Hi all,
I have a strange scenario involving several minifilters and a virtual
disk driver. At some point, I create a new virtual disk (based on a
file) and mount it. After mounting (so we do have a drive letter) I try
to format the disk (with the standard Microsoft format window from
Explorer). After the format successfully completes, one of our
minifilter is notified on InstanceSetup that a new volume is ready to be
filtered. From the InstanceSetup I issue a FltCreateFile() directly to
the volume device, then a FltDeviceIoControlFile() to get disk extents
information about the underlying disk. For normal physical HDD / CD-ROM
/ USB flash etc this works very well, both on NTFS and FAT32. On the
virtual disk driver the effect is, that when I try to open the volume
with FltCreateFile() the Filter Manager tries to notify again (without
completing the previous new volume notification we are in!) the
minifilters about the new volumes, and, after that the minifilters
bugcheck in various ways (usually access violation). The strange thing
is, that this doesn’t happen always, it seems to be Home Server specific
and the minifilters involved seems to be various (we have two
minifilters, both with same logic, plus other, 3rd party minifilters as
the second minifilter - which bugcheck).
Any idea? Any clue about why and under which conditions does a
FltCreateFile() trigger a FltpDoFilterNotificationForNewVolume() ?
f82e572d 0000004a 00000005 818cf3c0 DEfilter+0x836a
f6b62168 f82e5cb4 81860cc0 00000005 8089b93f
fltMgr!FltpDoInstanceSetupNotification+0x4b
f6b621c8 f82e603f 81f40718 81de5450 00000005 fltMgr!FltpInitInstance+0x272
f6b62238 f82e614a 81f40718 81de5450 00000005
fltMgr!FltpCreateInstanceFromName+0x295
f6b622a0 f82ed564 81f40718 81de5450 00000005
fltMgr!FltpEnumerateRegistryInstances+0xf4
==> second notification
f6b622f0 f82e4564 81de5450 81886534 81c68a48
fltMgr!FltpDoFilterNotificationForNewVolume+0xe4
f6b62324 80840153 81758860 81886458 81886458 fltMgr!FltpCreate+0x1f0
f6b62338 f82e454d 813b9648 81c68a48 81f6b848 nt!IofCallDriver+0x45
f6b62368 80840153 818a7020 81886458 81886458 fltMgr!FltpCreate+0x1d9
f6b6237c 8092e806 f6b62524 81331018 00000000 nt!IofCallDriver+0x45
f6b62464 8092c37a 81331030 00000000 8141dd68 nt!IopParseDevice+0xa35
f6b624e4 8092d79b 00000000 f6b62524 00000240 nt!ObpLookupObjectName+0x5b0
f6b62538 8092c65d 00000000 00000000 34003200 nt!ObOpenObjectByName+0xea
f6b625b4 808c1020 f6b62790 80000000 f6b62754 nt!IopCreateFile+0x447
f6b625fc f82e66ca f6b62790 80000000 f6b62754
nt!IoCreateFileSpecifyDeviceObjectHint+0x52
f6b626a8 f82e6844 813a8990 817dd458 f6b62790 fltMgr!FltCreateFileEx+0x114
f6b626ec f68a2b9f 813a8990 817dd458 f6b62790 fltMgr!FltCreateFile+0x36
f6b627c0 f68a3dee 817dd458 81de5838 817198c4
OUR_FILTER!DrvAddVolumeToVolumeList+0x21f
f6b62830 f82e572d 81393870 00000005 00000008
OUR_FILTER!DrvInstanceSetup+0x24e
f6b62864 f82e5cb4 817dd458 00000005 8089b93f
fltMgr!FltpDoInstanceSetupNotification+0x4b
f6b628c4 f82e603f 813a8990 81de5838 00000005 fltMgr!FltpInitInstance+0x272
f6b62934 f82e614a 813a8990 81de5838 00000005
fltMgr!FltpCreateInstanceFromName+0x295
f6b6299c f82ed564 813a8990 81de5838 00000005
fltMgr!FltpEnumerateRegistryInstances+0xf4
==> first notification
f6b629ec f82e4564 81de5838 81c5fcd0 81700a88
fltMgr!FltpDoFilterNotificationForNewVolume+0xe4
f6b62a20 80840153 818a7020 817f8748 8135a3b0 fltMgr!FltpCreate+0x1f0
f6b62a34 f6c4c330 817f8748 817f8848 816ef7e0 nt!IofCallDriver+0x45
f6b62a48 f6c4bbce 816ef728 817f8748 816ef7e0 trufos+0x1330
f6b62a5c 80840153 816ef728 817f8748 817f8748 trufos+0xbce
f6b62a70 8092e806 f6b62c18 81331018 00000000 nt!IofCallDriver+0x45
f6b62b58 8092c37a 81331030 00000000 813b7bc8 nt!IopParseDevice+0xa35
f6b62bd8 8092d79b 00000000 f6b62c18 00000040 nt!ObpLookupObjectName+0x5b0
f6b62c2c 8092c65d 00000000 00000000 00000001 nt!ObOpenObjectByName+0xea
f6b62ca8 80931d22 0281f0e0 00100003 0281f0e8 nt!IopCreateFile+0x447
f6b62d04 8093271b 0281f0e0 00100003 0281f0e8 nt!IoCreateFile+0xa3
f6b62d44 80833bdf 0281f0e0 00100003 0281f0e8 nt!NtOpenFile+0x27
f6b62d44 7c8285ec 0281f0e0 00100003 0281f0e8 nt!KiFastCallEntry+0xfc
0281f0b0 7c82731b 64aed8b8 0281f0e0 00100003 ntdll!KiFastSystemCallRet
0281f0b4 64aed8b8 0281f0e0 00100003 0281f0e8 ntdll!NtOpenFile+0xc
0281f950 64aedb59 0281fa0c 00000000 00000000
ifsutil!SUPERAREA::GenerateLabelNotification+0xc4
0281f96c 64aee6b7 00000000 00000000 00000000
ifsutil!SUPERAREA::FormatNotification+0x2e
0281f9dc 5f034f1c 0281fe7c 0281fde4 00000000
ifsutil!VOL_LIODPDRV::Format+0xcc
0281fdb4 6947227d 0281ff3c 0281fde4 00000000 UNTFS!Format+0xfa
0281ff78 7c9c6afa 0019cb00 0000000c 7c8e2100 FMIFS!FormatEx+0x38a
thank you very much,
–
Sandor LUKACS
Analyst Programmer
BitDefender