ObQueryNameString doesn't return

OSR_Community_User · January 7, 2003, 7:57pm

Anyone seen a situation where ObQueryNameString
doesn't return?

I am enumerating all open handles on the system and
calling ObQueryNameString for each one of type file
(0x1C). Then I am KdPrint'ing out the returned object
name.

It appears as though I reach a particular handle and
the function call never returns.

Thanks,
Randy Cook
Lucid Systems Inc.

Here is some code:

NTSTATUS DumpOpenFiles(VOID)
{
PVOID handleBuffer;
ULONG size, reqSize;
NTSTATUS status;
ULONG numEntries, i;
PSYSTEM_HANDLE_INFORMATION pHandleInfo;
PUNICODE_STRING uniStrBuff;

size = 1;

//
// Get an snapshot of all open handles on the system
//
handleBuffer = myMalloc(size, FALSE, 0, FALSE);
if (handleBuffer == NULL)
{
return STATUS_NO_MEMORY;
}

status =
ZwQuerySystemInformation(SystemHandleInformation,
handleBuffer, size, &reqSize);
if (status == STATUS_INFO_LENGTH_MISMATCH)
{
KdPrint(("Buffer is not the right size\n"));

myFree(handleBuffer);

size = reqSize;

handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
FALSE);
if (handleBuffer == NULL)
{
return STATUS_NO_MEMORY;
}
status =
ZwQuerySystemInformation(SystemHandleInformation,
handleBuffer, size, &reqSize);
if (!NT_SUCCESS(status))
{
KdPrint(("ZwQuerySystemInformation error again:
%X\n", status));
//
// Clean up
//
myFree(handleBuffer);

return status;
}
}
else if (!NT_SUCCESS(status))
{
KdPrint(("ZwQuerySystemInformation error: %X\n",
status));
//
// Clean up
//
myFree(handleBuffer);

return status;
}

numEntries = ((PULONG)handleBuffer)[0];
KdPrint(("Number of entries: %X\n", numEntries));

(PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;

//
// Get some space for the name
//
uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
if (uniStrBuff == NULL)
{
//
// Clean up
//
myFree(handleBuffer);

return STATUS_NO_MEMORY;
}

//
// For each handle, get the name
//
for (i = 0; i < numEntries; i++)
{
if (pHandleInfo->ObjectTypeNumber ==
MY_NT_HANDLE_TYPE_FILE)
{
KdPrint(("Total: %X Current: %X PID: %X TYPE: %X
FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n",
numEntries,
i,
pHandleInfo->ProcessId,
pHandleInfo->ObjectTypeNumber,
pHandleInfo->Flags,
pHandleInfo->Handle,
pHandleInfo->Object,
pHandleInfo->GrantedAccess));

status = ObQueryNameString(pHandleInfo->Object,
uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
if (NT_SUCCESS(status))
{
KdPrint(("%X Pid: %X Type: %X File: %ws\n",
i,
pHandleInfo->ProcessId,
pHandleInfo->ObjectTypeNumber,
uniStrBuff->Buffer));
}
else
{
KdPrint(("Error: %X\n", status));
}
}

pHandleInfo++;
}

//
// Clean up
//
myFree(uniStrBuff);
myFree(handleBuffer);

return STATUS_SUCCESS;
}

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

OSR_Community_User · January 8, 2003, 5:22pm

Randy,

Yes, there are situations where making this call will not return because
you are deadlocking with yourself.

You didn't explicitly state this but I am guessing that you are calling
this while processing arbitrary operations. There are certain
situations where the file system is already holding a lock when an
operation is entered. Querying for a name also acquires locks. In
these situations it is not safe to do a name query because you may
deadlock with the lock that is already held by the file system.

The 2 most common scenarios where it is NOT safe to query for names are:

When TopLevelIrp is non-zero
When the IRP_PAGING_IO flag is set

Neal Christiansen
Microsoft File System Filter Group

This posting is provided "AS IS" with no warranties, and confers no
rights.

-----Original Message-----
From: Randy Cook [mailto:xxxxx@yahoo.com]
Sent: Tuesday, January 07, 2003 4:57 PM
To: File Systems Developers

Anyone seen a situation where ObQueryNameString
doesn't return?

I am enumerating all open handles on the system and
calling ObQueryNameString for each one of type file
(0x1C). Then I am KdPrint'ing out the returned object
name.

