I am not quite sure what you are going to make of this problem, if there are any better ideas or whether or not I am a complete idiot for wondering this.
I have a piece of memory, 1 byte in length and I am waiting for it to change from a 0 to a 1. I can make it 4 bytes if that would help.
In C I would do something like WaitForSingleObject but obviously in a driver I should never keep checking a variable for a change and I don’t know what the best solution is.
>I have a piece of memory, 1 byte in length and I am
waiting for it to change from a 0 to a 1. I can make it
4 bytes if that would help.
How do you wait for it?
In C I would do something like WaitForSingleObject
You cant wait with that function on a simple variable/piece of memory to detect changes. See here in the remarks section for more information on what you can wait for it: http://msdn.microsoft.com/en-us/library/windows/desktop/ms687032(v=vs.85).aspx
but obviously in a driver I should never keep checking a
variable for a change and I don’t know what the best solution is.
What exactly is it that variable is indicating for you? Do you want to count anything or wait for something to occur, maybe restrict the access to something while its 0 or 1? Maybe you can use one of the sychronization objects/functions for your issue. What exactly do you want to do?
A few years ago I was playing around with an anti-virus like project, I came across a problem where I had to wait. I could have written the solution a different way but at the time I would send the file information to a user application and it would scan the file before allowing it to be approved.
I was just curious if there was a method for waiting for an event based on a variable I could have used within a driver.
> I was just curious if there was a method for waiting for an event based on a variable I could have
used within a driver.
This is called not “waiting” but polling - you cannot “wait on a variable” either in KM or in UM. Period. The only thing that you can wait on is some synch construct (event, semaphore,etc) that gets signaled by someone who modifies a variable. Otherwise, your only option is to periodically check the state of the target variable, or design a scheme where you get notified about the change asynchronously (which, again, requires the cooperation of those who modify the target variable)…
Anton Bassov
>This is called not “waiting” but polling - you cannot “wait on a variable”
either in KM or in UM. Period.
I remember a very rare method with the past with the usermode api VirtualAlloc(Ex) where you could allocate memory and monitor it for changes (enabled by a flag passed to the function) on the allocated memory, but i am not sure whether this is still supported or not. I did not use it, i implemented my own notification mechanism for my need. On the VirtualAlloc(Ex) allocated memory, if there was a change made on the memory, i cant remember what exactly was signaled and where, but you get a notification in some way that the “memory” did change. But as said, i cant remember whether this is supported anymore or not. That was YEARS ago,…if this still works, then you have, at least in usermode, a chance to work on a “variable”, which for sure differs from a real variable since its a larger piece of memory on the heap. But this is a kernel question, so he either has to poll or create some data structure that implements a way of “i am a variable and if i will be set, ill notify a object in some way”, like you said and which i personally think is the best for this.
wrote in message news:xxxxx@ntdev…
> I am not quite sure what you are going to make of this problem, if there
> are any better ideas or whether or not I am a complete idiot for wondering
> this.
>
> I have a piece of memory, 1 byte in length and I am waiting for it to
> change from a 0 to a 1. I can make it 4 bytes if that would help.
>
> In C I would do something like WaitForSingleObject but obviously in a
> driver I should never keep checking a variable for a change and I don’t
> know what the best solution is.
>
Set a hardware debug breakpoint (debug register) 
– pa
Ok, we’ll see how ONE codone works this morning.
Basically you have an application waiting on something to happen in a device driver. Not meaning to be facetious, but big deal. The fact it’s only one byte, or one bit does not matter. Since you specify WaitFor? and not KeWait? I would assume it’s nearly a simple matter of the application sending an IO request with your own defined IOCT_TO_WAIT_FOR_SILLY_ASS_FLAGS. Once the driver triggers that byte, again assuming it’s something ISR driven and handled in a DPC, simply complete that IRP or one of those IRPs queued for that trigger.
Given I’m not in my drugged out state from last night, you only need a simple inverted callback.
Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
On Mar 20, 2012, at 3:54 AM, xxxxx@hotmail.com wrote:
I am not quite sure what you are going to make of this problem, if there are any better ideas or whether or not I am a complete idiot for wondering this.
I have a piece of memory, 1 byte in length and I am waiting for it to change from a 0 to a 1. I can make it 4 bytes if that would help.
In C I would do something like WaitForSingleObject but obviously in a driver I should never keep checking a variable for a change and I don’t know what the best solution is.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> Set a hardware debug breakpoint (debug register)
Well, then you will have to hook INT 1 handler so that you can catch the resulting debug exception - apparently, not that wise approach in the days of PatchGuard, don’t you think…
Anton Bassov
I agree Gary, I do like your post. I only mentioned 4 bytes rather than one because I wasn’t sure on an event variable length and I wasn’t sure if I could edit this from a driver. I could use shared memory between an application and a driver and have the event stored in this memory.
