Re: problem about 2 Notification Events by oscar_fan
oscar_fan
Tue Mar 20 02:38:31 CDT 2007
On 3=D4=C214=C8=D5, =C9=CF=CE=E73=CA=B139=B7=D6, troylees <troyl...@discuss=
ions.microsoft.com>
wrote:
> In actuality, after the thread is aroused, it will send a IRP to driver.T=
hen
> driver will set the event itself. I think it's nothing related to the
> problem, so I didn't paste it here. And now, I create 2 events in app as =
you
> said,then pass to driver.But the problem is the same.
> See my whole codes:
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> In Application :
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> unsigned ThreadId; =20
> DWORD BytesReturned;
>
> // to get the Device handle
> //
> hDevice=3DCreateFile(MY_DEVICE_NAME,GENERIC_READ |
> GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
> //
> //create 2 events
> //
> hAppE =3D CreateEvent(NULL,TRUE,FALSE,NULL);
> hDrvE =3D CreateEvent(NULL,TRUE,FALSE,NULL);
> //
> //send a IRQ to driver with the event handle
> //
> DeviceIoControl(hDevice,APP_EVENT_CRT,&hAppE,4,NULL,0,&BytesReturned,NULL=
);
> //
> //send a IRQ to driver with the other event handle
> //
> DeviceIoControl(hDevice,DRV_EVENT_CRT,&hDrvE,4,NULL,0,&BytesReturned,NULL=
);
> //
> //create a new thread
> // =20
> _beginthreadex(NULL,0,&ppppp,(void*)hAppE,0,&ThreadId);
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> In a new thread:
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> unsigned __stdcall ppppp(void*(hAppE))
> { =20
> HANDLE hDevice; =20
> DWORD BytesReturned;
>
> while(1)
> {
> //wait
> WaitForSingleObject((HANDLE) hAppE,INFINITE);
> //notify user
> ::MessageBox(NULL,"Event Set!",NULL,MB_OK);
>
> //to get the Device handle
> hDevice=3DCreateFile(MY_DEVICE_NAME,GENERIC_READ |
> GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); =20
>
> //Reset the app Event
> ResetEvent((HANDLE) hAppE);
> //send IRP to driver, then it will arouse itself =20
>
> DeviceIoControl(hDevice,DRV_EVENT_SET,NULL,0,NULL,0,&BytesReturned,NULL);
> //close handle
> CloseHandle(hDevice); =20
> }
> _endthreadex(0);
> return0;
>
> }
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> In Driver:
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> //event handle, pointer
> //
> PKEVENT pEventApp,pEventDrv;
> HANDLE hEventDrv,hEventApp;
> //
> //mutex
> //
> KMUTEX H_FuncMutex;
>
> //app event IRP =20
> case APP_EVENT_CRT: =20
>
> RtlCopyMemory(&hEventApp,pIrp->AssociatedIrp.SystemBuffer,4);
> //get pointer
>
> ObReferenceObjectByHandle(hEventApp,EVENT_MODIFY_STATE,*ExEventObjectType=
,p-Irp->RequestorMode,(PVOID*) &pEventApp,NULL);
> break; =20
>
> //driver event IRP =20
> case DRV_EVENT_CRT: =20
>
> RtlCopyMemory(&hEventDrv,pIrp->AssociatedIrp.SystemBuffer,4);
> //get pointer
>
> ObReferenceObjectByHandle(hEventDrv,EVENT_MODIFY_STATE,*ExEventObjectType=
,p-Irp->RequestorMode,(PVOID*) &pEventDrv,NULL);
> break;
>
> //driver event set
> case DRV_EVENT_SET: =20
>
> KeSetEvent(pEventDrv, IO_NO_INCREMENT, FALSE);
> break;
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> A hook func in Driver:
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> //get in Critical section
> //
> KeWaitForMutexObject(&H_FuncMutex,Executive,KernelMode,FALSE,NULL);
> //
> //set the event to notify the new thread
> //
> KeSetEvent(pEventApp, IO_NO_INCREMENT, TRUE);
>
> //wait for the other event
> //
> KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0);
> KeClearEvent(pEventDrv);
>
> //get out Critical section
> //
> KeReleaseMutex(&H_FuncMutex,FALSE);
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> In the hook func, KeSetEvent is successful, but the thread is not active.
> and, if i delete the followings:
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> //wait for the other event
> //
> KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0);
> KeClearEvent(pEventDrv);
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> the thread will be aroused.oh almost forgot,the func I hook is Ntopenkey.
> thank you!!
>
>
>
> "Anton Bassov" wrote:
>
> > There is a bug in your code - you driver waits on event that it has
> > initialized, but app does not seem to be doing anything about its state=
, at
> > least judging from your code.
> > Instead, your app deals only with event that it has created. Why should=
your
> > wait be ever satisfied then???? =20
>
> > Furthermore, even if app tried to something about the state of event th=
at
> > driver has created, it would fail. Applications cannot open handles with
> > EVENT_MODIFY_STATE access to named events that have been created by dri=
vers,
> > i.e. something that you are trying to do here. This is why the trick of
> > passing a handle from the app to a driver has been invented, in the fir=
st
> > place. Therefore, you have to create 2 unnamed events in your app, and=
pass
> > their handles to a driver.