It appears as though I reach a particular handle and
the function call never returns.

Thanks,
Randy Cook
Lucid Systems Inc.

Here is some code:

NTSTATUS DumpOpenFiles(VOID)
{
PVOID handleBuffer;
ULONG size, reqSize;
NTSTATUS status;
ULONG numEntries, i;
PSYSTEM_HANDLE_INFORMATION pHandleInfo;
PUNICODE_STRING uniStrBuff;

size = 1;

//
// Get an snapshot of all open handles on the system
//
handleBuffer = myMalloc(size, FALSE, 0, FALSE);
if (handleBuffer == NULL)
{
return STATUS_NO_MEMORY;
}

status =
ZwQuerySystemInformation(SystemHandleInformation,
handleBuffer, size, &reqSize);
if (status == STATUS_INFO_LENGTH_MISMATCH)
{
KdPrint(("Buffer is not the right size\n"));

myFree(handleBuffer);

size = reqSize;

handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
FALSE);
if (handleBuffer == NULL)
{
return STATUS_NO_MEMORY;
}
status =
ZwQuerySystemInformation(SystemHandleInformation,
handleBuffer, size, &reqSize);
if (!NT_SUCCESS(status))
{
KdPrint(("ZwQuerySystemInformation error again:
%X\n", status));
//
// Clean up
//
myFree(handleBuffer);

return status;
}
}
else if (!NT_SUCCESS(status))
{
KdPrint(("ZwQuerySystemInformation error: %X\n",
status));
//
// Clean up
//
myFree(handleBuffer);

return status;
}

numEntries = ((PULONG)handleBuffer)[0];
KdPrint(("Number of entries: %X\n", numEntries));

(PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;

//
// Get some space for the name
//
uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
if (uniStrBuff == NULL)
{
//
// Clean up
//
myFree(handleBuffer);

return STATUS_NO_MEMORY;
}

//
// For each handle, get the name
//
for (i = 0; i < numEntries; i++)
{
if (pHandleInfo->ObjectTypeNumber ==
MY_NT_HANDLE_TYPE_FILE)
{
KdPrint(("Total: %X Current: %X PID: %X TYPE:
%X
FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n",
numEntries,
i,
pHandleInfo->ProcessId,
pHandleInfo->ObjectTypeNumber,
pHandleInfo->Flags,
pHandleInfo->Handle,
pHandleInfo->Object,
pHandleInfo->GrantedAccess));

status = ObQueryNameString(pHandleInfo->Object,
uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
if (NT_SUCCESS(status))
{
KdPrint(("%X Pid: %X Type: %X File:
%ws\n",
i,
pHandleInfo->ProcessId,
pHandleInfo->ObjectTypeNumber,
uniStrBuff->Buffer));
}
else
{
KdPrint(("Error: %X\n", status));
}
}

pHandleInfo++;
}

//
// Clean up
//
myFree(uniStrBuff);
myFree(handleBuffer);

return STATUS_SUCCESS;
}

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 9, 2003, 1:08pm

Neal,

Thanks for the reply.

In my driver, I disabled the FS Hook. So its
basically doing nothing. I then call the routine via
a IOCTL from my user-land app. It still hangs.

