W32 (ntfs) expects CreatedDeviceObject->Size to cover even 'DeviceExtensionSize'

 - Undocumented by W32!
Magic value 0x0701 @0x28 of CreatedDeviceObject->DeviceExtension
  expected by ntfs.sys NT5.1sp1 _NtfsInitializeIrpContext()
 - Undocumented by W32!

diff --git a/ntoskrnl/io/device.c b/ntoskrnl/io/device.c
index 40551eb..4432332 100644 (file)
--- a/ntoskrnl/io/device.c
+++ b/ntoskrnl/io/device.c
@@ -637,6 +637,7 @@ IoCreateDevice(PDRIVER_OBJECT DriverObject,
    assert(sizeof(CreatedDeviceObject->Dpc) == 32);
    assert(sizeof(CreatedDeviceObject->DeviceLock) == 16);
    assert(sizeof(DEVICE_OBJECT) == 184);
+   assert(sizeof(DEVICE_OBJECT) == 0xB8);
 
    if (DeviceName != NULL)
      {
@@ -704,7 +705,10 @@ IoCreateDevice(PDRIVER_OBJECT DriverObject,
      }
   
   CreatedDeviceObject->Type = DeviceType;
-  CreatedDeviceObject->Size = sizeof (*CreatedDeviceObject);
+   /* W32 (ntfs) expects CreatedDeviceObject->Size to cover even 'DeviceExtensionSize'.
+    * Undocumented by W32!
+    */
+  CreatedDeviceObject->Size = sizeof (DEVICE_OBJECT) + DeviceExtensionSize;
   CreatedDeviceObject->ReferenceCount = 0;     /* or 1? it is floating unused this way */
   CreatedDeviceObject->DriverObject = DriverObject;
   CreatedDeviceObject->CurrentIrp = NULL;
@@ -737,6 +741,13 @@ IoCreateDevice(PDRIVER_OBJECT DriverObject,
                    DeviceExtensionSize);
     }
 
+#ifdef LIBCAPTIVE
+  /* Magic value expected by ntfs.sys NT5.1sp1 _NtfsInitializeIrpContext()
+   */
+  if (DeviceExtensionSize>=0x30)
+    *(USHORT *)(((UCHAR *)CreatedDeviceObject->DeviceExtension)+0x28)=0x0701;
+#endif /* LIBCAPTIVE */
+
   CreatedDeviceObject->AttachedDevice = NULL;
   CreatedDeviceObject->DeviceType = DeviceType;
   CreatedDeviceObject->StackSize = 1;