Hi,
I’ve been developing a ‘filedisk’ driver which I’ve based very closely upon
the DriverWorks Ramdisk example.
The driver when loaded creates a control device. Upon receiving an Create
ioctl the controldevice creates a FILE_DEVICE_VIRTUAL_DISK device, which is
backed by a physical file. I use a ‘kernel’ file handle to
open/read/write/close the file to avoid problems with context - I do not
have any separate threads. I simply create a symlink to a drive letter.
The control device can also receive Close and Delete ioctls which in turn
delete the symlink, close the file and delete the device object.
Before I call Close or Delete, I call FSCTL_LOCK_VOLUME, followed by
FSCTL_DISMOUNT_VOLUME.
The problem is this:
If I format the drive as FAT, then everything works, and after closing and
deleting the device, I can unload the driver (net stop).
This works fine and appears completely stable.
However, if I format the drive as NTFS, then whilst everything works, and I
can close and delete the device without any problems, the driver will not
unload.
I’ve tracked the difference down to an instruction in NtUnloadDriver,
shortly after it calls IopCheckUnloadDriver. 2 instructions later it does:
cmp [EBP-58], BL ; where BL = 0
I’ve haven’t worked out exactly what EBP-58 is refering to, but its a valid
pointer to something (not one of my objects though I think), not a reference
count. Not sure why its only looking at the low end of the word though?
Is there something else I need to do (other than the FSCTL… calls above)
in order to be able to unload my driver??
Cheers
Rob
–
Rob Boltman
Principal Consultant
Detica Limited
Tel: +44 (0) 1483 442000
Fax +44 (0) 1483 442292
******************
This message should be regarded as confidential. If you have received it in error,
please notify the sender and destroy it immediately. Statements of intent shall only
become binding when confirmed in hard copy signed by an authorised signatory.
Detica limited is registered in England under No. 1337451.
Reg’d office:
Surrey Research Park, Guildford, Surrey, England, GU2 7YP.
******************
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com