The last handle that works is always:
\Device\NamedPipe\net\NtControlPipe1

— Neal Christiansen
wrote:
> Randy,
>
> Yes, there are situations where making this call
> will not return because
> you are deadlocking with yourself.
>
> You didn’t explicitly state this but I am guessing
> that you are calling
> this while processing arbitrary operations. There
> are certain
> situations where the file system is already holding
> a lock when an
> operation is entered. Querying for a name also
> acquires locks. In
> these situations it is not safe to do a name query
> because you may
> deadlock with the lock that is already held by the
> file system.
>
> The 2 most common scenarios where it is NOT safe to
> query for names are:
> - When TopLevelIrp is non-zero
> - When the IRP_PAGING_IO flag is set
>
>
> Neal Christiansen
> Microsoft File System Filter Group
>
> This posting is provided “AS IS” with no warranties,
> and confers no
> rights.
>
> -----Original Message-----
> From: Randy Cook [mailto:xxxxx@yahoo.com]
> Sent: Tuesday, January 07, 2003 4:57 PM
> To: File Systems Developers
>
> Anyone seen a situation where ObQueryNameString
> doesn’t return?
>
> I am enumerating all open handles on the system and
> calling ObQueryNameString for each one of type file
> (0x1C). Then I am KdPrint’ing out the returned
> object
> name.
>
> It appears as though I reach a particular handle and
> the function call never returns.
>
> Thanks,
> Randy Cook
> Lucid Systems Inc.
>
> Here is some code:
> ----------------------------------------------
> NTSTATUS DumpOpenFiles(VOID)
> {
> PVOID handleBuffer;
> ULONG size, reqSize;
> NTSTATUS status;
> ULONG numEntries, i;
> PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> PUNICODE_STRING uniStrBuff;
>
> size = 1;
>
> //
> // Get an snapshot of all open handles on the
> system
> //
> handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
>
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (status == STATUS_INFO_LENGTH_MISMATCH)
> {
> KdPrint((“Buffer is not the right size\n”));
>
> myFree(handleBuffer);
>
> size = reqSize;
>
> handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
> FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error again:
> %X\n”, status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
> }
> else if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error: %X\n”,
> status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
>
> numEntries = ((PULONG)handleBuffer)[0];
> KdPrint((“Number of entries: %X\n”, numEntries));
>
> (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
>
> //
> // Get some space for the name
> //
> uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> if (uniStrBuff == NULL)
> {
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return STATUS_NO_MEMORY;
> }
>
> //
> // For each handle, get the name
> //
> for (i = 0; i < numEntries; i++)
> {
> if (pHandleInfo->ObjectTypeNumber ==
> MY_NT_HANDLE_TYPE_FILE)
> {
> KdPrint((“Total: %X Current: %X PID: %X TYPE:
> %X
> FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n”,
> numEntries,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> pHandleInfo->Flags,
> pHandleInfo->Handle,
> pHandleInfo->Object,
> pHandleInfo->GrantedAccess));
>
> status = ObQueryNameString(pHandleInfo->Object,
> uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
> if (NT_SUCCESS(status))
> {
> KdPrint((“%X Pid: %X Type: %X File:
> %ws\n”,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> uniStrBuff->Buffer));
> }
> else
> {
> KdPrint((“Error: %X\n”, status));
> }
> }
>
> pHandleInfo++;
> }
>
> //
> // Clean up
> //
> myFree(uniStrBuff);
> myFree(handleBuffer);
>
> return STATUS_SUCCESS;
> }
>
>
>
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
=== message truncated ===

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

OSR_Community_User · January 9, 2003, 1:54pm

Randy,

You are going to need to track this down with the debugger - if the thread
is blocked, you’ll be able to see in the debugger what it is waiting for and
hopefully from that you can work backwards to figure out why it isn’t
completing.

I will note that filtering named pipes can be a bit tricky as well and
there’s considerably less experience on the list with doing it, than with
the “normal” file systems.

Can you at least provide a stack trace for the hung thread - that might
allow us to suggest some additional places to look.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Randy Cook [mailto:xxxxx@yahoo.com]
Sent: Thursday, January 09, 2003 1:09 PM
To: File Systems Developers
Subject: [ntfsd] Re: ObQueryNameString doesn’t return

Neal,

Thanks for the reply.

In my driver, I disabled the FS Hook. So its
basically doing nothing. I then call the routine via
a IOCTL from my user-land app. It still hangs.

