Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How many locks should I use in minifilter Preoperation and Postoperation Callback Routines

stevezhougsstevezhougs Member Posts: 5
edited July 7 in NTFSD

I' m developing a windows transparent encryption file system.
When implement the callback routines like create,read/write,cleanup,close,queryFileInformation and so on,I don't know which place should use which lock.
For convenience,I use a global locker like FltAcquireResourceExclusive(&global.lock) in every callback entrance and release lock after return ,then I found the system's performance efficiency is very low when open two or more files.

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,137

    You are asking the wrong question.

    Your question to yourself should be "what are the data-structures that are liable to change asynchronously and how do I protect them from that asynchrony.

    This has nothing to do with the sort of driver you are writing or even the fact of writing a driver. It it "programming in an asyncrhonous environment 101".

    If that doesn't answer your question then again you may be asking the question wrongly and we need more details.

  • stevezhougsstevezhougs Member Posts: 5

    @rod_widdowson said:
    You are asking the wrong question.

    Your question to yourself should be "what are the data-structures that are liable to change asynchronously and how do I protect them from that asynchrony.

    This has nothing to do with the sort of driver you are writing or even the fact of writing a driver. It it "programming in an asyncrhonous environment 101".

    If that doesn't answer your question then again you may be asking the question wrongly and we need more details.

    You are right,I will figure out.
    Here I got a new question,when I try use ExAcquireResourceExclusiveLite in PreSetFileInformation,then it crash

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000009, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80622f1213a, address which referenced memory

    Debugging Details:

    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
    0000000000000009

    CURRENT_IRQL: 2

    FAULTING_IP:
    nt!ExpPrepareToWaitForResourceExclusive+6a
    fffff806`22f1213a 488b4808 mov rcx,qword ptr [rax+8]

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    BUGCHECK_STR: 0xA

    PROCESS_NAME: explorer.exe

    TRAP_FRAME: ffffd101de961fa0 -- (.trap 0xffffd101de961fa0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=ffffd101de9621d8
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80622f1213a rsp=ffffd101de962130 rbp=ffffa90729aeb080
    r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
    r11=ffffd101de962030 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz na pe nc
    nt!ExpPrepareToWaitForResourceExclusive+0x6a:
    fffff806`22f1213a 488b4808 mov rcx,qword ptr [rax+8] ds:677a:0009=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER: from fffff8062315d932 to fffff8062307e1e0

    STACK_TEXT:
    ffffd101de9616b8 fffff8062315d932 : 0000000000000009 0000000000000003 ffffd101de961820 fffff80622f139f0 : nt!RtlpBreakWithStatusInstruction
    ffffd101de9616c0 fffff8062315d027 : 0000000000000003 ffffd101de961820 fffff8062308aa60 000000000000000a : nt!KiBugCheckDebugBreak+0x12
    ffffd101de961720 fffff80623076497 : 0000000000000000 0000000000000000 ffffa90729aeb080 000000000000005d : nt!KeBugCheck2+0x947
    ffffd101de961e20 fffff806230881e9 : 000000000000000a 0000000000000009 0000000000000002 0000000000000000 : nt!KeBugCheckEx+0x107
    ffffd101de961e60 fffff80623084529 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69
    ffffd101de961fa0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiPageFault+0x469

    STACK_COMMAND: .bugcheck ; kb

    FOLLOWUP_IP:
    nt!ExpPrepareToWaitForResourceExclusive+6a
    fffff806`22f1213a 488b4808 mov rcx,qword ptr [rax+8]

    SYMBOL_NAME: nt!ExpPrepareToWaitForResourceExclusive+6a

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 5629d63a

    FAILURE_BUCKET_ID: X64_0xA_nt!ExpPrepareToWaitForResourceExclusive+6a

    BUCKET_ID: X64_0xA_nt!ExpPrepareToWaitForResourceExclusive+6a

    Followup: MachineOwner

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,302

    Did you ever call ExInitializeResourceLite?

    -scott
    OSR

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA