Hello,
I a have little bit of an issue with a pending create Irp and I/O processing
In my create dispatch, I need to make an extra create request, and do a little I/O on that.
I follow Maxim’s rules from this post: http://www.osronline.com/showThread.cfm?link=60510, that are mentioned below:
Another idea:
- catch CREATE in the filter.
- save the original filename, RelatedFileObject and the stack location
- patch them with the new filename, RelatedFileObject and new stack location flags
- pass the IRP down
- wait for it
- work with a file
- send CLEANUP manually (using the same IRP, for instance)
- send CLOSE manually
- reset file object’s flag FO_CLEANUP_COMPLETE
- restore the original filename, RelatedFileObject and the stack location
- now pass CREATE of the user-requested file down.
The thing is that not all my processing can be done in the create dispatch, instead of the step called: “work with file” , so I mark the initial Irp as pending, and return status pending, so the extra processing will be done in a worker thread.
The processing work good.
Basically I build some Irp’s for read/write request using IoBuildAsynchronousFsdRequest.
I make the 2 cleanup/close requests on the file and clear the FO_CLEANUP_COMPLETE on the initial file object. I make these 2 request on different Irp’s from the initial one because that one is marked as pending.
After this I restore Irp previous values. I complete the Irp synchronously.
Until here nothing goes wrong. I call IoCompleteRequest on the initial Irp and exit the thread.
After som short I get the above bugchek with this on the stack:
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8cc2d2c 80500dd4 81bc8298 80561640 81bc8b20 nt!CcScheduleReadAhead+0x2d9
f8cc2d74 804e426b 81bc8298 00000000 81bc8b20 nt!CcScheduleReadAhead+0x240
f8cc2dac 8057d0f1 81bc8298 00000000 00000000 nt!ExQueueWorkItem+0x104
f8cc2ddc 804f827a 804e4196 00000000 00000000 nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimer+0x107
Why may that be ?
I am guessing that I didn’t do the second step correctly: " save the original filename, RelatedFileObject and the stack location " .
Or is it because the IO manager still has some caching to do on that file ?
I saved Original File Name, RelatedFile Obect and, from the stack the following:
Flags, Control, SecurityContext, FileAttributes, Options, ShareAccess, DeviceObject.
As for the IRP initial packet I saved and restored
KPROCESSOR_MODE RequestorMode;
ULONG Flags;
PETHREAD RequestorThread;
PIO_STATUS_BLOCK UserIosb;
KAPC Apc;
CCHAR ApcEnvirontment;
PVOID CompletionKey;
PVOID UserApcContext;
PIO_APC_ROUTINE UserApcRoutine;
PVOID IssuingProcess;
Any tips ?