I playing with Inspect sample from Microsoft which illustrates the use of different WFP callouts. I noticed that once I am associating my own context to a flow handle in ALE_AUTH_CONNECT_V4 using FwpsFlowAssociateContext0 I am starting to have problems with driver unloading/loading.
I.e., if I unload driver using
net stop inspect
and then load it using
net start inspect
I receive the following error:
System error 2 has occurred.
The system cannot find the file specified.
It tried to unregister all the flow contextes using FwpsFlowRemoveContext0 in Unload routine (I kept them in list and then just iterate over list and call FwpsFlowRemoveContext0 on each element) but this does not help.
If I do not associate context with flow handle I don't have any problems: I can load/unload driver in stress tests script and everything works for days.
I have, therefore the following questions:
1. Why OS gives such a strange error message on load? It could have cancelled the unloading of driver as long as there are any pending contextes associated with the flow handles?
2. Why even after removing the context with FwpsFlowRemoveContext0 I still have the problem?
3. If it is a bug of Windows, is there any KB article explaining it?
Thanks for any thoughts on this!