The last handle that works is always:
\Device\NamedPipe\net\NtControlPipe1

— Neal Christiansen
wrote:
> Randy,
>
> Yes, there are situations where making this call
> will not return because
> you are deadlocking with yourself.
>
> You didn’t explicitly state this but I am guessing
> that you are calling
> this while processing arbitrary operations. There
> are certain
> situations where the file system is already holding
> a lock when an
> operation is entered. Querying for a name also
> acquires locks. In
> these situations it is not safe to do a name query
> because you may
> deadlock with the lock that is already held by the
> file system.
>
> The 2 most common scenarios where it is NOT safe to
> query for names are:
> - When TopLevelIrp is non-zero
> - When the IRP_PAGING_IO flag is set
>
>
> Neal Christiansen
> Microsoft File System Filter Group
>
> This posting is provided “AS IS” with no warranties,
> and confers no
> rights.
>
> -----Original Message-----
> From: Randy Cook [mailto:xxxxx@yahoo.com]
> Sent: Tuesday, January 07, 2003 4:57 PM
> To: File Systems Developers
>
> Anyone seen a situation where ObQueryNameString
> doesn’t return?
>
> I am enumerating all open handles on the system and
> calling ObQueryNameString for each one of type file
> (0x1C). Then I am KdPrint’ing out the returned
> object
> name.
>
> It appears as though I reach a particular handle and
> the function call never returns.
>
> Thanks,
> Randy Cook
> Lucid Systems Inc.
>
> Here is some code:
> ----------------------------------------------
> NTSTATUS DumpOpenFiles(VOID)
> {
> PVOID handleBuffer;
> ULONG size, reqSize;
> NTSTATUS status;
> ULONG numEntries, i;
> PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> PUNICODE_STRING uniStrBuff;
>
> size = 1;
>
> //
> // Get an snapshot of all open handles on the
> system
> //
> handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
>
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (status == STATUS_INFO_LENGTH_MISMATCH)
> {
> KdPrint((“Buffer is not the right size\n”));
>
> myFree(handleBuffer);
>
> size = reqSize;
>
> handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
> FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error again:
> %X\n”, status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
> }
> else if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error: %X\n”,
> status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
>
> numEntries = ((PULONG)handleBuffer)[0];
> KdPrint((“Number of entries: %X\n”, numEntries));
>
> (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
>
> //
> // Get some space for the name
> //
> uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> if (uniStrBuff == NULL)
> {
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return STATUS_NO_MEMORY;
> }
>
> //
> // For each handle, get the name
> //
> for (i = 0; i < numEntries; i++)
> {
> if (pHandleInfo->ObjectTypeNumber ==
> MY_NT_HANDLE_TYPE_FILE)
> {
> KdPrint((“Total: %X Current: %X PID: %X TYPE:
> %X
> FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n”,
> numEntries,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> pHandleInfo->Flags,
> pHandleInfo->Handle,
> pHandleInfo->Object,
> pHandleInfo->GrantedAccess));
>
> status = ObQueryNameString(pHandleInfo->Object,
> uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
> if (NT_SUCCESS(status))
> {
> KdPrint((“%X Pid: %X Type: %X File:
> %ws\n”,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> uniStrBuff->Buffer));
> }
> else
> {
> KdPrint((“Error: %X\n”, status));
> }
> }
>
> pHandleInfo++;
> }
>
> //
> // Clean up
> //
> myFree(uniStrBuff);
> myFree(handleBuffer);
>
> return STATUS_SUCCESS;
> }
>
>
>
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
=== message truncated ===

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

—
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 9, 2003, 7:34pm

Tony,

Here is the thread’s stack:

FAD4F968 8054DAF6 ntoskrnl!KeInitializeTimerEx+0107
FAD4F994 805BCB2A ntoskrnl!CcZeroData+020C
FAD4F9D4 80576DE7
ntoskrnl!KeQueryActiveProcessors+003D
FAD4F9F4 805755FD
ntoskrnl!IoQueryFileInformation+0019
FAD4FA68 805756AF ntoskrnl!ObQueryNameString+0625
FAD4FA88 80575154 ntoskrnl!ObQueryNameString+06D7
FAD4FBA0 FC7265BA ntoskrnl!ObQueryNameString+017C
FAD4FBD8 FC725CEA randydriver!EnumHandles+01F5
FAD4FC04 FC7202E4 randydriver!CallEnumHandles+002A
FAD4FC50 80571DCF randydriver!$L13175+0059
FAD4FD00 805863D5 ntoskrnl!NtWaitForSingleObject+04D4
FAD4FD34 804D4E91 ntoskrnl!NtDeviceIoControlFile+0028

This is on XP free build. I am using SoftICE. I’ll
be able to try a checked build next week.

I’m trying to determine what PIDs have handles open in
a particular area of the file system.

I’ll probably fall back to tracking the opens and
closes, but I was hoping to avoid that overhead.

