Even if it “normally” allocates the IRP on the fly, you can’t guarantee
that it will always do so. I doubt you can guarantee it now, but you
certainly can’t guarantee it for the future.
Also, among many other problems, you need to worry about race conditions
and other third party interactions. What if someone *else* sends an
IRP_MN_QUERY_PNP_DEVICE_STATE just before you attach (perhaps as a
result of calling IoInvalidateDeviceState)? Could you ever really be
sure the OS couldn’t allocate the Irp based on the stack that was
present just before you attached?
I will say that most of the usual complaints about on-the-fly filters
probably don’t really apply to a filter whose only purpose is to destroy
the device stack.
BTW, there probably isn’t any safe way to directly force all the open
handles to be closed.
What are you actually trying to accomplish here (i.e. why do you want to
do this)? It’s possible there’s some other way to do what you want. I’m
trying to imagine a scenario where I would think it was a good idea to
rip a device out from underneath someone that was actively using it, and
I’m struggling…
You might be able to use the user-mode APIs to disable the device (and,
as a result, tear down the driver stack), but I’m not sure what, if
anything, that will do if there are open handles. Try it with Device
Manager or devcon and see what happens.
Also, if it’s a particular device that you know you want to do this to
(for some reason related to the use of the device), you could always
just install yourself as a filter all the time and pass through
everything except when needed.
Shahar Talmi wrote:
Mark,
First: I know we discussed similar cases before (how can I forget ?), but I
think this case is a bit different:
The only thing this “on the fly filter” does is participate in handling
*one* type of IRP which can be sent *only* by the plug and play manager.
Don’t you think this is possible?
Second: The first method I suggested is probably unsafe and I hope someone
here can give me a reason it is dangerous, but what do you think about the
second method? Is it possible? Can you suggest a way to implement it?
Thanks,
Shahar
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Wednesday, December 01, 2004 8:40 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Brutally removing a device
We have discussed similar nonsense here repeatedly, and the general
consensus is ‘do not do this’. On the fly filter drivers are currently not
part of the NT design parameters. As the inimitable Don Burn might say,
please let me know what product this functionality will be incorporated in
so that I may be sure to never have this product anywhere near any computer
I have to use.
=====================
Mark Roddy
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shahar Talmi
Sent: Wednesday, December 01, 2004 12:30 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Brutally removing a device
Hi,
I’m looking for a way to remove a started device stack in which my driver is
not a member.
I thought about two options, but I’m not sure if any of them is legitimate
or safe:
- Attach a filter device to the running stack which forwards all IRP’s to
the lower device (always using IoSkipCurrentIrpStackLocation() so I will not
risk a NO_MORE_IRP_STACK_LOCATIONS bug check) except for
IRP_MN_QUERY_PNP_DEVICE_STATE for which I set a completion routine that
turns on the PNP_DEVICE_FAILED bit in the Information field of the iosb.
After the filter is attached I will call IoInvalidateDeviceState() and this
will eventually get the device to be surprise removed since the filter is
going to turn on the PNP_DEVICE_FAILED bit.
- Somehow close all the open handles to the device stack (can anyone give
me a clue about how this can be done?) and then request to remove the device
using user mode API.
Can anyone suggest a new method or tell me why I should not use one of those
two?
Thanks,
Shahar
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
–
…/ray..
Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.