Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


FltGetFileNameInformation slowness on local Server 2016

Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 587
in NTFSD

Hello,

I ran into a situation (fairly reproducible) where FGFNI takes way too much time to return for a local file name query. I even got this reproduced when OPENED file name format is queried.
Strangely, only on Srv2016 for now. The load on the system is not low, but there is ample RAM to handle more than twice the system need.

Could some contention be so high? Oplock? Unfortunately, while reproducible, it is not in the same spot, file name etc... so I can't enter WinDBG at the right time and poke around anything :(

Any idea what to look for?

Regards, Dejan.

· Share on Facebook

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,255

    SWAGS:
    Might wireshark help? Or even procmon on the server?

    · Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 587
    edited January 23
    WireShark for a local disk? I didn't know they added something in that arena.

    ProcMon.. can only confirm long times, but even when I placed it at altitude 20.000 I do not see anything more. It doesn't show high wait times then, but likely because it is the one calling FGFNI before ours gets completed.

    BTW, the Server is a local machine, no network drives. It isn't a server, just a standalone test VM.

    Dejan.
    · Share on Facebook
  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,255

    I didn't know they added something in that arena.

    I beg your pardon, I saw "Server" and read "SRV".

    This is a stumper I had always assumed that when you asked for "Opened" it would just haul it out from the Context (so no additional file system activity at all).

    but likely because it is the one calling FGFNI before ours gets completed.

    Ugh sounds feasible. It has been too long but do you happen to remember if FileSpy calls FGFNI? I would guess not and certainly if you used fspy rather than mspy.

    · Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 587
    FSpy allows choosing Opened file name.. might be an option if I can reduce the altidude.
    · Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 587
    Hmm, FSpy/MSpy don't havr Duration column working from what I can tell :(
    · Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 587
    I can sort of reproduce the issue by creating a lot of files, when a minifilter asks for normalized file names in pre-create (due to write access, normalized path is needed in PreCreate).
    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online
Internals & Software Drivers 4-8 Dec 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online

Categories