Thanks,

Randy

— Tony Mason wrote:
> Randy,
>
> You are going to need to track this down with the
> debugger - if the thread
> is blocked, you’ll be able to see in the debugger
> what it is waiting for and
> hopefully from that you can work backwards to figure
> out why it isn’t
> completing.
>
> I will note that filtering named pipes can be a bit
> tricky as well and
> there’s considerably less experience on the list
> with doing it, than with
> the “normal” file systems.
>
> Can you at least provide a stack trace for the hung
> thread - that might
> allow us to suggest some additional places to look.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
>
>
> -----Original Message-----
> From: Randy Cook [mailto:xxxxx@yahoo.com]
> Sent: Thursday, January 09, 2003 1:09 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: ObQueryNameString doesn’t
> return
>
> Neal,
>
> Thanks for the reply.
>
> In my driver, I disabled the FS Hook. So its
> basically doing nothing. I then call the routine
> via
> a IOCTL from my user-land app. It still hangs.
>
> The last handle that works is always:
> \Device\NamedPipe\net\NtControlPipe1
>
> — Neal Christiansen
> wrote:
> > Randy,
> >
> > Yes, there are situations where making this call
> > will not return because
> > you are deadlocking with yourself.
> >
> > You didn’t explicitly state this but I am guessing
> > that you are calling
> > this while processing arbitrary operations. There
> > are certain
> > situations where the file system is already
> holding
> > a lock when an
> > operation is entered. Querying for a name also
> > acquires locks. In
> > these situations it is not safe to do a name query
> > because you may
> > deadlock with the lock that is already held by the
> > file system.
> >
> > The 2 most common scenarios where it is NOT safe
> to
> > query for names are:
> > - When TopLevelIrp is non-zero
> > - When the IRP_PAGING_IO flag is set
> >
> >
> > Neal Christiansen
> > Microsoft File System Filter Group
> >
> > This posting is provided “AS IS” with no
> warranties,
> > and confers no
> > rights.
> >
> > -----Original Message-----
> > From: Randy Cook [mailto:xxxxx@yahoo.com]
> > Sent: Tuesday, January 07, 2003 4:57 PM
> > To: File Systems Developers
> >
> > Anyone seen a situation where ObQueryNameString
> > doesn’t return?
> >
> > I am enumerating all open handles on the system
> and
> > calling ObQueryNameString for each one of type
> file
> > (0x1C). Then I am KdPrint’ing out the returned
> > object
> > name.
> >
> > It appears as though I reach a particular handle
> and
> > the function call never returns.
> >
> > Thanks,
> > Randy Cook
> > Lucid Systems Inc.
> >
> > Here is some code:
> > ----------------------------------------------
> > NTSTATUS DumpOpenFiles(VOID)
> > {
> > PVOID handleBuffer;
> > ULONG size, reqSize;
> > NTSTATUS status;
> > ULONG numEntries, i;
> > PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> > PUNICODE_STRING uniStrBuff;
> >
> > size = 1;
> >
> > //
> > // Get an snapshot of all open handles on the
> > system
> > //
> > handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> > if (handleBuffer == NULL)
> > {
> > return STATUS_NO_MEMORY;
> > }
> >
> > status =
> > ZwQuerySystemInformation(SystemHandleInformation,
> > handleBuffer, size, &reqSize);
> > if (status == STATUS_INFO_LENGTH_MISMATCH)
> > {
> > KdPrint((“Buffer is not the right size\n”));
> >
> > myFree(handleBuffer);
> >
> > size = reqSize;
> >
> > handleBuffer = myMalloc(size, FALSE,
> HBUFFER_TAG,
> > FALSE);
> > if (handleBuffer == NULL)
> > {
> > return STATUS_NO_MEMORY;
> > }
> > status =
> > ZwQuerySystemInformation(SystemHandleInformation,
> > handleBuffer, size, &reqSize);
> > if (!NT_SUCCESS(status))
> > {
> > KdPrint((“ZwQuerySystemInformation error again:
> > %X\n”, status));
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return status;
> > }
> > }
> > else if (!NT_SUCCESS(status))
> > {
> > KdPrint((“ZwQuerySystemInformation error: %X\n”,
> > status));
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return status;
> > }
> >
> > numEntries = ((PULONG)handleBuffer)[0];
> > KdPrint((“Number of entries: %X\n”, numEntries));
> >
> > (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
> >
> > //
> > // Get some space for the name
> > //
> > uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> > MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> > if (uniStrBuff == NULL)
> > {
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return STATUS_NO_MEMORY;
> > }
> >
> > //
> > // For each handle, get the name
> > //
>
=== message truncated ===

=====
Randy Cook

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

OSR_Community_User · January 9, 2003, 10:32pm

This stack trace looks like total junk - I suspect that the symbols are
incorrect for the system you are debugging, but I don’t use SoftICE, so I
don’t know how to ascertain if that is the case or not.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Randy Cook [mailto:xxxxx@yahoo.com]
Sent: Thursday, January 09, 2003 7:34 PM
To: File Systems Developers
Subject: [ntfsd] Re: ObQueryNameString doesn’t return

