DeviceIoControl is totally not working, SystemBuffer empty on return

Question

i have got an IOCTL being sendt down to my driver with a structure, the structure is passed successfully, then my driver does its magic, but when its done it should return a simple unsigned _int64 which is 8 bytes long, i set the IRP's IoStatus.Information to the size of unsigned _int64(8 bytes) and i copy the value to the AssociatedIrp.SystemBuffer and lastly i set the IoStatus.Status to STATUS_SUCCESS then call IoCompleteRequest.

Now, i checked with WinDbg that the SystemBuffer contains the correct output and that the Status and Information fields are correct upon the call to IoCompleteRequest, yet when my usermode application's call to DeviceIoControl returns the output buffer does not change the value of the integer that i am pointing to in the lpOutBuffer field. i initialize it to just a plain 0x9 on creation and it remains the same value when the call is finished, when it should be something entirely different, i have multiple IOCTL's which all work and are made in the exsact same way, i am clueless what is happening here, any tips would be greatly appreciated and i am led to believe that this is a windows bug now or something like that, as i have read through my code 100 times without figuring this simple yet complex bug out.

Im sorry that i cannot post any code as i do not own it and for other reasons.

Answer 1

When using case statement, don't forget to use break.In the following situation, if you forget to use it, the data will not be copied to the user layer

switch (stack->Parameters.DeviceIoControl.IoControlCode) {
    case IOCTL_SEND: {
      SENDMessage(p_buffer);
      break;
    }
    case IOCTL_RECV: {
      RECVMessage(p_buffer) 
      break; // dont forget it
    }
    default: {
      nStatus = STATUS_INVALID_PARAMETER;
    }

Answer 2

Hope you found the solution since you posted this question 3 years ago. We ran across this post while investigating something similar, the solution is very simple but not documented. If the driver copies some data to the output buffer and uses WdfRequestComplete with status OK, nothing is returned to the caller! You need to call WdfRequestCompleteWithInformation and pass the number of bytes written in the Information parameter. This will tell the framework how many bytes to return to the caller.

E.g.:

WDFMEMORY   reqMemory;
NTSTATUS    status = WdfRequestRetrieveOutputMemory(Request, &reqMemory);
if (!NT_SUCCESS(status))
{
    break;
}
WdfMemoryCopyFromBuffer(reqMemory, 0, data, dataLen);

/* this will complete the request but nothing is returned to the caller
WdfRequestComplete(Request, S_OK);
*/
/* this is the correct way of returning the data */
WdfRequestCompleteWithInformation(Request, S_OK, dataLen);