is PsTerminateSystemThread reqd?

NTDEV
1

Hi,

I have created a system thread using
“PsCreateSystemThread” call:

  1. Do I need to explicitly call
    “PsTerminateSystemThread” while termination of the
    thread or just the return from the system thread will
    do??
  2. Can this thread exit with IRQL at DISPATCH_LEVEL
    i.e. while unload of the driver I try to kill this
    thread, so I wait for the single object using
    “KeWaitForSingleObject” on driver unload and then
    thread exit by calling “KeSetEvent” and the wait flag
    is “TRUE”, so as per the DDK “KeSetEvent return to the
    caller is executed without lowering IRQL or releasing
    the dispatcher database spin lock”. I have done
    “KeSetEvent” with wait=TRUE because if I give false
    then the “unload” thread is executed before System
    thread can call return and thus driver is unloaded by
    giving error as
    “DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS”.

thanks
Uday

Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/

2

This is just a bug in your implementation.

In your driver unload routine, you should have waited for your worker thread
to terminate (by using KeWaitForSingleObject). Assuming you have the
original thread handle, you can obtain a pointer to the thread object
(ObReferenceObjectByHandle). Use that object as the dispatcher object when
you call KeWaitForSingleObject in your unload routine. Then dereference the
thread object (ObDereferenceObject) and you may safely return from your
unload routine.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Uday [mailto:xxxxx@yahoo.co.in]
Sent: Friday, July 04, 2003 6:12 AM
To: NT Developers Interest List
Subject: [ntdev] is PsTerminateSystemThread reqd?

Hi,

I have created a system thread using
“PsCreateSystemThread” call:

  1. Do I need to explicitly call
    “PsTerminateSystemThread” while termination of the
    thread or just the return from the system thread will
    do??
  2. Can this thread exit with IRQL at DISPATCH_LEVEL
    i.e. while unload of the driver I try to kill this
    thread, so I wait for the single object using “KeWaitForSingleObject” on
    driver unload and then thread exit by calling “KeSetEvent” and the wait flag
    is “TRUE”, so as per the DDK “KeSetEvent return to the caller is executed
    without lowering IRQL or releasing the dispatcher database spin lock”. I
    have done “KeSetEvent” with wait=TRUE because if I give false then the
    “unload” thread is executed before System thread can call return and thus
    driver is unloaded by giving error as
    “DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS”.

thanks
Uday

Send free SMS using the Yahoo! Messenger. Go to
http://in.mobile.yahoo.com/new/pc/

You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

Uday,
If I were you I do the following.

  1. Declare an event say StopThread and initialize it to non-Signaled
    state
  2. Perodically or wait on this event in your thread. (For example you
    could use wait for multiple objects and one of it can be StopThread
    event.
  3. In system thread if you see StopThread is in signaled state return
  4. When you are unloading set the StopThread event to signaled state and
    wait on the thread handle (handle returned from the
    PsCreateSystemThread).
  5. When the wait in your unload routine is satisfied, you are sure that
    your system thread is terminated.

-Srin.

-----Original Message-----
From: Uday [mailto:xxxxx@yahoo.co.in]
Sent: Friday, July 04, 2003 3:12 AM
To: NT Developers Interest List
Subject: [ntdev] is PsTerminateSystemThread reqd?

Hi,

I have created a system thread using
“PsCreateSystemThread” call:

  1. Do I need to explicitly call
    “PsTerminateSystemThread” while termination of the
    thread or just the return from the system thread will
    do??
  2. Can this thread exit with IRQL at DISPATCH_LEVEL
    i.e. while unload of the driver I try to kill this
    thread, so I wait for the single object using
    “KeWaitForSingleObject” on driver unload and then
    thread exit by calling “KeSetEvent” and the wait flag
    is “TRUE”, so as per the DDK “KeSetEvent return to the
    caller is executed without lowering IRQL or releasing
    the dispatcher database spin lock”. I have done
    “KeSetEvent” with wait=TRUE because if I give false
    then the “unload” thread is executed before System
    thread can call return and thus driver is unloaded by
    giving error as
    “DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS”.

thanks
Uday

Send free SMS using the Yahoo! Messenger. Go to
http://in.mobile.yahoo.com/new/pc/

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

> 1) Do I need to explicitly call

“PsTerminateSystemThread” while termination of the
thread or just the return from the system thread will
do??