Tony,

Here is the thread’s stack:

FAD4F968 8054DAF6 ntoskrnl!KeInitializeTimerEx+0107
FAD4F994 805BCB2A ntoskrnl!CcZeroData+020C
FAD4F9D4 80576DE7
ntoskrnl!KeQueryActiveProcessors+003D
FAD4F9F4 805755FD
ntoskrnl!IoQueryFileInformation+0019
FAD4FA68 805756AF ntoskrnl!ObQueryNameString+0625
FAD4FA88 80575154 ntoskrnl!ObQueryNameString+06D7
FAD4FBA0 FC7265BA ntoskrnl!ObQueryNameString+017C
FAD4FBD8 FC725CEA randydriver!EnumHandles+01F5
FAD4FC04 FC7202E4 randydriver!CallEnumHandles+002A
FAD4FC50 80571DCF randydriver!$L13175+0059
FAD4FD00 805863D5 ntoskrnl!NtWaitForSingleObject+04D4
FAD4FD34 804D4E91 ntoskrnl!NtDeviceIoControlFile+0028

This is on XP free build. I am using SoftICE. I’ll
be able to try a checked build next week.

I’m trying to determine what PIDs have handles open in
a particular area of the file system.

I’ll probably fall back to tracking the opens and
closes, but I was hoping to avoid that overhead.

Thanks,

Randy

— Tony Mason wrote:
> Randy,
>
> You are going to need to track this down with the
> debugger - if the thread
> is blocked, you’ll be able to see in the debugger
> what it is waiting for and
> hopefully from that you can work backwards to figure
> out why it isn’t
> completing.
>
> I will note that filtering named pipes can be a bit
> tricky as well and
> there’s considerably less experience on the list
> with doing it, than with
> the “normal” file systems.
>
> Can you at least provide a stack trace for the hung
> thread - that might
> allow us to suggest some additional places to look.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
>
>
> -----Original Message-----
> From: Randy Cook [mailto:xxxxx@yahoo.com]
> Sent: Thursday, January 09, 2003 1:09 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: ObQueryNameString doesn’t
> return
>
> Neal,
>
> Thanks for the reply.
>
> In my driver, I disabled the FS Hook. So its
> basically doing nothing. I then call the routine
> via
> a IOCTL from my user-land app. It still hangs.
>
> The last handle that works is always:
> \Device\NamedPipe\net\NtControlPipe1
>
> — Neal Christiansen
> wrote:
> > Randy,
> >
> > Yes, there are situations where making this call
> > will not return because
> > you are deadlocking with yourself.
> >
> > You didn’t explicitly state this but I am guessing
> > that you are calling
> > this while processing arbitrary operations. There
> > are certain
> > situations where the file system is already
> holding
> > a lock when an
> > operation is entered. Querying for a name also
> > acquires locks. In
> > these situations it is not safe to do a name query
> > because you may
> > deadlock with the lock that is already held by the
> > file system.
> >
> > The 2 most common scenarios where it is NOT safe
> to
> > query for names are:
> > - When TopLevelIrp is non-zero
> > - When the IRP_PAGING_IO flag is set
> >
> >
> > Neal Christiansen
> > Microsoft File System Filter Group
> >
> > This posting is provided “AS IS” with no
> warranties,
> > and confers no
> > rights.
> >
> > -----Original Message-----
> > From: Randy Cook [mailto:xxxxx@yahoo.com]
> > Sent: Tuesday, January 07, 2003 4:57 PM
> > To: File Systems Developers
> >
> > Anyone seen a situation where ObQueryNameString
> > doesn’t return?
> >
> > I am enumerating all open handles on the system
> and
> > calling ObQueryNameString for each one of type
> file
> > (0x1C). Then I am KdPrint’ing out the returned
> > object
> > name.
> >
> > It appears as though I reach a particular handle
> and
> > the function call never returns.
> >
> > Thanks,
> > Randy Cook
> > Lucid Systems Inc.
> >
> > Here is some code:
> > ----------------------------------------------
> > NTSTATUS DumpOpenFiles(VOID)
> > {
> > PVOID handleBuffer;
> > ULONG size, reqSize;
> > NTSTATUS status;
> > ULONG numEntries, i;
> > PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> > PUNICODE_STRING uniStrBuff;
> >
> > size = 1;
> >
> > //
> > // Get an snapshot of all open handles on the
> > system
> > //
> > handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> > if (handleBuffer == NULL)
> > {
> > return STATUS_NO_MEMORY;
> > }
> >
> > status =
> > ZwQuerySystemInformation(SystemHandleInformation,
> > handleBuffer, size, &reqSize);
> > if (status == STATUS_INFO_LENGTH_MISMATCH)
> > {
> > KdPrint((“Buffer is not the right size\n”));
> >
> > myFree(handleBuffer);
> >
> > size = reqSize;
> >
> > handleBuffer = myMalloc(size, FALSE,
> HBUFFER_TAG,
> > FALSE);
> > if (handleBuffer == NULL)
> > {
> > return STATUS_NO_MEMORY;
> > }
> > status =
> > ZwQuerySystemInformation(SystemHandleInformation,
> > handleBuffer, size, &reqSize);
> > if (!NT_SUCCESS(status))
> > {
> > KdPrint((“ZwQuerySystemInformation error again:
> > %X\n”, status));
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return status;
> > }
> > }
> > else if (!NT_SUCCESS(status))
> > {
> > KdPrint((“ZwQuerySystemInformation error: %X\n”,
> > status));
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return status;
> > }
> >
> > numEntries = ((PULONG)handleBuffer)[0];
> > KdPrint((“Number of entries: %X\n”, numEntries));
> >
> > (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
> >
> > //
> > // Get some space for the name
> > //
> > uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> > MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> > if (uniStrBuff == NULL)
> > {
> > //
> > // Clean up
> > //
> > myFree(handleBuffer);
> >
> > return STATUS_NO_MEMORY;
> > }
> >
> > //
> > // For each handle, get the name
> > //
>
=== message truncated ===

