The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am developing a minifilter driver to monitor Create/Read/Write/Close operations on system and need to send these operations data of interested processes to user mode application for processing. Based on processing of user mode application, i am completing those respective callbacks. In this i am facing one issue that some Post-Read callbacks are coming as paging I/O along with IRQL of those callbacks is greater than APC_LEVEL. So in such scenario, i could not send data to user mode as FltSendMessage needs to be called below or at APC_LEVEL. Also FltDoCompletionProcessingWhenSafe function fails for Paging I/O which is mentioned in its MSDN documentation.
I would like to understand whether this is indeed not possible to send notification from Paging I/O + IRQL greater than APC_LEVEL to user mode or is there any way to do this? I have tried returning FLT_PREOP_SYNCHRONIZE from PreRead callback but that callback comes as asynchronous callback so i could not return FLT_PREOP_SYNCHRONIZE.
I also looked into FltQueueDeferredIoWorkItem API but documentation says that this function also fails with STATUS_FLT_NOT_SAFE_TO_POST_OPERATION for paging I/O. So as per my understanding till now, is it like we can not defer processing of Paging I/O to any worker thread and we have to process it in the same context in which it got called?
Please help me to understand this.
Thank you in advance.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|