Hello
I got a minifilter using Stream handle contexts, and an issue of memory leak that happen sometimes. I think this is due to a misunderstanding of the execution flow of contexts.
From what I know, contexts must be allocated / used / freed like this:
---- Creation
FltAllocateContext () => Increment +1 if succeed
Doing some internal allocations , in my example I need a UNICODE_STRING on the pool
FltSetStreamHandleContext() => Increment +1 if succeed
FltReleaseContext () => decrement -1
At this time, the context is allocated, and assigned. Its count is +1 so that we keep it alive
---- Retrieve (happen many times)
FltGetStreamHandleContext () => Increment +1 if succeed
FltReleaseContext () => decrement -1
At this time, we are still at +1
---- Cleanup
FltGetStreamHandleContext () => Increment +1 if succeed
FltReleaseContext () => decrement -1
FltReleaseContext () => decrement -1
=> This one is censed to decrease the count to 0, so that the cleanup routine is called.
The problem occurs as soon as I trigger the last FltReleaseContext in the cleanup callback. I got a immediate BSOD. see below for stack trace.
If I do not call this one, no BSOD but the strange thing is that most of the time the cleanup routine is called (why? my count is never of 0) but sometimes, as this should happen normally, the cleanup routine is not called and I got a memory leak, growing with time (seen with !verifier 0x7 in Windbg)
Someone got an idea of what I’m doing / understand wrong and why this cleanup routine is called even with no count at 0? When I unload the driver, all the objects which are “leaked” are freed at this time. Don’t know why also…