Problem accessing removable media and network drives from a system thread

NTFSD
1

Hello,

I have written a Win2000/XP filter driver based on DDK filespy sample, that
intercepts write attempts to removable media by reparsing IRP_MJ_CREATE.
When redirected file is copied to a quarantine location, my program inspects
it after IRP_MJ_CLEANUP passed through my completion routine. After
inspection, I am impersonating an original thread and copy file using filter’s
system thread to avoid reentrancy.

My quarantine directory is located on a fixed hard drive; removable media is
a USB token.

When my filter creates a file on USB token with ZwCreateFile to perform a
copy, the call never returns. This doesn’t happen during every time but
very often. There is no blue screen, but ZwCreateFile is stuck.

My dispatch routing is receiving a corresponding IRP_MJ_CREATE, created from
that call, ignoring it, and passing down using IoCallDriver(), but control
is never returned to ZwCreateFile() that sits in a system thread.

This problem is reproducible if I copy files to a remote system as well.

I’ve also tried not to use impersonation, but rather, create system thread
using a process that has network access, but problem is still there.

What could be the causing this?

Thank you,

Yury

2

This is a deadlock and you will need to debug it. Start with the tools
available for deadlock debugging:

“!locks”
“!stacks” (good in XP and W2K3)
“!process 0 7” (dumps all threads and processes)

The question to ask when using the debugger is “for what
event/operation/resource/lock is this thread waiting?”

If you can’t figure it out I’ll debug it for you - but in exchange I get
to use the dump in teaching debug class. :wink:

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in Los
Angeles, CA October 24-27, 2005.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yury Mazin
Sent: Friday, September 09, 2005 4:46 PM
To: ntfsd redirect
Subject: [ntfsd] Problem accessing removable media and network drives
from a system thread

Hello,

I have written a Win2000/XP filter driver based on DDK filespy sample,
that
intercepts write attempts to removable media by reparsing IRP_MJ_CREATE.

When redirected file is copied to a quarantine location, my program
inspects
it after IRP_MJ_CLEANUP passed through my completion routine. After
inspection, I am impersonating an original thread and copy file using
filter’s
system thread to avoid reentrancy.

My quarantine directory is located on a fixed hard drive; removable
media is
a USB token.

When my filter creates a file on USB token with ZwCreateFile to perform
a
copy, the call never returns. This doesn’t happen during every time but

very often. There is no blue screen, but ZwCreateFile is stuck.

My dispatch routing is receiving a corresponding IRP_MJ_CREATE, created
from
that call, ignoring it, and passing down using IoCallDriver(), but
control
is never returned to ZwCreateFile() that sits in a system thread.

This problem is reproducible if I copy files to a remote system as well.

I’ve also tried not to use impersonation, but rather, create system
thread
using a process that has network access, but problem is still there.

What could be the causing this?

Thank you,

Yury

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com