>
> > Anton Bassov
>
> > "troylees" wrote:
>
> > > Dear all:
> > > I create 2 event objs, one in Application and the other in Drive=
r=2EI ues
> > > them to notify each other.
> > > 1) the App create a new thread to wait for the event Driver will =
set
> > > 2)Driver sets the event that the thread waits for, then Driver tu=
rns to
> > > wait for the other event
>
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > In Application :
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > unsigned ThreadId; =20
> > > DWORD BytesReturned;
>
> > > // to get the Device handle
> > > //
> > > hDevice=3DCreateFile(MY_DEVICE_NAME,GENERIC_READ |
> > > GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
> > > //
> > > //create an event
> > > //
> > > hShareE =3D CreateEvent(NULL,TRUE,FALSE,NULL);
> > > //
> > > //send a IRQ to driver with the event handle
> > > //
> > > DeviceIoControl(hDevice,SHARE_EVENT_CRT,&hShareE,4,NULL,0,&BytesRetur=
ned,NU-LL);
> > > //
> > > //create a new thread
> > > // =20
> > > _beginthreadex(NULL,0,&ppppp,(void*)hShareE,0,&ThreadId);
>
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > In a new thread:
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > unsigned __stdcall ppppp(void*(hShareE))
> > > { =20
> > > while(1)
> > > {
> > > //wait
> > > //
> > > WaitForSingleObject((HANDLE) hShareE,INFINITE);
> > > //
> > > //notify user
> > > //
> > > ::MessageBox(NULL,"Event Set!",NULL,MB_OK);
> > > ResetEvent((HANDLE) hShareE);
> > > }
>
> > > _endthreadex(0);
> > > return0;
> > > }
>
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > In Driver:
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > //event name ,handle, pointer
> > > //
> > > WCHAR wEventNameBuf[]=3DL"\\BaseNamedObjects\\SharedEvent";
> > > UNICODE_STRING uEventName;
> > > PKEVENT pEventApp,pEventDrv;
> > > HANDLE hEventDrv,hEventApp;
> > > //
> > > //mutex
> > > //
> > > KMUTEX H_FuncMutex;
>
> > > //IRQ about creating event
> > > //
> > > case SHARE_EVENT_CRT:
>
> > > RtlCopyMemory(&hEventApp,pIrp->AssociatedIrp.SystemBuffer,4);
> > > //
> > > //get the pointer from handle of event that the App created
> > > //
> > > ObReferenceObjectByHandle(hEventApp,EVENT_MODIFY_STATE,*ExEventObject=
Type,p-Irp->RequestorMode,(PVOID*) &pEventApp,NULL);
>
> > > //driver creates the other event
> > > // =20
> > > RtlInitUnicodeString(&uEventName,wEventNameBuf); =20
> > > pEventDrv =3DIoCreateNotificationEvent(&uEventName,&hEventDrv);
> > > if(pEventDrv !=3DNULL)
> > > KeClearEvent(pEventDrv);
> > > break;
>
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > A hook func in Driver:
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> > > //get in Critical section
> > > //
> > > KeWaitForMutexObject(&H_FuncMutex,Executive,KernelMode,FALSE,NULL);
> > > //
> > > //set the event to notify the new thread
> > > //
> > > KeSetEvent(pEventApp, IO_NO_INCREMENT, TRUE);
>
> > > //wait for the other event
> > > //
> > > KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0);
> > > KeClearEvent(pEventDrv);
>
> > > //get out Critical section
> > > //
> > > KeReleaseMutex(&H_FuncMutex,FALSE);
>
> > > In the hook func, KeSetEvent is successful, but the thread is not act=
ive.
> > > and, if i delete the followings:
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > //wait for the other event
> > > //
> > > KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0);
> > > KeClearEvent(pEventDrv);
> > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> > > the thread will be active. =20
> > > somebody know what happen, and how to solve it.
> > > Thank you!!- =D2=FE=B2=D8=B1=BB=D2=FD=D3=C3=CE=C4=D7=D6 -
>
> - =CF=D4=CA=BE=D2=FD=D3=C3=B5=C4=CE=C4=D7=D6 -
when i do this as you write above,system crash . please explian for
me. thanks a lot!
pCallbackInfo =3D (PCALLBACK_INFO)pIrp->AssociatedIrp.SystemBuffer;
hReaceiveData =3D *((HANDLE*)pCallbackInfo->Buffer);
//DbgPrint("=3D=3D=3D=3D>%d",hReaceiveData);
if(ObReferenceObjectByHandle(hReaceiveData,
EVENT_MODIFY_STATE,//SYNCHRONIZE,
NULL,
KernelMode,
(PVOID)&EventApp,
NULL)
=3D=3D STATUS_SUCCESS)
{
DbgPrint("=3D=3D=3D=3D>");
DbgPrint("%d,%d",KeGetCurrentIrql(),hReaceiveData);
//DbgBreakPoint();
=09
KeWaitForMutexObject(&H_FuncMutex,Executive,KernelMode,FALSE,NULL);
KeSetEvent(&EventApp,0,TRUE);
KeReleaseMutex(&H_FuncMutex,FALSE);
/*
KeClearEvent(&EventApp);
*/
}
status =3D STATUS_SUCCESS;
break;