Hi,
Today, on an updated Windows 10 VM, when shutting down my driver first I got this:
FLT_FILTER: ffffd38587602c60 "TestFlt" "[ERROR READING NAME]"
InstanceList : (ffffd38587602cc8)
Resource (ffffd38587602d30) List [ffffd38587602d30-ffffd38587602d30] rCount=0
Object usage/reference information:
References to FLT_CONTEXT : 0
Allocations of FLT_CALLBACK_DATA : 0
Allocations of FLT_DEFERRED_IO_WORKITEM : 0
Allocations of FLT_GENERIC_WORKITEM : 2364
References to FLT_FILE_NAME_INFORMATION : 0
Open files : 0
References to FLT_OBJECT : 0
List of objects used/referenced::
FLT_VERIFIER_OBJECT: ffffd38592854fb0
Object: ffffd38572b56f90 Type: FLT_GENERIC_WORKITEM RefCount: 00000001
FLT_VERIFIER_OBJECT: ffffd385bcebefb0
Object: ffffd38572bc4f90 Type: FLT_GENERIC_WORKITEM RefCount: 00000001
FLT_VERIFIER_OBJECT: ffffd3859922cfb0
(lots of work items, some of them with refcount > 1)
After checking my code, I’m sure I’m not leaking any work item.
But then, then I run !fltkd.work
Throttled Work Ctrl: fffff80067b3b720
ThrottleLock : (fffff80067b3b720)
Queues : (fffff80067b3b728)
CriticalQueue : (fffff80067b3b728)
RunningCount : 0
RunningLimit : 30
PendingWorkList : (fffff80067b3b728) Count=0
DelayedQueue : (fffff80067b3b740)
RunningCount : 2
RunningLimit : 30
PendingWorkList : (fffff80067b3b740) Count=0
HyperCriticalQue : (fffff80067b3b758)
RunningCount : 0
RunningLimit : 10
PendingWorkList : (fffff80067b3b758) Count=0
FltpCriticalQueue : (fffff80067b3b770)
RunningCount : -2023740080
RunningLimit : -11387
PendingWorkList : (fffff80067b3b770) Count=1130501511
FltpDelayedQueue : (fffff80067b3b788)
RunningCount : 1726174024
RunningLimit : -2048
PendingWorkList : (fffff80067b3b788) Count=3449555
FltpHyperCriticalQue : (fffff80067b3b7a0)
RunningCount : 0
RunningLimit : 0
PendingWorkList : (fffff80067b3b7a0) Count=4531204
(I have to press ctrl+break several times in order to stop the query else takes forever)
Are those negative numbers ok or minifilter verifier is broken?
Regards,
Mauro.