DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DeviceControl function not getting called

Question

I'm very new to Windows device drivers I've written a simple driver but the major function associated with Device_control (pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=IOCTL;) is not getting called.

DriverEntry routine is called but not the IOCTL and Close. Driver is unloading successfully as well. Please tell me where I'm going wrong. Thanks in advance.

Code: Driver.c

#include <ntifs.h>
#include <ntddk.h>

 #define IOCTL_HELLO_WORLD CTL_CODE(FILE_DEVICE_UNKNOWN,0x900,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)


 PDEVICE_OBJECT pDeviceObject;
 UNICODE_STRING dev,dos;

void Unload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("Unload routine called.\n");

IoDeleteSymbolicLink(&dos);
IoDeleteDevice(pDriverObject->DeviceObject);
}

NTSTATUS Create(PDEVICE_OBJECT DeviceObject,PIRP irp)
{
DbgPrint("Create routine called.\n");

irp->IoStatus.Status=STATUS_SUCCESS;
irp->IoStatus.Information=0;

IoCompleteRequest(irp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

NTSTATUS Close(PDEVICE_OBJECT DeviceObject,PIRP irp)
{
DbgPrint("Close routine called.\n");

irp->IoStatus.Status=STATUS_SUCCESS;
irp->IoStatus.Information=0;

IoCompleteRequest(irp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

NTSTATUS IOCTL(PDEVICE_OBJECT DeviceObject,PIRP irp)
{
PIO_STACK_LOCATION io;
PEPROCESS ep;
PLIST_ENTRY PrevListEntry,CurrentListEntry,NextListEntry;

HANDLE hProcess;
NTSTATUS status;
ULONG MinorVersion,MajorVersion,offset,size;

CLIENT_ID cid;
OBJECT_ATTRIBUTES oa;

CHAR pOutputBuffer[20], *optr = NULL;

if(IoValidateDeviceIoControlAccess(irp,  FILE_READ_ACCESS)) {
    DbgPrint("File READ access : YES.\n");
}
else {
    DbgPrint("File READ access : NO.\n");
}
if(IoValidateDeviceIoControlAccess(irp,  FILE_READ_ACCESS)) {
    DbgPrint("File WRITE access : YES.\n");
}
else {
    DbgPrint("File WRITE access : NO.\n");
}
DbgPrint("IOCTL routine called.\n");

io=IoGetCurrentIrpStackLocation(irp);


switch(io->Parameters.DeviceIoControl.IoControlCode)
{
    case IOCTL_HELLO_WORLD:
        DbgPrint("Data from user mode: %s\n",irp->AssociatedIrp.SystemBuffer); 
        DbgPrint("In switch case.\n");
        break;


    default:
        DbgPrint("Unknown IOCTL code: %#x\n",io->Parameters.DeviceIoControl.IoControlCode);

        DbgPrint("In DEFAULT case.\n");

        irp->IoStatus.Status=STATUS_INVALID_DEVICE_REQUEST;
        irp->IoStatus.Information=0;

        IoCompleteRequest(irp,IO_NO_INCREMENT);
        return STATUS_INVALID_DEVICE_REQUEST;
}

irp->IoStatus.Status=STATUS_SUCCESS;
irp->IoStatus.Information=0;

IoCompleteRequest(irp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath)
{

DbgPrint("DriverEntry called.\n");

RtlInitUnicodeString(&dev,L"\\Device\\User_Kernel");
RtlInitUnicodeString(&dos,L"\\DosDevices\\ConsoleApplication1");

IoCreateDevice(pDriverObject,0,&dev,FILE_DEVICE_UNKNOWN,FILE_DEVICE_SECURE_OPEN,FALSE,&pDeviceObj    ect);
IoCreateSymbolicLink(&dos,&dev);

IoSetDeviceInterfaceState(pRegistryPath, TRUE);



pDriverObject->MajorFunction[IRP_MJ_CREATE]=Create;
DbgPrint("DriverEntry : CREATE.\n");
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=IOCTL;
DbgPrint("DriverEntry : IOCTL.\n");


pDriverObject->MajorFunction[IRP_MJ_CLOSE]=Close;
DbgPrint("DriverEntry : CLOSE.\n");

pDriverObject->DriverUnload=Unload;
DbgPrint("DriverEntry : UNLOAD.\n");


pDeviceObject->Flags|=DO_DIRECT_IO;
pDeviceObject->Flags&=~DO_DEVICE_INITIALIZING;



DbgPrint("User_Kernel Test driver loaded \t end of DriverEntry.\n");
return STATUS_SUCCESS;
}

Application:

#include<stdlib.h>
#include <stdio.h>
#include <Windows.h>
#include<winioctl.h>
#include <fileapi.h>


#define IOCTL_HELLO_WORLD CTL_CODE(FILE_DEVICE_UNKNOWN,0x900,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)


int main(int argc,char* argv[])
{
HANDLE hFile;
DWORD dw,pid;
BOOL bResult;
CHAR str[] = "hello";
CHAR outBuffer[20];
hFile=CreateFile(L"\\\\.\\ConsoleApplication1",GENERIC_ALL,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);    

if(hFile==INVALID_HANDLE_VALUE)
{
    printf("\nError: Unable to open the ConsoleApplication1 Test driver. (%d)\n",GetLastError());
    return 1;
}
bResult=DeviceIoControl(hFile,IOCTL_HELLO_WORLD,str,((DWORD) strlen(str)),outBuffer,20,&dw,NULL);
printf("DeviceIOControl result : %s", bResult);
if(!bResult)
    {
        printf("\nError: %d\n",GetLastError());

        CloseHandle(hFile);
        return 1;
    }

    printf("Successfully sent control code to driver.\n");

    CloseHandle(hFile);

return 0;
}

and I'm adding it using

copy User_Kernel.sys %windir%\User_Kernel.sys /y
sc create ConsoleApplication1 type= kernel binPath= %windir%\User_Kernel.sys error=     ignore start= auto displayname= Test222
sc start ConsoleApplication1 

Output of install script

C:\IOCTL>install.bat
        1 file(s) copied.
[SC] CreateService SUCCESS

SERVICE_NAME: ConsoleApplication1
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

Answer 1

Obviously the offending line was printf("DeviceIOControl result : %s", bResult);

... trying to take a BOOL as a pointer to an array of characters...