I am trying to find a way how to report back NTSTATUS codes to the CloseHandle() call from the Windows passthrough file system driver example.
My understanding is that this can not be done in IRP_MJ_CLEANUP, as that is called after CloseHandle() system call already has been executed.
And it can't be done in IRP_MJ_CLOSE, as that happens after IRP_MJ_CLEANUP.
So that leads to the question, where is the NTSTATUS code picked up from the kernel for the CloseHandle() system call?
Is there a MINOR signal in for instance IRP_MJ_WRITE that indicates that the last written byte has been called from Userspace?
For instance IRP_MN_COMPLETE (that the cache should be cleared)?
Please help me understand how to handle this..
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||20 Apr 2020||OSR Seminar Space & ONLINE|
|Writing WDF Drivers||11 May 2020||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|