Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Minifilter FltSendMessage problem

johnhouldingjohnhoulding Member Posts: 28

I have minifilter driver which register IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION PreCallback. In callback routine I send filename to usermode with FltSendMessage and wait Reply message. Then in usermode I open file with CreateFileW read file size then call Sleep(2000) (for testing purpose) and reply message. Like:

Opened:C:\Windows\System32\consent.exe:size:159248
Opened:X:\section.exe:size:119296
Opened:C:\Windows\System32\conhost.exe:size:885760
Opened:X:\zaza.exe:size:181248
Opened:C:\Windows\System32\notepad.exe:size:181248

It works well but sometimes when I execute program i didnt see filename in usermode? What is problem? Can waiting(Sleep) in usermode make any problem?But as i know FltSendMessage sync operation when I open filename in usermode and reading some of data while this if new program executed it wait in callback routine

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE