We have FS MiniFilter which caused a crash on user’s system when it receives IRP_MN_CANCEL_REMOVE_DEVICE. Though I was able to identify the cause of crash and fix, the BIG issue remains that we are not able to test our driver by sending this particular IRP. I tried to create a VHD, attach it and remove it. My question is how we can make system send this IRP to our driver for testing purpose or are there any other mechanism to achieve this. Any comment is highly appreciated. Thanks.
Well that is an ugly problem. In general FS minifilters are not directly involved in pnp operations, so I assume your problem was a side effect of the cancel. Anyhow, offhand, you could create a filter driver for one of the storage stacks and have that explicitly reject an IRP_MN_QUERY_REMOVE request. That seems like a lot of work. There also might be something usable in the HLK test programs. In particular you could probably use DF - PNP Cancel Remove Device Test - see https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/53c9e4a3-147a-4590-be9a-de6104f8d84b, but as always there is a lot of setup and other stuff with these tests that can be time consuming to get right.
the BIG issue remains that we are not able to test our driver by sending this particular IRP
OK… I’ll ask: Why not? I mean… you’re not SUPPOSED to do so, but what prevents you from building the IRP and sending it? I’ve done that a lot, for diagnostic reasons, for OTHER “reserved to the system” IRPs in the past and it DID work just fine…
Peter
The WDK used to have the pnpdtest utility which made this incredibly easy to test. Now it’s wrapped up in DevFund somewhere so it’s no longer incredibly easy to test…Progress!
Anyhow:
You should be able to see the IRP_MN_CANCEL_REMOVE if you have a file open when you try and disable/remove the volume. Probably cheap out using PowerShell and DevCon (from the WDK):
Open a file:
$file = [System.IO.File]::Open(“f:\foo.txt”, “OpenOrCreate”, “Read”)
Try to disable all volumes (because I’m lazy):
devcon disable "Storage\Volume"
If all goes according to plan you should see a query remove followed by the cancel…Then make sure you enable the volumes again ?
devcon enable "Storage\Volume"
Thanks for your answers. I have used Scott’s response for now. but I am in process of doing this via IRP building and then will go to HLK. Thanks once again for support.