFile(wchar_t* path, void** out, LONGLONG* outSize, ULONG poolTag){
NTSTATUS NtStatus;
HANDLE file;
OBJECT_ATTRIBUTES fileAttributes;
UNICODE_STRING filePath;
RtlInitUnicodeString(&filePath, path);
InitializeObjectAttributes(&fileAttributes, &filePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
IO_STATUS_BLOCK ioStatusBlock;
NtStatus = ZwOpenFile(&file, GENERIC_READ, &fileAttributes, &ioStatusBlock, FILE_SHARE_READ, 0);
if (!NT_SUCCESS(NtStatus)){
DbgLog("ZwOpenFile error %X", NtStatus);
return NtStatus;
}
FILE_STANDARD_INFORMATION fsi;
NtStatus = ZwQueryInformationFile(file, &ioStatusBlock, &fsi, sizeof(fsi), FileStandardInformation);
if (!NT_SUCCESS(NtStatus)){
DbgLog("ZwQueryInformationFile error %X", NtStatus);
ZwClose(file);
return NtStatus;
}
DbgLog("File size %X", fsi.EndOfFile.QuadPart);
*out = ExAllocatePoolWithTag(NonPagedPool, fsi.EndOfFile.QuadPart + 1, poolTag);
if (!*out){
DbgLog("Insufficient memory to read file");
ZwClose(file);
return -1;
}
DbgLog("Allocated memory to read at %p", *out);
NtStatus = ZwReadFile(file, 0, 0, 0, &ioStatusBlock, *out, fsi.EndOfFile.QuadPart, 0, 0); // c000000d
if (!NT_SUCCESS(NtStatus)){
DbgLog("ZwReadFile error %X", NtStatus);
ExFreePoolWithTag(*out, poolTag);
ZwClose(file);
return NtStatus;
}
ZwClose(file);
return STATUS_SUCCESS;
}
