IoQueueWorkItem accessing flag or return value?

Hi folks,

I am writing a custom kernel device driver that calls the
RtlCheckRegistryKey to check the registry for a value on every
keystroke.

Basically I created a call-back function thread using the
IoQueueWorkItem to get the RtlCheckRegistryKey to be ran at
PASSIVE_LEVEL.

I pass down a struct to the IoQueueWorkItem routine
(IN PDEVICE_OBJECT DeviceObject, IN OUT strQueuedWorkItem *Context)
That contains pIOWorkItem and certain flags etc.
When the RtlCheckRegistryKey value is called I need to set a flag in
the struct to say registryChecked.

My problem is that I cant seem to get access to this structure and the
set flag after it has been passed to the call-back routine even though
I am passing the struct by pointer?

Can anyone help me alleviate the problem or know of another way to
access a global driver flag that I can check in the calling function to
the IoQueueWorkItem

Thanks in advance for the help,
Cheers,
Con

SL
Thu Oct 13 05:38:43 CDT 2005

What does "strQueuedWorkItem" structure look like ?

conjonh
Thu Oct 13 06:19:29 CDT 2005

Hi SL Change,

Here is the structure:
typedef struct structQueuedWorkItem
{
PIO_WORKITEM pIOWorkItem;
void *pData;
int screenSaverRunning;
int screenSaverChecked ;

}strQueuedWorkItem;

and here is the code to call the IoQueueWorkItem

strQueuedWorkItem *queuedWorkItem;
PIO_WORKITEM pIOWorkItem;

queuedWorkItem = ExAllocatePool(NonPagedPool,
sizeof(strQueuedWorkItem));

queuedWorkItem->screenSaverChecked = 0;
queuedWorkItem->screenSaverRunning = 0;
pIOWorkItem = IoAllocateWorkItem(DeviceObject);

if (pIOWorkItem)
{
queuedWorkItem->pIOWorkItem = pIOWorkItem;
IoQueueWorkItem(pIOWorkItem,
dequeueHandler, DelayedWorkQueue, queuedWorkItem);
}

Thanks for the help!
Cheers,
Con

conjonh
Thu Oct 13 08:56:45 CDT 2005

Hi Folks,

I am starting to think its a down to synchronization between the
threads(unless my coding is wrong?)
Basically before I call the IoQueueWorkItem, I set the struct below
flag to zero
queuedWorkItem->screenSaverChecked = 0;
Then once my call to RtlCheckRegistryKey has completed I change the
value of that flag to be

queuedWorkItem->screenSaverChecked = 1;

So in my calling thread I am assuming that if I do a
while(queuedWorkItem->screenSaverChecked != 1)
wait.. so when the RtlCheckRegistryKey is called that loop will break
and processing will run on.

But this loop never exits because the structure never gets updated.
I was looking at locking it with a Semaphore but just found out that
you need to be running at PASSIVE_LEVEL. to call this function, but
this is the whole point of me calling the IoQueueWorkItem to get a
thread to run at IRQL PASSIVE_LEVEL so I could make the call to
RtlCheckRegistryKey.

This means I cant use Semaphore's.

All help much appreciated.
Cheers,
Con

Mark
Thu Oct 13 19:42:42 CDT 2005

conjonh wrote:
> Hi folks,
>
> I am writing a custom kernel device driver that calls the
> RtlCheckRegistryKey to check the registry for a value on every
> keystroke.
>
> Basically I created a call-back function thread using the
> IoQueueWorkItem to get the RtlCheckRegistryKey to be ran at
> PASSIVE_LEVEL.
>
> I pass down a struct to the IoQueueWorkItem routine
> (IN PDEVICE_OBJECT DeviceObject, IN OUT strQueuedWorkItem *Context)
> That contains pIOWorkItem and certain flags etc.
> When the RtlCheckRegistryKey value is called I need to set a flag in
> the struct to say registryChecked.
>
> My problem is that I cant seem to get access to this structure and the
> set flag after it has been passed to the call-back routine even though
> I am passing the struct by pointer?
>
> Can anyone help me alleviate the problem or know of another way to
> access a global driver flag that I can check in the calling function to
> the IoQueueWorkItem
>
> Thanks in advance for the help,
> Cheers,
> Con
>

