The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have an FSD (file system driver and not filter driver) that responds to special FSCTL (
IRP_MJ_FILE_SYSTEM_CONTROL) requests. The driver uses a variant of
FsRtlCancellableWaitForSingleObject to perform a cancellable wait on a kernel object and the FSCTL IRP.
I now have a second driver that wishes to send an FSCTL IRP to the FSD and a requirement that this must be done in a manner so that
CancelSynchronousIo is functional. My question is: how should I build the IRP so that it can be cancelled with
At first I built the FSCTL IRP using
IoAllocateIrp. This method does not create a threaded IRP and therefore cannot be canceled with
CancelSynchronousIo. (There is
IoQueueThreadIrp but it is reserved for system use.)
Now I am using
IoBuildDeviceIoControlRequest and patch the returned IRP fields with
IRP_MN_KERNEL_CALL, etc. because
IRP_MJ_DEVICE_CONTROL IRP's. This creates a threaded IRP (confirmed with
CancelSynchronousIo still cannot cancel the IRP.
The problem is that although the internal
IopCancelIrpsInCurrentThreadListSpecialApc finds the IRP in the thread's
IrpList, the IRP is not marked
IRP_SYNCHRONOUS_API and is therefore ignored. My obvious next move is to add that bit to
Irp->Flags, but I am beginning to wonder if I should not be doing what I am doing.
I appreciate any advice you may have on the subject. If your advice is "don't do that" I would love to hear alternatives.
PS: I have wondered in the past how an IRP passed to
FsRtlCancellableWaitForSingleObject can be cancelled if there is no cancellation routine on it. Turns out that
IopCancelIrpsInCurrentThreadListSpecialApc first sets
Irp->Cancel and then alerts the thread with
KeAlertThread. This wakes up the alertable
FsRtlCancellableWaitForSingleObject, which then checks
Irp->Cancel. Mystery solved.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|