Driver won't unload

Hi,

I’ve been developing a ‘filedisk’ driver which I’ve based very closely upon
the DriverWorks Ramdisk example.
The driver when loaded creates a control device. Upon receiving an Create
ioctl the controldevice creates a FILE_DEVICE_VIRTUAL_DISK device, which is
backed by a physical file. I use a ‘kernel’ file handle to
open/read/write/close the file to avoid problems with context - I do not
have any separate threads. I simply create a symlink to a drive letter.

The control device can also receive Close and Delete ioctls which in turn
delete the symlink, close the file and delete the device object.

Before I call Close or Delete, I call FSCTL_LOCK_VOLUME, followed by
FSCTL_DISMOUNT_VOLUME.

The problem is this:
If I format the drive as FAT, then everything works, and after closing and
deleting the device, I can unload the driver (net stop).
This works fine and appears completely stable.
However, if I format the drive as NTFS, then whilst everything works, and I
can close and delete the device without any problems, the driver will not
unload.

I’ve tracked the difference down to an instruction in NtUnloadDriver,
shortly after it calls IopCheckUnloadDriver. 2 instructions later it does:

cmp [EBP-58], BL ; where BL = 0

I’ve haven’t worked out exactly what EBP-58 is refering to, but its a valid
pointer to something (not one of my objects though I think), not a reference
count. Not sure why its only looking at the low end of the word though?

Is there something else I need to do (other than the FSCTL… calls above)
in order to be able to unload my driver??

Cheers
Rob


Rob Boltman
Principal Consultant
Detica Limited
Tel: +44 (0) 1483 442000
Fax +44 (0) 1483 442292

******************
This message should be regarded as confidential. If you have received it in error,
please notify the sender and destroy it immediately. Statements of intent shall only
become binding when confirmed in hard copy signed by an authorised signatory.
Detica limited is registered in England under No. 1337451.
Reg’d office:
Surrey Research Park, Guildford, Surrey, England, GU2 7YP.

******************


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

We have a driver with similar functionality and it can be unloaded with no
problems even if NTFS is used. So it is definitely possible. You haven’t
written details about failure. Is your Unload handler called or not? If it
isn’t, the usual reason is some outstanding reference to your device (any).
Examine reference count of all your devices before unloading and also before
deleting any device object.

To dismount volume we call FSCTL_LOCK_VOLUME, FSCTL_DISMOUNT_VOLUME and
FSCTL_UNLOCK_VOLUME. Note if FSCTL_DISMOUNT_VOLUME returns unsuccessful
status, volume isn’t dismounted and you can’t destroy device. It is usual
for NTFS drives, sometimes two dismounts are necessary and sometimes it is
necessary to wait when all apps close handles.

Sorry if everything I wrote is obvious, you haven’t written too much
details…

Best regards,

Michal Vodicka
Veridicom
(RKK - Skytale)
[WWW: http://www.veridicom.com , http://www.skytale.com]


From: Robert Boltman[SMTP:xxxxx@Detica.com]
Reply To: File Systems Developers
Sent: Thursday, August 23, 2001 1:04 PM
To: File Systems Developers
Subject: [ntfsd] Driver won’t unload

Hi,

I’ve been developing a ‘filedisk’ driver which I’ve based very closely
upon the DriverWorks Ramdisk example.
The driver when loaded creates a control device. Upon receiving an Create
ioctl the controldevice creates a FILE_DEVICE_VIRTUAL_DISK device, which
is backed by a physical file. I use a ‘kernel’ file handle to
open/read/write/close the file to avoid problems with context - I do not
have any separate threads. I simply create a symlink to a drive letter.

The control device can also receive Close and Delete ioctls which in turn
delete the symlink, close the file and delete the device object.

Before I call Close or Delete, I call FSCTL_LOCK_VOLUME, followed by
FSCTL_DISMOUNT_VOLUME.

The problem is this:
If I format the drive as FAT, then everything works, and after closing and
deleting the device, I can unload the driver (net stop).

