Hi all,
A question regarding the subj.
WFP callbacks are called asynchronously, sometimes at DPC level.
Say, I wanted to capture the stack of the calling thread in a callback.
This is entirely possible in a TDI filter (RIP), but seems to be unachievable using WFP (supposedly being the replacement).
What would you suggest?
Thanks in advance.
P.S. This would be possible by intercepting the AFD IOCTL interface, but, alas, it’s of course undocumented.
What would you suggest?
Redefine your problem in such way that the requirement in question simply disappears. This is the only right way to go. More on it below
This is entirely possible in a TDI filter
…because your callback is invoked in context of a thread that has actually originated the request, so that you can safely capture the target thread’s stack. However, if it is invoked in arbitrary context (i.e. the way it works with WFP filters) you simply have no control over what the thread of your interest is actually doing at the moment. For example,you may make a bold assumption that the target thread went blocking, and is in the waiting state at the moment, which means you can capture its stack. Although this scenario will work fine in most cases, consider what happens if the target thread receives an APC
Anton Bassov