A callback would be great but if I called it from usermode I doubt I could execute the driver code and if I executed the UM callback from the driver I would probably run into a lot of security issues as well as making sure I wasn’t running at DISPATCH.
If the shared memory option was used, I have some experience of this and know how it can be done, what would happen if I said the KEVENT was in this address space and either the application or the driver signaled KEVENT. What might happen?
> I remember a very rare method with the past with the usermode api VirtualAlloc(Ex) where you could
allocate memory and monitor it for changes (enabled by a flag passed to the function) on the
allocated memory, but i am not sure whether this is still supported or not.
Well, assuming that such method exists(existed) it may work only on page basis, right. However, the OP speaks about 1-byte variable…
Anton Bassov
> page basis, right. However, the OP speaks about 1-byte variable
Yes, if i remember right that was on page basis and in this case a one-byte variable. The page is simply a too big waste of memory for such a little thing. I guess he can do this with some sort of sync-primitive, maybe some callback, etc,…
I checked my old MSDN docs/headers and YES, there was such a thing:
#define MEM_WRITE_WATCH 0x200000 /* 98/Me */
And the comments at the end remind me again, why i didnt use it on W2K/XP then 
Seems still to be supported or newly implemented now for newer systems. That really was 98/ME only in the past:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366887(v=vs.85).aspx
See “flAllocationType” flags bottom last flag.
Interessting to know is how they implemented that,…
Why in the world would you use shared memory for this? Have you looked
at the archive of this group on signaling from kernel to user space?
Bottom line is Gary has the approach. Your application calls into the
driver with IOCTL_MY_PRIVATE_WAIT and the driver does whatever you want
it to do. When the wait condition is met, the driver completes the
request, and using any of a number of user mode models you get an event
or callback. Properly written this can easily reach well over a
million calls a second, so why do you think you need more than this?
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@hotmail.com” wrote in
message news:xxxxx@ntdev:
> I agree Gary, I do like your post. I only mentioned 4 bytes rather than one because I wasn’t sure on an event variable length and I wasn’t sure if I could edit this from a driver. I could use shared memory between an application and a driver and have the event stored in this memory.
>
> A callback would be great but if I called it from usermode I doubt I could execute the driver code and if I executed the UM callback from the driver I would probably run into a lot of security issues as well as making sure I wasn’t running at DISPATCH.
>
> If the shared memory option was used, I have some experience of this and know how it can be done, what would happen if I said the KEVENT was in this address space and either the application or the driver signaled KEVENT. What might happen?
Honestly I don’t know how to use the search. If I search for something it doesn’t give me the results even when I know the page I am looking for.
I think I have the answer thankyou.
On 20-Mar-2012 14:56, xxxxx@hotmail.com wrote:
> Set a hardware debug breakpoint (debug register)
Well, then you will have to hook INT 1 handler so that you can catch the resulting debug exception - apparently, not that wise approach in the days of PatchGuard, don’t you think…
Sure. Like some other advices given here, this one was not exactly a
step-by-step recipe.
Or… what if you register a message based interrupt and then write to
that address? Will it call the ISR?
– pa
On 20-Mar-2012 15:15, xxxxx@arcor.de wrote:
I checked my old MSDN docs/headers and YES, there was such a thing:
#define MEM_WRITE_WATCH 0x200000 /* 98/Me */
Probably you meant the guard pages, which cause catchable exception:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366549(v=vs.85).aspx
– pa
I here there’s this thing called Google. You should check it out.
Peter
OSR
> Or… what if you register a message based interrupt and then write to that address? Will it call the ISR?
Are you some kind of Alberto or what??? IIRC, what he was trying to do was getting an interrupt vector
and writing (by CPU, of course) to the local APIC’s ICR in order to raise it - he was calling it “MSI”…
Anton Bassov
> Interessting to know is how they implemented that,…
Well, obviously by marking a page RO in its corresponding PTE, i.e. pretty much the same way copy-on-write is implemented…
Anton Bassov
>I agree Gary, I do like your post. I only mentioned 4 bytes rather than one because I wasn’t sure on an
event variable length and I wasn’t sure if I could edit this from a driver. I could use shared memory
Inverted call (IOCTL_WAIT_FOR_THIS_EVENT pended in the driver) is a much better way. It is the simplest (simpler then shared memory) and allows you to pass event-specific chunk of data with the event.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com