More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Best Of

Re: Interrupt service routine not called by the framework

I was trying also to set up policy and priority but it didn't change anything in calling my ISR.

Don't do ANY of that shit. Take out anything and everything related to your management of interrupts, except for your EvtDeviceInterruptEnable/Disable callbacks, your Dpc and ISR callbacks, EvtDevicePrepareHardware (where you now do nothing at all regarding your interrupts), and the creation of the WdfInterruptObject in EvtDriverDeviceAdd.

That logging output looks like things are all good...

am I able to check somehow if CPU see my interrupt

No. I mean... not without a PCI Bus Analyzer, which I don't think was the intent of your question ;-)

SOMEbody needs to make an affordable PCI Bus Analyzer... I've wanted one myself multiple times in the last two weeks.

In your initial post, you wrote this:

with oscilloscope interrupt line - interrupt is generated correctly by the hardware

This is a BIT confusing... because you say you're on an Express bus. And in that case, there IS no interrupt line. So, I'm a bit confused.

Peter

Peter_Viscarola_(OSR)

Testing filesystem filter driver

Hello all,

I am currently implementing a filesystem filter driver. I am curious
if someone could direct me to some resources on how to go about
creating automated tests for testing it? Ideally, I'd like to create
unit-tests for it, but it seems as if unit-tests do not exist for
driver code

thanks,
J

OSR_Community_User

Re: If i use ZwTerminateProcess in the creation callback, what will happen to the rest of callbacks?

Fork does exist in Windows since NT 3.1 The underlying NtCreateProcess has a lot of options. If you are going to be mucking at the level you are attempting find a copy of Windows NT/2000 Native API Reference by Gary Nebbett. If you cannot handle every option in that call, then you have not done things correctly.

Don_Burn

Re: Copy file from one location to other

>> Farming this out to user mode will be a better solution if possible.

This is not trivial either. For example, if you are responding to a callback in your driver for Foo.txt in location A and as a result you want to copy it to location B. If you block in the driver and wait for your service to copy the file and in your service you call functions like CopyFile or CreateDirectoryEx you will deadlock b/c the thread you are blocking in the driver will hold a resource and CopyFile and CreateDirectoryEx will ship some work off to a kernel mode worker thread who will also want that resource.

The only solution I have been able to come up with for this is to do a double file copy. Driver copies from location A to a temp file in location C, then service copies from temp file in location to C to location B. This is incredibly inefficient and a bad solution.

So, I have been on the path of converting to doing the copy in kernel mode as well, which opens up a whole different can of worms.

So, after providing that level of experience to this problem, anyone have any other advice to help the OP and me out with this?

OSR_Community_User

Re: How to copy a file in kernel mode?

No -- you have to do it yourself using the basic read and write
functions that are available(ZwReadFile, ZwWriteFile, or build your own
irps).

Molly

This posting is provided "AS IS" with no warranties and confers no
rights.

-----Original Message-----
From: gaoren [mailto:[email protected]]
Sent: Tuesday, July 09, 2002 7:50 AM
To: File Systems Developers
Subject: [ntfsd] How to copy a file in kernel mode?

Hi all,

Is there any function in kernel can copy a file to another file?

Thanks for help.

Laura

_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com

---
You are currently subscribed to ntfsd as: [email protected]ndows.microsoft.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User

Re: Preventing driver unload

The blog post doesn’t quite get all the small details right.

Doron_Holan

Re: Preventing driver unload

The file handle keeps the image loaded after DriverUnload has run, but does nothing to prevent DriverUnload from executing.

Doron_Holan

Re: Preventing driver unload

You can't customize unload behavior at runtime. Eiter you are unloadable or you are not. Implementation wise (and not the documented contract), the presence of DriverUnload is evaluated the stop service API is executed the first time. So any time until that point, DriverUnload can change value. Once it is evaluated and if it is NULL, the result is cached and subsequent unload attempts will fail.

Doron_Holan

Re: Preventing driver unload

I am expecting something like that for other drivers also.

That is a Filter Manager feature… not a WDM or WDF feature.

What Doron said.

Enter

Peter_Viscarola_(OSR)

Re: Software only driver can be unloaded even though application has open handles

As i described already, the outstanding Ob reference from the file handle will keep the image loaded after DriverUnload has returned. As a reference point, the Kmdf runtime is loaded as a nt4 style legacy driver by wdfldr and has to account for an external unload event (sc stop …) and keep the runtime loaded after the unload. It does this by keeping an open file handle on the Kmdf runtime and closes it when the last Kmdf client driver unloads (which in a modern system never happens as there are Kmdf client drivers who can’t unload).

Doron_Holan