Hi,
I know that this function was discussed in the past many times, however I have a strange Probleme with it and cannot find a solution.
Code:
FilterGetMessage - with lpOverlapped = NULL is regular called in a (win32) worker thread.
If the mini Filter calls FltSendMessage (no reply) FilterGetMessage returns S_OK and the received message - only 1 DWORD32 - is correct.
So far, kernel to user communication is established and correct. However, with every FilterGetMessage call the memory usage increases?
- I do not allocate memory in the kernel nor in the User worker thread.
- To find the memory leak I comment out FltSendMessage in the kernel. Memory usage still increasing, so the kernel cannot be the source of fault.
- I comment out FilterGetMessage in the user thread, now the memory usage does no long increase and remains stable!
Strange too is that FilterGetMessage - (wth lpOverlapped = NULL) - returns immediately. The MS DOC however says “… the caller is put into a wait state until a message is received.”
That’s not the case.
Summary:
FilterGetMessage returns immediately even no FltSendMessage has been executed in the kernel. The function returns S_OK evn in that case. Every call of FilterGetMessage increases the memory usage until it is exhausted and the test computer hangs up.
Here’s a cutout of my code:
typedef struct _DLLFILTER_MESSAGE
{
// Required structure header.
FILTER_MESSAGE_HEADER MessageHeader;
// payload
DWORD32 dwKernelCommand;
}FILTER_MESSAGE;
FILTER_MESSAGE strcMessageFromFilter;
DWORD32 dwMessageSendBufferSize = sizeof(FILTER_MESSAGE_HEADER) + sizeof(DWORD32);
HRESULT hResult = FilterGetMessage(hConnectionClientPort, &strcMessageFromFilter.MessageHeader, dwMessageSendBufferSize, NULL);
if (FAILED(hResult))
{ … }
This code is so simple, but I’m obviously doing doing something wrong, but what?
Please help.
Dietmar