Hi there ,
I am unable to unload my filter driver after i added the user space communication code in my driver.
I have read the forum, before posting this silly question. I know that i have to deref all objects allocated, but still, i am not able to understand why i cannot unload the driver.
To isolate the problem, i took the passthrough sample and then added some simple filter communication port code.
And i was unable to unoad the passthrough sample too. Here’s the code i added to passthrough sample:
//
// Name of port used to communicate
//
const PWSTR GuiPortName = L"\GuiPort";
//
// Gui process/port
//
PEPROCESS GuiProcess = NULL;
PFLT_PORT GuiPort = NULL;
NTSTATUS OnGuiPortConnect (
PFLT_PORT ClientPort,
__in_opt PVOID ServerPortCookie,
__in_bcount_opt(SizeOfContext) PVOID ConnectionContext,
__in ULONG SizeOfContext,
__deref_out_opt PVOID *ConnectionCookie
)
{
PAGED_CODE();
//
// Set the GUI process and port.
//
GuiProcess = PsGetCurrentProcess();
GuiPort = ClientPort;
DbgPrint(“OnGuiPortConnect: port=0x%X \n”, ClientPort);
return STATUS_SUCCESS;
}
VOID OnGuiPortDisconnect( PVOID ConnectionCookie )
{
UNREFERENCED_PARAMETER( ConnectionCookie );
PAGED_CODE();
DbgPrint( “OnGuiPortDisconnect: disconnecting port=0x%X\n”, GuiPort );
//
// Close our handle to the connection: note, since we limited max connections to 1,
// another connect will not be allowed until we return from the disconnect routine.
//
FltCloseClientPort( gFilterHandle, &GuiPort );
//
// Reset the user-process field.
//
GuiPort = NULL;
GuiProcess = NULL;
DbgPrint( “OnGuiPortDisconnect: disconnected\n” );
}
// simple func to create the comm port in driver entry
NTSTATUS CreateGuiPort()
{
OBJECT_ATTRIBUTES oa;
UNICODE_STRING uniString;
PSECURITY_DESCRIPTOR sd;
NTSTATUS status;
//
// Create a communication port.
//
RtlInitUnicodeString( &uniString, GuiPortName );
//
// We secure the port so only ADMINs & SYSTEM can access it.
//
status = FltBuildDefaultSecurityDescriptor( &sd, FLT_PORT_ALL_ACCESS );
if ( !NT_SUCCESS( status ) )
{
return status;
}
InitializeObjectAttributes( &oa,
&uniString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
sd );
status = FltCreateCommunicationPort( gFilterHandle,
&GuiPort,
&oa,
NULL,
OnGuiPortConnect,
OnGuiPortDisconnect,
NULL,
1 );
//
// Free the security descriptor in all cases. It is not needed once
// the call to FltCreateCommunicationPort() is made.
//
FltFreeSecurityDescriptor( sd );
return status;
}
NTSTATUS
DriverEntry (
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
UNREFERENCED_PARAMETER( RegistryPath );
dprint((“DriverEntry.\n”));
//
// Register with FltMgr to tell it our callback routines
//
status = FltRegisterFilter( DriverObject,
&FilterRegistration,
&gFilterHandle );
if(!NT_SUCCESS( status ))
{
dprint((“DriverEntry: FltRegisterFilter failed\n”));
return status;
}
//
// create communication port
//
status = CreateGuiPort();
if(!NT_SUCCESS( status ))
{
dprint((“DriverEntry: failed to create gui port\n”));
FltUnregisterFilter( gFilterHandle );
return status;
}
//
// Start filtering i/o
//
status = FltStartFiltering( gFilterHandle );
if (!NT_SUCCESS( status ))
{
dprint((“DriverEntry: failedm to start filtering.\n”));
//
// close port
//
FltCloseCommunicationPort( GuiPort );
//
// unregister filter
//
FltUnregisterFilter( gFilterHandle );
}
return status;
}
NTSTATUS
PtUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
(“PassThrough!PtUnload: Entered\n”) );
dprint((“Unload: closing communication port.\n”));
FltCloseCommunicationPort( GuiPort );
dprint((“Unload: unregistering filter.\n”));
FltUnregisterFilter( gFilterHandle );
return STATUS_SUCCESS;
}
That’s all i added to the passthrough sample. Now, whenever i open the communication port using FilterConnectCommunicationPort, i am unable to unload the driver.
Can someone help me out with this ?
