Process terminated before pended operation is completed?

Hey !
I'm tracking running processes (via a notify routine) in a list , where each process has a dedicated structure .
on post close I pend the operation (via returning STATUS_MORE_PROCESSING_REQUIRED) and queuing a deferred work item

the work item needs access to the handle's owner process structure , the issue is I can see the process is being terminated (and thus it's process structure freed and unlinked from the list) before my work routine get's executed...

when I was thinking of this design , I thought that by pending the operation im forcing the termination prcoess to wait as the IrpList of the relevant thread is not empty , but I guess that is not the case? or maybe the callback is invoked prior to the wait ? if so , what can I do about it ?

On process exit the threads terminate first and the I/O Manager waits for any I/Os sent by those threads to complete. The last thread out signals the process exit notify, after which any remaining HANDLEs opened by the process are closed and trigger IRP_MJ_CLEANUPs.

The IRP_MJ_CLOSEs then come in later in the context of the System process. By the time that happens I would expect the process to be off the process list (though the PEPROCESS would still be valid if you referenced it).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.