Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Why a named volume filter device can not mount to the Volume Device?

ILBPNSILBPNS Member Posts: 5

I have written a Volume Filter. Before I named it , it worked correctly.

But after I named it,I found that it was not on the device tree.

Here's my code:

define VOLUME_DEVICE_NAME L"\Device\MyVolumeFilter2021"

define VOLUME_DEVICE_SYMBOL L"\??\VolumeFilter2021"

status = IoCreateDevice(
DriverObject,
sizeof(FLT_DEV_EXTENSION),
&FilterDeviceName,
FILE_DEVICE_DISK,
0,
FALSE,
&FltDevObj);

UNICODE_STRING VolumeDeviceSymbol;
RtlInitUnicodeString(&VolumeDeviceSymbol, VOLUME_DEVICE_SYMBOL);
status = IoCreateSymbolicLink(&VolumeDeviceSymbol, &FilterDeviceName);

Comments

  • anton_bassovanton_bassov Member MODERATED Posts: 5,267

    I have written a Volume Filter. Before I named it , it worked correctly.

    But after I named it,I found that it was not on the device tree.

    Well, you cannot have more than one named device in a PnP stack, right. PDO that the target stack is built upon is named, which means that FDO and filters cannot have their names. Simple, ugh.....

    Anton Bassov

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,568

    Well, you cannot have more than one named device in a PnP stack, right

    Ah, wrong. The PDO is named, but the FDO can also be named. This creates the famous “two separate protections for the same devnode” problem.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • anton_bassovanton_bassov Member MODERATED Posts: 5,267

    The PDO is named, but the FDO can also be named.

    I mean a "proper" PnP stack, of course. Certainly, IoAttachDeviceToDeviceStack() is going to do its job just fine even if the attached device is named, but various issues may potentially arise later.

    For example, consider calling IoAttachDevice() on such a stack. What 'is the target device object's StackSize' field going to be like? Does it depend on the name that callers have specified (i.e. the one of PDO or FDO)? If it does, your FDO's driver will have to make a distinction between these two cases.

    If you need a named FDO, is not it better to implement its logical equivalent as a "unnamed FDO - named standalone DO" pair instead???
    It may save you quite a bit of a headache if you do it this way.....

    This creates the famous “two separate protections for the same devnode” problem.

    This is yet another issue with this approach.

    It seems to be closely related to the problem the OP is dealing with, and his problem arose only after the OP had decided to make his filter DO named....

    Anton Bassov

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,568

    In a “proper” PnP stack, multiple Device Objects can be named. There is absolutely nothing, architecturally, by implementation, or practically that prevents this. It’s is, in fact still rather common.

    Write a WDF driver. Call WdfDeviceInitAssignName. Done. This works. There are many production drivers that do this. This is not an any way prohibited, though the security issue alone makes this a less than best practice.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • anton_bassovanton_bassov Member MODERATED Posts: 5,267

    Peter,

    In a “proper” PnP stack, multiple Device Objects can be named. There is absolutely nothing, architecturally,
    by implementation, or practically that prevents this.

    After having thought carefully about the whole thing I've got to admit that the "issue" I have mentioned in my previous post is, in actuality, simply a non-issue indeed. Once you are always getting a pointer to the device that happens to be on top of the stack at the moment, it does not really matter which name you have specified - even if there are multiple names DOs in the stack, you are still going to get a pointer to exactly the same device object anyway

    Anton Bassov

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,568

    Anton: Correct. :)

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 27 September 2021 Live, Online
Kernel Debugging 15 November 2021 Live, Online