Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Difference between a stream context and a stream handle context

AlbertAlbert Member - All Emails Posts: 504
in NTFSD

trying to understand the difference, is the stream context shared across processes which load/use the same object, like say kernel32.dll? I have seen silter manager free stream contexts way way after the process itself has been destroyed, why is that?

· Share on Facebook

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,239
    • A Stream Context is associated with the Stream (which is to say that c:\foo has a different context from c:\foo:bar). It stays around for the life of the file system's data structures for the stream. There is a 1 to 1 correspondence between the Stream Context and FileObject->FsContext.
    • A Stream Handle Context is associated with a single Open/Create of the stream. Which is to say that if the same or different thread in the same or different process has the same stream open twice then there will be two Stream Handle Contexts. There is a 1 to 1 correspondence between the Stream Handle Context and FileObject->FsContext2. You can think of the Stream Handle Context being associated with a HANDLE (although the pedantic will point out that duplicated and inherited handles confuse things and stop that being 100% true).
    • Both types of context can and often do outlive the application issuing an Close on the handle. This is because the file system and other subsystems will conspire to keep the context alive - for instance to allow caching of the contents after the application has done with it.
    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 19-23 June 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online

Categories