Hi!
I’ve written a filter driver that monitors I/O. The driver works, but now I need it to communicate with a User Mode application. I need the driver to send a message to a user mode application every time it catches I/O, and to wait for an answer from the application.
And only after the application answers, the driver should continue working on the IRP caught.
Can anyone help me with that?
I would be very thankful…
If this is a mini-filter there are built in libraries to do this. If it is
a legacy filter, look at “inverted call” (search OSR for a good article).
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Hi!
>
> I’ve written a filter driver that monitors I/O. The driver works, but now
> I need it to communicate with a User Mode application. I need the driver
> to send a message to a user mode application every time it catches I/O,
> and to wait for an answer from the application.
> And only after the application answers, the driver should continue
> working on the IRP caught.
>
> Can anyone help me with that?
>
> I would be very thankful…
>
I’m writing a legace driver. I’ve read about inverted call, and it doesn’t give me what I need…
I need to send a message to a user mode application, wait for an answer, and then continue the IRP from the same point.
Maybe I don’t understand something here… Can be many instances of the driver open? Or every time I communicate with the driver it’s the same one, and it’s variables are the same every time?
Inverted calls will work just fine.
For communication create another device object (known as the control device
object or CDO). Typically, you may create a symbolic link to this device
object to make it easy to open.
Now for the IOCTL model. send a bunch of IOCTL’s with no input buffer into
the driver these are pended immediately until the driver needs to send data
to the application.
When data needs to be sent, the driver completes one of these pended
IOCTL’s with the data to be sent to the application in the output buffer.
As part of this data, is an ID that identifies the request to the
application. The driver then pends the file system IRP that triggered the
message, associating the ID with the IRP.
The application processes the message, and sends its response by issuing
the IOCTL again, but this time with an input buffer that indicates the
result and the ID it is for. The driver recieves this result, handed the
file system IRP as indicated by the result, and pends the IOCTL to be used
again.
There is only one instance of a device driver in the system. There can be
multiple devices for a given driver, but there is only one instance of the
code and global variables.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> I’m writing a legace driver. I’ve read about inverted call, and it
> doesn’t give me what I need…
>
> I need to send a message to a user mode application, wait for an answer,
> and then continue the IRP from the same point.
>
> Maybe I don’t understand something here… Can be many instances of the
> driver open? Or every time I communicate with the driver it’s the same
> one, and it’s variables are the same every time?
>
Now I understand how it works. Is it explained in that OSR article how to do it?
Note that, at least in some FSD’s paths, making an inverted call can cause
a deadlock.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Hi!
>
> I’ve written a filter driver that monitors I/O. The driver works, but now I
need it to communicate with a User Mode application. I need the driver to send
a message to a user mode application every time it catches I/O, and to wait for
an answer from the application.
> And only after the application answers, the driver should continue working on
the IRP caught.
>
> Can anyone help me with that?
>
> I would be very thankful…
>
Is there another way to do it? For example, use a place in the memory in order to send information?
And then to wait for an answer with a While loop?
The deadlock that Max is referring to has nothing to do, directly, with
the method of communication. It has more to do with the request which
you are blocking and then trying to get a user mode thread to do work on
its behalf.
There are a ton of threads in this forum that cover these situations.
Pete
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
xxxxx@gmail.com wrote:
Is there another way to do it? For example, use a place in the memory in order to send information?
And then to wait for an answer with a While loop?
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsYou are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Can you show me a few such threads? I would be very thankful…
Yes, it is.
http://www.osronline.com/article.cfm?id=94
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, September 01, 2007 09:03
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Communication between a driver and a User Mode
application
Now I understand how it works. Is it explained in that OSR article how
to do it?
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
They’re are a ton of them, and they go on forever. However, I can
summarize all of them:
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, September 01, 2007 12:46
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Communication between a driver and a User Mode
application
Can you show me a few such threads? I would be very thankful…
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
In essence, you can wait during:
Pre-create (be very careful, not to cause reentry, this is the one
path that gets crowded too fast)
Rename/Delete
Directory listing (not recommended, this is worse than callback
during Open)
You can’t wait during:
Read/write/flush
Close sometimes.
Dejan.
xxxxx@gmail.com wrote:
Can you show me a few such threads? I would be very thankful…
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Hi Dejan Maksimovic:
In essence, you can wait during: Pre-create (be very careful, not to cause reentry, this is the one >path that gets crowded too fast) Rename/Delete Directory listing (not recommended, this is worse >than callback during Open) You can’t wait during: Read/write/flush Close sometimes.
what is the can wait during and the can not wait? Is it the circumstance that is safe to wait and not safe? If so why read/write is not safe and how to implement the invert calls in read/write opration?
> what is the can wait during and the can not wait? Is it the circumstance that is safe to wait and not safe?
Yes.
If so why read/write is not safe and how to implement the invert calls in read/write opration?
No way. Don’t try to do callbacks during read/write, you will cause a deadlock.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
So it means that I can’t call a user mode application, and wait for it’s answer from a write IRP?
Maybe I can use a memory block to exchange data between the driver and a user mode application?
If I can’t, can I read information from a database (For example SQL Server) in a driver?
Thanks!
wrote in message news:xxxxx@ntfsd…
> So it means that I can’t call a user mode application, and wait for it’s
> answer from a write IRP?
>
> Maybe I can use a memory block to exchange data between the driver and a
> user mode application?
>
> If I can’t, can I read information from a database (For example SQL
> Server) in a driver?
NO, NO, NO and NO. The problem is not calling user space, it is when you
have choosen to do this. You need to design things so that when the file
is opened a policy is given to the filter. That policy is then used to
handle the question of what can be done to the file.
Any of the above are still potentially putting a block in a path that
should not be blocked. Redesign your model.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
Ok, so how can I interrupt the Create IRP, and wait for an answer from an application in the Create IRP?
You can catch the Create IRP easily with a filter. Then use the inverted
call to go to the application and wait for a response.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Ok, so how can I interrupt the Create IRP, and wait for an answer from an
> application in the Create IRP?
>
Yes, no, no.
Don’t attempt anything in user mode during read/write - PERIOD. If you want an explanation -
because of a likely deadlock. If you want further explanation, read the docs and books, I doubt
anyone will type more than this.
xxxxx@gmail.com wrote:
So it means that I can’t call a user mode application, and wait for it’s answer from a write IRP?
Maybe I can use a memory block to exchange data between the driver and a user mode application?
If I can’t, can I read information from a database (For example SQL Server) in a driver?
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Inverted call, or FltSendMessage in a mini-filter.
xxxxx@gmail.com wrote:
Ok, so how can I interrupt the Create IRP, and wait for an answer from an application in the Create IRP?
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.