Chendong,
An access violation would indicate the address of the invalid memory
location. When this happens, can you observe anything interesting on the
stack? For example, are you in a process termination path or something
equally interesting?
I’m assuming you can confirm that TokenHandle is a valid memory location,
right?
And by “access violation” is it reported as a status code of 0xC0000005? Or
is it reported as a bugcheck (KMODE_EXCEPTION_NOT_HANDLED with the exception
being 0xC0000005?)
The last thing I would note is that you may have a fundamental design flaw
here, if you believe that IRP_MJ_CLOSE (and the process token) is going to
have anything to do with the process that opened and/or operated on the
file.
Regards,
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: Chendong Shan [mailto:xxxxx@usa.net]
Sent: Tuesday, April 10, 2001 6:45 PM
To: File Systems Developers
Subject: [ntfsd] Reference current process in the close path
Hi, All,
I send this message to NTDEV list this morning but didn’t see any reply.
I guess maybe it is better to post it here.
I have a FS filter driver in which I need to monitor the IRP_MJ_CLOSE.
When I decide that the file need further process, I have to get the user
SID. In order to do that, in some point I call ZwOpenProcessToken using
the follow code:
if( KeGetCurrentIrql() < DISPATCH_LEVEL)
{
Status=ZwOpenProcessToken(NtCurrentProcess(),TOKEN_READ,&TokenHandle);
…
}
In very rare situation, my driver got Access Violation inside
ZwOpenProcessToken. So my question is: is it safe to reference
the current process in file close path? If not, what’s the reason?
(process terminate before the close?) And how can I get the user
SID in close path?
Thanks a lot.
Chendong
Get free email and a permanent address at http://www.netaddress.com/?N=1
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com