=====
Randy Cook

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

—
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 12, 2003, 6:43pm

For a file object, it sends a query information IRP which can easily
hang in buggy filter.

Max

----- Original Message -----
From: “Randy Cook”
To: “File Systems Developers”
Sent: Wednesday, January 08, 2003 3:57 AM
Subject: [ntfsd] ObQueryNameString doesn’t return

> Anyone seen a situation where ObQueryNameString
> doesn’t return?
>
> I am enumerating all open handles on the system and
> calling ObQueryNameString for each one of type file
> (0x1C). Then I am KdPrint’ing out the returned object
> name.
>
> It appears as though I reach a particular handle and
> the function call never returns.
>
> Thanks,
> Randy Cook
> Lucid Systems Inc.
>
> Here is some code:
> ----------------------------------------------
> NTSTATUS DumpOpenFiles(VOID)
> {
> PVOID handleBuffer;
> ULONG size, reqSize;
> NTSTATUS status;
> ULONG numEntries, i;
> PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> PUNICODE_STRING uniStrBuff;
>
> size = 1;
>
> //
> // Get an snapshot of all open handles on the system
> //
> handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
>
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (status == STATUS_INFO_LENGTH_MISMATCH)
> {
> KdPrint((“Buffer is not the right size\n”));
>
> myFree(handleBuffer);
>
> size = reqSize;
>
> handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
> FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error again:
> %X\n”, status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
> }
> else if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error: %X\n”,
> status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
>
> numEntries = ((PULONG)handleBuffer)[0];
> KdPrint((“Number of entries: %X\n”, numEntries));
>
> (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
>
> //
> // Get some space for the name
> //
> uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> if (uniStrBuff == NULL)
> {
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return STATUS_NO_MEMORY;
> }
>
> //
> // For each handle, get the name
> //
> for (i = 0; i < numEntries; i++)
> {
> if (pHandleInfo->ObjectTypeNumber ==
> MY_NT_HANDLE_TYPE_FILE)
> {
> KdPrint((“Total: %X Current: %X PID: %X TYPE: %X
> FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n”,
> numEntries,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> pHandleInfo->Flags,
> pHandleInfo->Handle,
> pHandleInfo->Object,
> pHandleInfo->GrantedAccess));
>
> status = ObQueryNameString(pHandleInfo->Object,
> uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
> if (NT_SUCCESS(status))
> {
> KdPrint((“%X Pid: %X Type: %X File: %ws\n”,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> uniStrBuff->Buffer));
> }
> else
> {
> KdPrint((“Error: %X\n”, status));
> }
> }
>
> pHandleInfo++;
> }
>
> //
> // Clean up
> //
> myFree(uniStrBuff);
> myFree(handleBuffer);
>
> return STATUS_SUCCESS;
> }
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

OSR_Community_User · January 13, 2003, 5:04pm

According to Gary Nebbett, in his book Windows NT/2000
Native API Reference, “[ObQueryNameString] … will
hang when querying the names of pipes that have been
opened for synchronous access and that have a pending
read or write operation.”

