AttachedToDeviceObject unloaded?

TheMSsForum.com: The Microsoft Software Forum

Hi All.

I'm making my first steps in the File System Drivers programming world,
so this question might not be very intelligent or challenging.

I've followed the SFilter sample from IFS Kit in order to build my
driver.
In the sample, I've noticed the use of IoAttachDeviceToDeviceStack (or
IoAttachDeviceToDeviceStackSafe).
This function, if I understand correctly, is supposed to return the
actual device that is directly "below" mine in the device stack. This
device can be different from the device I was initially trying to hook,
if other devices were already layered on top of it.

Let's say I initialize the AttachedToDeviceObject member of my device's
extension with the value returned from IoAttachDeviceToDeviceStack,
like I understood I should. I Later pass my AttachedToDeviceObject
value to IoCreateFileSpecifyDeviceObjectHint .

What I couldn't figure out, is what happens if the device pointed to by
AttachedToDeviceObject, which is the one that was between me and my
target device when I hooked, gets unloaded.
Does my AttachedToDeviceObject value reference uninitialized memory,
and is therefore likely to cause a blue screen?
As I have failed to find a way to discover the next device in stack
dynamically, how can I overcome this hazard?

Someone on osronline explained to me that the filter driver that is
under mine should take care of that if it's unloaded, but I couldn't
understand how is it supposed to change the pointer in my extension
(AttachedToDeviceObject)?

any help would be greatly appreciated.
thanks.
Top

Re: AttachedToDeviceObject unloaded? by Don

Don
Wed Apr 20 07:29:53 CDT 2005

Once you attach the device object below you has its reference count
incremented because you are attached. The object should never be unloaded
if the reference count is non-zero.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply



<vstots@gmail.com> wrote in message
news:1114000030.830881.92880@z14g2000cwz.googlegroups.com...
> Hi All.
>
> I'm making my first steps in the File System Drivers programming world,
> so this question might not be very intelligent or challenging.
>
> I've followed the SFilter sample from IFS Kit in order to build my
> driver.
> In the sample, I've noticed the use of IoAttachDeviceToDeviceStack (or
> IoAttachDeviceToDeviceStackSafe).
> This function, if I understand correctly, is supposed to return the
> actual device that is directly "below" mine in the device stack. This
> device can be different from the device I was initially trying to hook,
> if other devices were already layered on top of it.
>
> Let's say I initialize the AttachedToDeviceObject member of my device's
> extension with the value returned from IoAttachDeviceToDeviceStack,
> like I understood I should. I Later pass my AttachedToDeviceObject
> value to IoCreateFileSpecifyDeviceObjectHint .
>
> What I couldn't figure out, is what happens if the device pointed to by
> AttachedToDeviceObject, which is the one that was between me and my
> target device when I hooked, gets unloaded.
> Does my AttachedToDeviceObject value reference uninitialized memory,
> and is therefore likely to cause a blue screen?
> As I have failed to find a way to discover the next device in stack
> dynamically, how can I overcome this hazard?
>
> Someone on osronline explained to me that the filter driver that is
> under mine should take care of that if it's unloaded, but I couldn't
> understand how is it supposed to change the pointer in my extension
> (AttachedToDeviceObject)?
>
> any help would be greatly appreciated.
> thanks.
>


Top

Re: AttachedToDeviceObject unloaded? by Maxim

Maxim
Wed Apr 20 12:06:22 CDT 2005

> What I couldn't figure out, is what happens if the device pointed to by
> AttachedToDeviceObject, which is the one that was between me and my
> target device when I hooked, gets unloaded.

Impossible. The driver cannot unload without deleting all its device objects
first.

If this is a PnP stack, then IoDeleteDevice is called _only_ from
MN_REMOVE_DEVICE path, and it is called in a proper order so that you cannot
see your DO alive and the lower DO dead.

If this is a non-PnP stack (like a filesystem), then your filter must have a
FastIoDetachDevice callback, which is called when the lower driver calls
IoDeleteDevice. You must call your IoDeleteDevice only from within
FastIoDetachDevice. This solves your problem.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com


Top

Re: AttachedToDeviceObject unloaded? by Drivers

Drivers
Wed Apr 20 17:43:59 CDT 2005

You will be notified that the device you are attached to is going away via
your FastIoDetachDevice callback. The callback chain for this Fast I/O
entry point starts at the bottom of the filter stack and works its way up.

Also, as has been pointed out, FS filter drivers are not allowed to unload.
If you are attached to one that does unload, you are absolved of all
consequences...

<vstots@gmail.com> wrote in message
news:1114000030.830881.92880@z14g2000cwz.googlegroups.com...
> Hi All.
>
> I'm making my first steps in the File System Drivers programming world,
> so this question might not be very intelligent or challenging.
>
> I've followed the SFilter sample from IFS Kit in order to build my
> driver.
> In the sample, I've noticed the use of IoAttachDeviceToDeviceStack (or
> IoAttachDeviceToDeviceStackSafe).
> This function, if I understand correctly, is supposed to return the
> actual device that is directly "below" mine in the device stack. This
> device can be different from the device I was initially trying to hook,
> if other devices were already layered on top of it.
>
> Let's say I initialize the AttachedToDeviceObject member of my device's
> extension with the value returned from IoAttachDeviceToDeviceStack,
> like I understood I should. I Later pass my AttachedToDeviceObject
> value to IoCreateFileSpecifyDeviceObjectHint .
>
> What I couldn't figure out, is what happens if the device pointed to by
> AttachedToDeviceObject, which is the one that was between me and my
> target device when I hooked, gets unloaded.
> Does my AttachedToDeviceObject value reference uninitialized memory,
> and is therefore likely to cause a blue screen?
> As I have failed to find a way to discover the next device in stack
> dynamically, how can I overcome this hazard?
>
> Someone on osronline explained to me that the filter driver that is
> under mine should take care of that if it's unloaded, but I couldn't
> understand how is it supposed to change the pointer in my extension
> (AttachedToDeviceObject)?
>
> any help would be greatly appreciated.
> thanks.
>


Top