Well first of all, reading the registry on every keystroke is bad
design. Secondly, polling for your flag to toggle at DISPATCH_LEVEL is
just wrong - your poll operation is hogging a cpu such that only
interrupt service routines will run on that cpu while your polling is
going on. If this is a single processor system you are doomed. if this
is not a single processor system you are not doomed, but the system is
essentially crippled.

Rather than attempt to have your workitem signal the original code path
that the registry read is complete and that the original code path
should resume processing the keystroke IO request, you should refactor
your code so that the 'continue processing the keystroke IO request'
operations are performed by the workitem codepath rather than the
original code path.

--

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

conjonh
Fri Oct 14 02:49:44 CDT 2005

Hi Folks,

Thanks for the help,
Sorry I misquoted my self on saying it was for every keystroke "in my
testing I am doing it for every keystroke, but this model will only
happen if CTRL+ALT+DELETE key sequence occurs and the Screensaver is
running; ignore the key sequence.

I understand your logic about refactoring the code to have the workitem
handle the 'keystroke IO request''.
Not sure if I can do this...(or have enough experience to get this
working) :-)
I am a newbie to Driver development, first one :-)

Cheers for the help,
Con
p.s. I am basing my coding around this example
http://www.sysinternals.com/Utilities/Ctrl2Cap.html
"Ctrl2capReadComplete" function.

conjonh
Fri Oct 14 08:12:13 CDT 2005

Hi Folks,

Am I right in thinking that I can call the IoQueueWorkItem but set an
Event to notify me when its done, using the below coding concept:

- ObReferenceObjectByHandle (get a handle on the event)
- KeSetEvent (set the event)
- KeWaitForSingleObject (wait for the event to finish IoQueueWorkItem
Thread finishes)
- ObDereferenceObject to relapse the Handel

Any help much appreciated.
Cheers,
Con

Skywing
Fri Oct 14 10:49:38 CDT 2005

Remember that you can't enter a dispatcher wait at IRQL >= DISPATCH_LEVEL,
however.

Another option to consider, BTW, is to do a change notification on the key
in question and just update your interval (nonpaged) cache of the value in
question. Because there is no documented way to do this in the DDK, you
would probably be better off having a user mode service that does
RegNotifyChangeKey() and somehow passes the result of the operation to the
driver (sending an IOCTL, probably, when the value changes).

"conjonh" <con.brady@gmail.com> wrote in message
news:1129295533.803903.300130@g47g2000cwa.googlegroups.com...
> Hi Folks,
>
> Am I right in thinking that I can call the IoQueueWorkItem but set an
> Event to notify me when its done, using the below coding concept:
>
> - ObReferenceObjectByHandle (get a handle on the event)
> - KeSetEvent (set the event)
> - KeWaitForSingleObject (wait for the event to finish IoQueueWorkItem
> Thread finishes)
> - ObDereferenceObject to relapse the Handel
>
> Any help much appreciated.
> Cheers,
> Con
>

conjonh
Mon Oct 17 09:38:24 CDT 2005

Hi Skywing,

Thanks for the help,
I am thinking of proceeding with your logic of creating a user mode
event to check the registry and then send a message to the Kernel
driver to notify it when a change occurs.

Would you recommend any code samples or have a starting point on how to
send an IOCTL to a kernel mode driver from a user mode app?

Cheers for the help,
Con

conjonh
Mon Oct 17 10:57:07 CDT 2005

I have been looking more into this, and from what I am reading maybe
DeviceIoControl call can be used to communicate with my driver over
certain events?

Let me know if you think I am way off on this one :-)

Con