I was able to skip named pipe entries by looking at
PSYSTEM_HANDLE_INFO -> PFILE_OBJECT -> PDEVICE_OBJECT
-> DeviceType. For named pipes this has a value of
FILE_DEVICE_NAMED_PIPE (0x00000011).

Randy Cook
Lucid Systems Inc.

— Randy Cook wrote:
> Anyone seen a situation where ObQueryNameString
> doesn’t return?
>
> I am enumerating all open handles on the system and
> calling ObQueryNameString for each one of type file
> (0x1C). Then I am KdPrint’ing out the returned
> object
> name.
>
> It appears as though I reach a particular handle and
> the function call never returns.
>
> Thanks,
> Randy Cook
> Lucid Systems Inc.
>
> Here is some code:
> ----------------------------------------------
> NTSTATUS DumpOpenFiles(VOID)
> {
> PVOID handleBuffer;
> ULONG size, reqSize;
> NTSTATUS status;
> ULONG numEntries, i;
> PSYSTEM_HANDLE_INFORMATION pHandleInfo;
> PUNICODE_STRING uniStrBuff;
>
> size = 1;
>
> //
> // Get an snapshot of all open handles on the
> system
> //
> handleBuffer = myMalloc(size, FALSE, 0, FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
>
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (status == STATUS_INFO_LENGTH_MISMATCH)
> {
> KdPrint((“Buffer is not the right size\n”));
>
> myFree(handleBuffer);
>
> size = reqSize;
>
> handleBuffer = myMalloc(size, FALSE, HBUFFER_TAG,
> FALSE);
> if (handleBuffer == NULL)
> {
> return STATUS_NO_MEMORY;
> }
> status =
> ZwQuerySystemInformation(SystemHandleInformation,
> handleBuffer, size, &reqSize);
> if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error again:
> %X\n”, status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
> }
> else if (!NT_SUCCESS(status))
> {
> KdPrint((“ZwQuerySystemInformation error: %X\n”,
> status));
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return status;
> }
>
> numEntries = ((PULONG)handleBuffer)[0];
> KdPrint((“Number of entries: %X\n”, numEntries));
>
> (PULONG)pHandleInfo = ((PULONG)handleBuffer) + 1;
>
> //
> // Get some space for the name
> //
> uniStrBuff = myMalloc(sizeof(UNICODE_STRING) +
> MY_MAX_UNI_STR_SIZE_BYTES, FALSE, 0, FALSE);
> if (uniStrBuff == NULL)
> {
> //
> // Clean up
> //
> myFree(handleBuffer);
>
> return STATUS_NO_MEMORY;
> }
>
> //
> // For each handle, get the name
> //
> for (i = 0; i < numEntries; i++)
> {
> if (pHandleInfo->ObjectTypeNumber ==
> MY_NT_HANDLE_TYPE_FILE)
> {
> KdPrint((“Total: %X Current: %X PID: %X TYPE:
> %X
> FLAGS: %X HANDLE: %X\n OBJECT: %X ACCESS: %X\n”,
> numEntries,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> pHandleInfo->Flags,
> pHandleInfo->Handle,
> pHandleInfo->Object,
> pHandleInfo->GrantedAccess));
>
> status = ObQueryNameString(pHandleInfo->Object,
> uniStrBuff, MY_MAX_UNI_STR_SIZE_BYTES, &size);
> if (NT_SUCCESS(status))
> {
> KdPrint((“%X Pid: %X Type: %X File: %ws\n”,
> i,
> pHandleInfo->ProcessId,
> pHandleInfo->ObjectTypeNumber,
> uniStrBuff->Buffer));
> }
> else
> {
> KdPrint((“Error: %X\n”, status));
> }
> }
>
> pHandleInfo++;
> }
>
> //
> // Clean up
> //
> myFree(uniStrBuff);
> myFree(handleBuffer);
>
> return STATUS_SUCCESS;
> }
>
>
>
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
xxxxx@lists.osr.com

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com