Loop in filter oplock

I’m trying to wtite an user-mode application with filter oplock.

NtCreateFile(&file_handle, FILE_READ_ATTRIBUTES, &oa, &iostatus, nullptr, 0, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN, FILE_RESERVE_OPFILTER, nullptr, 0);

returns STATUS_SUCCESS.

NtFsControlFile(file_handle, nullptr, nullptr, nullptr, &iostatus, FSCTL_REQUEST_FILTER_OPLOCK, nullptr, 0, nullptr, 0);

returns STATUS_PENDING (success).

and if I call for example:

NtCreateFile(&file_handle, SYNCHRONIZE | FILE_READ_DATA, &oa, &iostatus, nullptr, 0, FILE_SHARE_READ, FILE_OPEN, 0, nullptr, 0);

it rises in an endless cycle. There is only one handle of this file.
I expected to read file and don’t give sharing violation error to other applications. But my application can’t read file too.
What have I done wrong?

Not something I’ve done a lot of but looking here it looks as though you are expected to provide both an input and an output buffer.

I’ve not looked recently but @Ladislav_Zezula added oplocks to the awesome filetest some time ago. I’d go look at it. That might provide insight

FSCTL_REQUEST_OPLOCK is only from Windows 7. So I use FSCTL_REQUEST_FILTER_OPLOCK and MSDN says that buffer should be zeroes.
I used FileTest, but it don’t create oplocks, I only can set the FILE_RESERVE_OPFILTER in create options, as I understood :frowning:

FSCTL_REQUEST_OPLOCK is only from Windows 7. So I use FSCTL_REQUEST_FILTER_OPLOCK
I beg your pardon, I didn’t check my search output carefully enough.

I used FileTest, but it don’t create oplocks,
I think you want to download a newer version. See for instance the code here Note that it sets the second parameter to {{NtFsControlFile}}

Also I’m assuming that you have missed out the bit where you acknowledge the oplock (but bear in mind that I haven’t done much umode programming of oplocks)

Oh, you are right, sorry, newer version has it!
As I understood from programm:

  1. I open file with FILE_READ_ATTRIBUTES and all FILE_SHARE_XXX.
  2. Use ioctl (FSCTL_REQUEST_FILTER_OPLOCK) to get filter oplock.
    And after I try open file as monopoly access (without any FILE_SHARE_XXX)? But It breaks the oplock immediately, so I can’t get new handle without FILE_SHARE_XXX.
    What can I do in this situation? I need open file monopoly and other application shouldn’t get sharing violation error.

I’d be tempted to take a look at procmon or filetest and see what’s breaking the oplock (but thats how my mind works). I’d also prototype it all in FileTest.

And beware of applications calling with “COMPLETE_IF_OPLOCKED”

The described scenario you provided should work. That is the correct way to acquire a filter oplock with a “reservation” from the create.
Possible things that may break oplocks are filters on the stack.
Can you please post what other FS filters are on the stack. Post the output of “fltmc” from an elevated cmd.

Thanks,
Gabriel