Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Where to report NTSTATUS codes back to CloseHandle() calls in the Windows driver?

daletodaleto Member Posts: 1

Hi,

I am trying to find a way how to report back NTSTATUS codes to the CloseHandle() call from the Windows passthrough file system driver example.

My understanding is that this can not be done in IRP_MJ_CLEANUP, as that is called after CloseHandle() system call already has been executed.
And it can't be done in IRP_MJ_CLOSE, as that happens after IRP_MJ_CLEANUP.

So that leads to the question, where is the NTSTATUS code picked up from the kernel for the CloseHandle() system call?

Is there a MINOR signal in for instance IRP_MJ_WRITE that indicates that the last written byte has been called from Userspace?
For instance IRP_MN_COMPLETE (that the cache should be cleared)?

Please help me understand how to handle this..

Regards Tomas

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,630

    Hmmmm... Cleanup is called directly from WITHIN CloseHandle, not after it.

    So Cleanup sounds like what you want.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 250
    You sure it would get propagated?

    I already posted this, via enail a few days ago, but it did not show.
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,630

    (sorry to take so long to respond to this... I was "otherwise engaged")

    You sure it would get propagated?

    Well, I was curious. And, after checking, I can confidentially state that it does not get propagated.

    So, yeah...

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,095

    Observation: In recent Win10 versions the Information field of the IOSB gets filled in during MJ_CLEANUP processing. I cannot remember why, probably WSL (most of the funky things that have happened to the file system space have their roots in WSL)

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 OSR Seminar Space & ONLINE
Writing WDF Drivers 11 May 2020 OSR Seminar Space & ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA