Help on MDLGetSystemAddressForMDLSafe and abnormal app termination...

NTDEV
1

Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in __try and __except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh

2

Enqueue the IRP in the thread IRP queue ?
----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 4:32 PM
Subject: [ntdev] Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in __try and __except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

3

Could be a lot of things.

In the case of an application exiting one of the first things that you would see would be calls to CANCEL any pending IRPs. The CLEANUP and CLOSE routines won’t be called until the IRPs are cancelled.

Do you have any pending IRPs in this situation? If so, have you registered a CANCEL routine and is it being called?

Good luck,

Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
http: - http:
“Subodh Gupta” wrote in message news:xxxxx@ntdev…
Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in try and except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh</http:></http:>

4

Hi Dan,

Do you mean to say i need to write StartIo and Cancel routines and need to implement some internal device queue or use system queues to make it work ???.

Pls elaborate in much Detail…

– Subodh
----- Original Message -----
From: Dan Partelly
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 7:17 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Enqueue the IRP in the thread IRP queue ?
----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 4:32 PM
Subject: [ntdev] Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in __try and __except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@leadbyte.com
To unsubscribe send a blank email to %%email.unsub%%

5

Nah , sorry I was thinking to another thing. IOCTLs IRPs which are built throgh system provided routines are already enqueued into thread IO queue. If the thread dies, exactly like Thomas Divine said, the OS will begin
some rundown operations, which include canceling all thread IO. You should provide cancel routines.

----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 5:46 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi Dan,

Do you mean to say i need to write StartIo and Cancel routines and need to implement some internal device queue or use system queues to make it work ???.

Pls elaborate in much Detail…

– Subodh
----- Original Message -----
From: Dan Partelly
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 7:17 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Enqueue the IRP in the thread IRP queue ?
----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 4:32 PM
Subject: [ntdev] Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in __try and __except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@leadbyte.com
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

6

Dan ,
I am getting confused …
pls elaborate on the subject that -
where should i keep this IRP - if i use system q or if i use device maintained q?
how can i keep it pendig for the period untill the application exits or gets terminated abnormally ? is it permitted in NT ??
regards…
– Subodh

----- Original Message -----
From: Dan Partelly
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 8:36 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Nah , sorry I was thinking to another thing. IOCTLs IRPs which are built throgh system provided routines are already enqueued into thread IO queue. If the thread dies, exactly like Thomas Divine said, the OS will begin
some rundown operations, which include canceling all thread IO. You should provide cancel routines.

----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 5:46 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi Dan,

Do you mean to say i need to write StartIo and Cancel routines and need to implement some internal device queue or use system queues to make it work ???.

Pls elaborate in much Detail…

– Subodh
----- Original Message -----
From: Dan Partelly
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 7:17 PM
Subject: [ntdev] Re: Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Enqueue the IRP in the thread IRP queue ?
----- Original Message -----
From: Subodh Gupta
To: NT Developers Interest List
Sent: Tuesday, September 03, 2002 4:32 PM
Subject: [ntdev] Help on MDLGetSystemAddressForMDLSafe and abnormal app termination…

Hi all,

I am writing an IP filter hook driver, and i am having troubles when i send a lage buffer to the driver via a custom IOCTL which uses METHOD_IN_DIRECT.
the driver call MmGetSystemAdressForMDLSafe to directly write the captured IP packets in this buffer.

But when the application abnormally terminates it remains in the memory (as task manager shows it still running…). The driver is not sent any IRP_MJ_CLEANUP or IRP_MJ_CLOSE . In this routiones i have added MmUnmapLocked pages call in __try and __except blocks.
but they dont get called…
DDK says that NT calls this routines if application abnormally terminates but why they dont get called in this case ??
Any help is appreciated…

—Subodh

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@leadbyte.com
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@leadbyte.com
To unsubscribe send a blank email to %%email.unsub%%

7

If you return STATUS_PENDING on the IRP, you need to set a Cancel routine in the IRP so that when the user process terminates, the Cancel routine will be called for you to do the cleanup. See IoSetCancelRoutine in the DDK help and samples.
“Subodh Gupta” wrote in message news:xxxxx@ntdev…
Dan ,
I am getting confused …
pls elaborate on the subject that -
where should i keep this IRP - if i use system q or if i use device maintained q?
how can i keep it pendig for the period untill the application exits or gets terminated abnormally ? is it permitted in NT ??
regards…
– Subodh