Well, as a matter of fact it works.
Well, the above statement simply confirms my previous post. Basically, you claim the following :
- You call IoCreateFile() on a symlink that corresponds to the name of a nonexistent, at the moment, device - its driver is not even loaded at the moment
- As a result, the driver in question gets loaded, and the target device gets created
The above scenario simply contradicts everything that I know about Windows drivers in so far…
I assume a swenum.sys device receives the IRP_MJ_CREATE, and it loads mskssrv.sys and creates the appropriate device.
If we were speaking about sending an IRP the device that gets created (and, hence,owned) by swenum.sys, everything would
make a perfect sense, at least from the logical standpoint. Certainly, this is still not the way Windows drivers actually work,
but, unlike your suggestions, at least it does not throw the common sense and conventional wisdom out of the window.
However, according to you, it is mskssrv.sys and not swenum.sys who is supposed to create it. Why on Earth would swenum.sys even receive IRP_MJ_CREATE then??? Has it ever occurred to you to think this way?
It’s loaded as an upper driver of \Driver\swenum, device \Device\KSENUM#0000000b.
Well, this part explains everything. The key point here is that we are speaking about PnP drivers. If it is an “upper driver” for something
(i.e. happens to be a filter or FDO), it attaches its device to the stack that is built on top of some PDO. A device that it attaches to the stack is unnamed. Besides this, it may also create named devices as well . They may act as PDOs (i.e the driver in question acts as a bus driver) , as well as standalone control devices that are not a part any PnP stack.
Judging from your description, a device that your symbolic link points to is a named PDO that has been created by some bus driver (it may or may not be swenum.sys, depending on the role of the latter in the particular PnP stack), and not by mskssrv.sys as you seem to believe.
The latter driver gets dynamically loaded and unloaded by PnP in response to IoInvalidateDeviceRelations() call on the target device
that gets made by its parent bus driver, and not in response to your IoCreateFile() one as you seem to believe…
Therefore, you simply give a wrong interpretation of the things that you observe, and provide us with a misleading information…
Anton Bassov