Device Remove problem

OSR_Community_User · September 25, 2002, 11:38am

I’m having problems (I think) with reference counting
on events. My device extension contains a KEVENT. I
initialize it in my IRP_MN_START_DEVICE processing using
KeInitializeEvent(). At this point, I think the reference
count is 1.

I create a worker thread using PsCreateSystemThread().
This thread calls ObReferenceObjectByPointer() when it
starts, passing in the address of the event in my dev
ext. At this point, I think the reference count is 2.

When the driver is stopped, my IRP_MN_REMOVE_DEVICE
processing signals the event, and then releases its
reference using ObDereferenceObject(). At this point,
I think the reference count is 1.

When the worker thread gets the event, it exits its
processing loop, and tries to release its reference
using ObDereferenceObject(). Here’s where I get an
exception. the exception is in objref.c and says that
the handle is 0.

So, are my reference counts not what I think? When I
create an event with KeInitializeEvent(), don’t I destroy
it simply by calling ObDereferenceObject()?

Thanks.

john.

OSR_Community_User · September 25, 2002, 12:26pm

John Reilly wrote:

I’m having problems (I think) with reference counting
on events. My device extension contains a KEVENT. I
initialize it in my IRP_MN_START_DEVICE processing using
KeInitializeEvent(). At this point, I think the reference
count is 1.

The object manager is not responsible for this KEVENT, and it doesn’t
actually make sense to think about it having a reference count.

When the driver is stopped, my IRP_MN_REMOVE_DEVICE
processing signals the event, and then releases its
reference using ObDereferenceObject(). At this point,
I think the reference count is 1.

I’m not quite sure what you’re trying to accomplish here. Something you
*should* be trying to do is wait for your thread to exit before allowing
your driver to unload. The standard way to do that is to set a “kill”
event that will cause the thread to call PsTerminateSystemThread. Then
you wait on the thread object, which becomes signalled when the thread
exits. The mechanics, including some 98/Me compatibility notes, are
discussed in ch. 9 of my WDM book.

–
Walter Oney, Consulting and Training
Check out new US seminar schedule at http://www.oneysoft.com

OSR_Community_User · September 25, 2002, 12:36pm

Walter,

I have your book and have been consulting it since I posted the message.
I am trying to do as you suggest with the event; using it to signal my
thread to die.

I guess I’m confused now about the kernel event. Once I create it with
KeInitializeEvent(), how does it ever get destroyed? Does the kernel
“know” about this event? Or, as I suspect, is KEVENT just a data
structure that the kernel can queue up for waiting and signalling?

I have noticed in many samples (including your book) that events are
frequently created on the stack and left to go away when the stack is
unwound.

Thanks for your help. And, by the way, a great job on the book. I guess
I should read the whole thing now, huh?

Thanks again.

john.

OSR_Community_User · September 25, 2002, 12:55pm

> I create a worker thread using PsCreateSystemThread().

This thread calls ObReferenceObjectByPointer() when it
starts, passing in the address of the event in my dev> ext.

You cannot pass any KEVENT there, only the KEVENT allocated by object
manager.
They are - user-mode events and the result of
IoCreateNotificationEvent and IoCreateSynchronizationEvent.

Max

OSR_Community_User · September 25, 2002, 1:00pm

> I guess I’m confused now about the kernel event. Once I create it
with

KeInitializeEvent(), how does it ever get destroyed?

It does not. KeInitializeEvent just fills the structure with values.

Does the kernel “know” about this event?

No, unless somebody is waiting on it.

structure that the kernel can queue up for waiting and signalling?

Yes.

Max

OSR_Community_User · September 25, 2002, 2:43pm

the KEVENT is just a data structure which the kernel can use when
waiting and signalling. There is no global registration of them
anywhere and no call to “free” them.

an event “object” is a reference counted blob of memory allocated by the
executive which basically just contains an object manager header and an
KEVENT structure. These are created by calls like [Nt|Zw]CreateEvent,
IoCreateNotificationEvent, etc… You need to reference and dereference
these as their lifespans are controled by the object manager.

-p

-----Original Message-----
From: John Reilly [mailto:xxxxx@nexet.net]
Sent: Wednesday, September 25, 2002 9:38 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Device Remove problem

Walter,

I have your book and have been consulting it since I posted the message.

I am trying to do as you suggest with the event; using it to signal my
thread to die.

I guess I’m confused now about the kernel event. Once I create it with
KeInitializeEvent(), how does it ever get destroyed? Does the kernel
“know” about this event? Or, as I suspect, is KEVENT just a data
structure that the kernel can queue up for waiting and signalling?

I have noticed in many samples (including your book) that events are
frequently created on the stack and left to go away when the stack is
unwound.

Thanks for your help. And, by the way, a great job on the book. I
guess I should read the whole thing now, huh?

Thanks again.

john.

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · September 25, 2002, 2:51pm

Thanks guys! I appreciate the time you put in here.

john.