Driver hangs when user mode application calls OpenFile.
Is here some recursion on open? Windbg doesn’t catch it.
What reason can cause hang?
Code:
`NTSTATUS FsFilterDispatchPassThrough(
__in PDEVICE_OBJECT DeviceObject,
__in PIRP Irp
)
{
PFSFILTER_DEVICE_EXTENSION pDevExt = (PFSFILTER_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
IoSkipCurrentIrpStackLocation(Irp);
return IoCallDriver(pDevExt->AttachedToDeviceObject, Irp);
}
NTSTATUS FsFilterDispatchCreate(
__in PDEVICE_OBJECT DeviceObject,
__in PIRP Irp
)
{
// IoGetCurrentIrpStackLocation(Irp)->DeviceObject->
PFILE_OBJECT pFileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;
UNICODE_STRING devNameInfo;
RtlInitUnicodeString(&devNameInfo, NULL);
IoGetRelatedDeviceObject(pFileObject);
if (IoGetCurrentIrpStackLocation(Irp)->DeviceObject != NULL)
{
IoVolumeDeviceToDosName(IoGetCurrentIrpStackLocation(Irp)->DeviceObject, &devNameInfo);
}
// ObQueryNameString(pFileObject->DeviceObject, devNameInfo, devNameInfo != NULL ? maxDevNameSize : 0, &realSize);
// DbgPrint(“Open %Z %wZ\n”, devNameInfo, &pFileObject->FileName);
RtlFreeUnicodeString(&devNameInfo);
return FsFilterDispatchPassThrough(DeviceObject, Irp);
}
NTSTATUS DriverEntry(
__inout PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
UNREFERENCED_PARAMETER(RegistryPath);
NTSTATUS status = STATUS_SUCCESS;
ULONG i = 0;
UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
RtlInitUnicodeString(&deviceNameUnicodeString, deviceNameBuffer);
RtlInitUnicodeString(&deviceSymLinkUnicodeString, deviceSymLinkBuffer);
status = IoCreateDevice(DriverObject,
0, // For driver extension
&deviceNameUnicodeString,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_UNKNOWN,
FALSE,
&devObject);
if (!NT_SUCCESS(status))
{
DbgPrint("IoCreateDevice failed %X\n", status);
return status;
}
status = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
if (!NT_SUCCESS(status))
{
DbgPrint("IoCreateSymbolicLink failed %X\n", status);
return status;
}
g_fsFilterDriverObject = DriverObject;
status = PsSetCreateProcessNotifyRoutine(createProcessNotifyRoutine, FALSE);
if (!NT_SUCCESS(status))
{
DbgPrint("PsSetCreateProcessNotifyRoutine failed %X\n", status);
return status;
}
else
{
DbgPrint("PsSetCreateProcessNotifyRoutine success %X\n", status);
}
status = FltRegisterFilter(DriverObject,
&FilterRegistration,
&g_data.Filter);
if (!NT_SUCCESS(status))
{
DbgPrint("FltRegisterFilter failed %X", status);
return status;
}
status = FltStartFiltering(g_data.Filter);
if (!NT_SUCCESS(status))
{
FltUnregisterFilter(g_data.Filter);
return status;
}
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
{
DriverObject->MajorFunction[i] = FsFilterDispatchPassThrough;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = FsFilterDispatchCreate;
DriverObject->MajorFunction[IRP_MJ_READ] = FsFilterDispatchRead;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = FsFilterDispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = FsFilterDispatchIOControl;
DriverObject->FastIoDispatch = &g_fastIoDispatch;
status = IoRegisterFsRegistrationChange(DriverObject, FsFilterNotificationCallback);
if (!NT_SUCCESS(status))
{
return status;
}
DriverObject->DriverUnload = FsFilterUnload;
return STATUS_SUCCESS;
}`