Hi,
We are developing a AV engine. Process create/delete calls are monitored in driver using PsSetCreateProcessNotifyRoutineEx
- Each of the create/delete call is entered in to a (single) queue (along with per create/delete KEVENT event).
- Once inserted, create/delete calls waits on their respective KEVENT
- User mode process which opens the device makes IOCTL calls to read create/delete pending queue items
- Once usermode gets an items one by one, it processes and sends the decision back (with PID as key to tie both ends)
- The driver matches the corresponding queue item and sets the event to wake up pending create/delete proc requests.
The issues is that when I run this console program from CMD, and if I try to close CMD, my program hangs forever.
And IOCTL calls are not generated anymore to the driver. So, all future process creation/deletions also hand.
The only option is to hard reboot the system.
Closing CMD windows generate delete call which is put in to queue. But, usermode program IOCTL read calls are stopped immediately after clicking on CMD close (???)
So, no body is reading the queue now. Its kind of dead lock. CMD is not getting deleted, and hence my program is not getting chance to terminate.
Request your help on understanding more of this and possible solutions??