This works fine and appears completely stable.
However, if I format the drive as NTFS, then whilst everything works, and
I can close and delete the device without any problems, the driver will
not unload.

I’ve tracked the difference down to an instruction in NtUnloadDriver,
shortly after it calls IopCheckUnloadDriver. 2 instructions later it does:

cmp [EBP-58], BL ; where BL = 0

I’ve haven’t worked out exactly what EBP-58 is refering to, but its a
valid pointer to something (not one of my objects though I think), not a
reference count. Not sure why its only looking at the low end of the word
though?

Is there something else I need to do (other than the FSCTL… calls above)
in order to be able to unload my driver??

Cheers
Rob


Rob Boltman
Principal Consultant
Detica Limited
Tel: +44 (0) 1483 442000
Fax +44 (0) 1483 442292

******************
This message should be regarded as confidential. If you have received it
in error,
please notify the sender and destroy it immediately. Statements of intent
shall only
become binding when confirmed in hard copy signed by an authorised
signatory.
Detica limited is registered in England under No. 1337451.
Reg’d office:
Surrey Research Park, Guildford, Surrey, England, GU2 7YP.

******************

You are currently subscribed to ntfsd as: xxxxx@rkk.cz
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Driver won’t unloadNTFS creates 5 “system” file objects like $BitMap with IoCreateStreamFileObject.
Each of them holds a reference on the disk device object below.
They are torn down only in FSCTL_UNLOCK_VOLUME which followed FSCTL_DISMOUNT_VOLUME, FSCTL_DISMOUNT_VOLUME does not tear them down.

So, to dismount an NTFS volume, use the following sequence:

FSCTL_LOCK_VOLUME
FSCTL_DISMOUNT_VOLUME
FSCTL_UNLOCK_VOLUME

I just had a BSOD bug on NT4 due to this problem.

Max
----- Original Message -----
From: Robert Boltman
To: File Systems Developers
Sent: Thursday, August 23, 2001 3:04 PM
Subject: [ntfsd] Driver won’t unload

Hi,

I’ve been developing a ‘filedisk’ driver which I’ve based very closely upon the DriverWorks Ramdisk example.
The driver when loaded creates a control device. Upon receiving an Create ioctl the controldevice creates a FILE_DEVICE_VIRTUAL_DISK device, which is backed by a physical file. I use a ‘kernel’ file handle to open/read/write/close the file to avoid problems with context - I do not have any separate threads. I simply create a symlink to a drive letter.

The control device can also receive Close and Delete ioctls which in turn delete the symlink, close the file and delete the device object.

Before I call Close or Delete, I call FSCTL_LOCK_VOLUME, followed by FSCTL_DISMOUNT_VOLUME.

The problem is this:
If I format the drive as FAT, then everything works, and after closing and deleting the device, I can unload the driver (net stop).

This works fine and appears completely stable.
However, if I format the drive as NTFS, then whilst everything works, and I can close and delete the device without any problems, the driver will not unload.

I’ve tracked the difference down to an instruction in NtUnloadDriver, shortly after it calls IopCheckUnloadDriver. 2 instructions later it does:

cmp [EBP-58], BL ; where BL = 0

I’ve haven’t worked out exactly what EBP-58 is refering to, but its a valid pointer to something (not one of my objects though I think), not a reference count. Not sure why its only looking at the low end of the word though?

Is there something else I need to do (other than the FSCTL… calls above) in order to be able to unload my driver??

Cheers
Rob


Rob Boltman
Principal Consultant
Detica Limited
Tel: +44 (0) 1483 442000
Fax +44 (0) 1483 442292

******************
This message should be regarded as confidential. If you have received it in error,
please notify the sender and destroy it immediately. Statements of intent shall only
become binding when confirmed in hard copy signed by an authorised signatory.
Detica limited is registered in England under No. 1337451.
Reg’d office:
Surrey Research Park, Guildford, Surrey, England, GU2 7YP.

******************

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com