No. This will lead to skipping the cleanup routines associated with a
thread.

  1. Can this thread exit with IRQL at DISPATCH_LEVEL

No.

then the “unload” thread is executed before System

In Unload routine, wait for your system thread termination, just on
KTHREAD pointer. Note that this does not work on Win9x.

Max

5

> 1. Declare an event say StopThread and initialize it to non-Signaled

This still leaves a window.
This can be done only on Win9x, where you cannot wait on the thread
itself.

Max

6

Max,
The thread is created only after the event is created and
initialized.
You need some mechanism to let the thread no, that it has to stop
processing and return to grave.
Do you feel there is a window when the thread is created after
the event is created and initialized?

-Srin.

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Friday, July 04, 2003 9:21 AM
To: NT Developers Interest List
Subject: [ntdev] RE: is PsTerminateSystemThread reqd?

> 1. Declare an event say StopThread and initialize it to non-Signaled

This still leaves a window.
This can be done only on Win9x, where you cannot wait on the thread
itself.

Max

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

7

Sorry, looks like I must have more attention. Yes, the solution
where the event is used to command the thread to exit, and Unload
waits on the thread itself - is OK.

Max

----- Original Message -----
From:
To: “NT Developers Interest List”
Sent: Friday, July 04, 2003 8:33 PM
Subject: [ntdev] RE: is PsTerminateSystemThread reqd?

> Max,
> The thread is created only after the event is created and
> initialized.
> You need some mechanism to let the thread no, that it has to stop
> processing and return to grave.
> Do you feel there is a window when the thread is created after
> the event is created and initialized?
>
> -Srin.
>
> > -----Original Message-----
> > From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> > Sent: Friday, July 04, 2003 9:21 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: is PsTerminateSystemThread reqd?
> >
> > > 1. Declare an event say StopThread and initialize it to
non-Signaled
> >
> > This still leaves a window.
> > This can be done only on Win9x, where you cannot wait on the
thread
> > itself.
> >
> > Max
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@nai.com
> > To unsubscribe send a blank email to
xxxxx@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to
xxxxx@lists.osr.com
>

8

Uday wrote:

I have created a system thread using
“PsCreateSystemThread” call:

  1. Do I need to explicitly call
    “PsTerminateSystemThread” while termination of the
    thread or just the return from the system thread will
    do??
  2. Can this thread exit with IRQL at DISPATCH_LEVEL
    i.e. while unload of the driver I try to kill this
    thread, so I wait for the single object using
    “KeWaitForSingleObject” on driver unload and then
    thread exit by calling “KeSetEvent” and the wait flag
    is “TRUE”, so as per the DDK “KeSetEvent return to the
    caller is executed without lowering IRQL or releasing
    the dispatcher database spin lock”. I have done
    “KeSetEvent” with wait=TRUE because if I give false
    then the “unload” thread is executed before System
    thread can call return and thus driver is unloaded by
    giving error as
    “DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS”.

Creating and destroying system threads is discussed at length, with code
samples, on pp. 682-85 on my WDM book. The Win98/Me compatibility issues
with system threads are discussed at p. 695. The POLLING sample driver
on the CD for the book contains the fully worked-out code, including
code that will deal with the platform dependencies and the problem Max
alludes to with respect to using an “I’m dead” event in 98/Me.


Walter Oney, Consulting and Training
Basic and Advanced Driver Programming Seminars
Check out our schedule at http://www.oneysoft.com