Your original idea is correct. We use it for NT4 style driver for years. There is the only trap: when somebody tries to unload driver (net stop, SCM functions) and unload handler isn’t set in this moment, system remembers it and driver can’t be unloaded until reboot even if unload routine is set later. Some low level routines (ZwUnloadDriver) could work; I haven’t tried it.
It is also possible there are race conditions which can cause BSOD. I haven’t examined how system handles it but if there is something like
if (DriverObject->UnloadHandler != NULL) {
DriverObject->UnloadHandler(DriverObject);
}
even interlocked exchange may not be enough (may be if code is optimized enough). The risk depends how often you change unload handler state. Normally, it should be very low.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Ceri Coburn[SMTP:xxxxx@first4internet.co.uk]
Reply To: Windows System Software Devs Interest List
Sent: Friday, July 02, 2004 5:16 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] DriverUnload question
So there is no way to get this to work then?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: 02 July 2004 16:14
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] DriverUnload question
IIRC, if this in an NT4 style driver, unload is called while there are
still device objects that the driver created and it is up to the driver
to delete them before returning from unload. Bumping a ref count won’t
help here if that is the case.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ceri Coburn
Sent: Friday, July 02, 2004 7:55 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] DriverUnload question
Hi,
Ah I see. OK. Thanks very much for your help.
Ceri
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: 02 July 2004 15:53
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] DriverUnload question
No, call ObReferenceObject/ObDereferenceObject with a pointer to your
device
object. This will effective disable the unload routine, since the
system
will see the device in use.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
“Ceri Coburn” wrote in message
> news:xxxxx@ntdev…
> Hi,
>
> So essentially I would call IoGetAttachedDeviceReference to increment
> the reference count by one and then when I want to allow removal of the
> device I would then call ObDereferenceObject to decrement the reference
> count and allowing the removal of the driver.
>
> Is this what you meant?
>
> Thanks,
> Ceri
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: 02 July 2004 15:35
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] DriverUnload question
>
> Ok, to disable calling of unload, have you driver up the reference count
> to
> the device you create. This will effectively lock out calling unload,
> since
> the system knows the device is in use.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>
>
>
> “Ceri Coburn” wrote in message
> news:xxxxx@ntdev…
> The trouble is that we are developing software for parents to protect
> their kids, and as we all know kids these days are very adept when it
> comes to computers and most parents would not realise that their own>
> children have administrative privileges. The driver is not a WDM driver
> so I cannot respond to QUERY_REMOVE so I was just wondering if it is at
> all possible.
>
> If there are instability problems related to this then we would
> obviously have to consider them.
>
> Thanks
> Ceri
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: 02 July 2004 15:21
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] DriverUnload question
>
> This is a bad idea. You should be able to unload a driver at anytime,
> the
> system provides enough security that only someone with the correct
> permissions can unload a driver. If this is a WDM driver there is
> typically not a lot to do in unload anyway. Note if it is an unload
> routine, you can fail query remove so that you do not get unloaded
> (unless a
> surprise remove) occurs.
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>
> “Ceri Coburn” wrote in message
> news:xxxxx@ntdev…
> Hi,
>
> Is there a way I can set the DriverUnload routine dynamically so that
> the driver it’s self can decide whether it is able to be unloaded or
> not?
>
> So essentially I will not set the Unload routine in DriverEntry to
> prevent the driver removal using net stop but then later in the driver
> somewhere I can then update the DRIVER_OBJECT somehow to then allow then
> net stop to work.
>
> Many thanks
> Ceri
>
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@first4internet.co.uk
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@first4internet.co.uk
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@first4internet.co.uk
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit > http://www.messagelabs.com/email
>
>
>
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@first4internet.co.uk
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
>
>
>
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
