The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I'm using NdisAllocateNetBufferListContext to allocate a NET_BUFFER_LIST_CONTEXT for a newly cloned NET_BUFFER_LIST. But this coused a deadlock (IRQL not less than or equal to). For this alocation, I use the NET_BUFFER_LIST_CONTEXT size of the source NET_BUFFER_LIST. I think this function (NdisAllocateNetBufferListContext) is being called at (IRQL>=Dispatchlevel) and the original NET_BUFFER has been unloaded (or part of that structure). So, if I'm right, what should I do? How to temporarily reduce IRQL, and then increase it.
... FilterSendNetBufferList(...., PNET_BUFFER_LIST pNBL, ...)
cloneNBL = NdisAllocateCloneNetBufferList(pNBL, ...);
RtlCopy (cloneNBL->Context->ContextData, NET_BUFFER_LIST_CONTEXT_DATA_START(pNBL), NET_BUFFER_LIST_CONTEXT_DATA_SIZE(pNBL),
And the second question.
So far I was cloning NET_BUFFER_LIST without any context structure and was sending that newly cloned NBL over the network, insteed of original NBL. As a result, I was able to ping from one host to another. But other more complex protocols didn't work properly. In particular, I couldn't see the shared directory on the other host when my driver was loaded. Is it due to missing NET_BUFFER_LIST_CONTEXT data?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||13-17 May 2024||Live, Online|
|Developing Minifilters||1-5 Apr 2024||Live, Online|
|Internals & Software Drivers||11-15 Mar 2024||Live, Online|
|Writing WDF Drivers||26 Feb - 1 Mar 2024||Live, Online|