Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

DPC Call pattern Question

AlbertAlbert Member - All Emails Posts: 489
in NTDEV

IS this code pattern correct?

KeInitializeSemaphore(pSem, 0, 1);
KeInitializeDpc(pDpc, func, pBuffer);
KeSetTargetProcessorDpc(pDpc, procNumber);
KeInsertQueueDpc(pDpc, pSem, NULL);
KeWaitForSingleObject(pSem, Executive, KernelMode, FALSE, NULL);

This will wait the thread infinitely for the semaphore (which is being set inside the DPC callback 'func', even though the DPCs should fire away almost immediately, what happens if a Unload Request comes to the driver in between?

Will it block on this thread? or will it unload the image without cancelling the DPC potentially causing a BSOD later when the DPC fires on a dangling pointer?

· Share on Facebook

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,447

    The OS doesn't take care of your worker threads or DPCs on unload. You can wait for worker threads with KeWaitForSingleObject and you can flush any queued/running DPCs with KeFlushQueuedDpcs

    -scott
    OSR

    · Share on Facebook
  • AlbertAlbert Member - All Emails Posts: 489

    @Scott_Noone_(OSR) said:
    The OS doesn't take care of your worker threads or DPCs on unload. You can wait for worker threads with KeWaitForSingleObject and you can flush any queued/running DPCs with KeFlushQueuedDpcs

    Totally agree, this came up while reviewing some age old code, which from the looks of it, might be causing BSODs from time to time.

    · Share on Facebook
  • anton_bassovanton_bassov Member MODERATED Posts: 5,245

    what happens if a Unload Request comes to the driver in between?

    Your DrvUnload() routine will get invoked

    Will it block on this thread?

    No - it is your responsibility to take care of these potential issues . As Scott has pointed out already, the OS does not take care of these things, simply because it has no way of knowing it.

    or will it unload the image without cancelling the DPC potentially causing a BSOD later when the DPC fires on a dangling pointer?

    It depends on whether there are any outstanding references on the DRIVER_OBJECT. If there are none, your driver's image may get unloaded immediately after its DrvUnload() routine returns control. Otherwise, the image will stay loaded until its refcount goes down to zero.

    Before you start thinking about referencing your DRIVER_OBJECT before creating a thread and dereferencing it immediately before
    the thread routine returns control, I am going to remind you that the address that ObDereferenceObject() routine will return control to belongs to the range corresponding to your driver's code section. Therefore, there is a potential for a race condition if a driver gets unloaded
    before ObDereferenceObject() returns control

    Anton Bassov

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 2 August 2021 Live, Online
Kernel Debugging 27 Sept 2021 Live, Online

Categories