Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 6  
13 Jun 18 03:28
Pooja Bansal
xxxxxx@gemalto.com
Join Date: 28 Jul 2017
Posts To This List: 7
What is the purpose of fileobject->lock structure in file system filter driver?

Hi, I am working on minifilter file system encryption driver based on shadow fileobject design. I can see 2 members in FILE_OBJECT structure. KEVENT Lock; KEVENT Event; When should I initialize these and how? Thanks in advance, Pooja
  Message 2 of 6  
13 Jun 18 04:15
rod widdowson
xxxxxx@steadingsoftware.com
Join Date: 11 Sep 2006
Posts To This List: 869
What is the purpose of fileobject->lock structure in file system filter driver?

> When should I initialize these and how? I never have.
  Message 3 of 6  
13 Jun 18 05:34
NtDev Geek
xxxxxx@gmail.com
Join Date: 09 Aug 2013
Posts To This List: 43
What is the purpose of fileobject->lock structure in file system filter driver?

Why you need this tell us your use case first. why u even think about them...
  Message 4 of 6  
14 Jun 18 00:48
Pooja Bansal
xxxxxx@gemalto.com
Join Date: 28 Jul 2017
Posts To This List: 7
What is the purpose of fileobject->lock structure in file system filter driver?

Hi, Use case: I am trying to export .pst file on an encrypted network share path. Bugcheck is observed as per below call stack: 00 (Inline Function) --------`-------- nt!InsertTailList+0xf ? the head here is NULL 01 ffffd000`21ab8a30 fffff804`004949ed nt!KeWaitForSingleObject+0x1ff 02 (Inline Function) --------`-------- nt!IopWaitForLockAlertable+0x39 03 ffffd000`21ab8ac0 fffff804`00584687 nt!IopAcquireFileObjectLock+0x85 04 ffffd000`21ab8b10 fffff804`001627b3 nt!NtUnlockFile+0xeb70b 05 ffffd000`21ab8bd0 00007ffa`e63ec5ea nt!KiSystemServiceCopyEnd+0x13 06 0000003c`f538cf68 00007ffa`e37edfad ntdll!ZwUnlockFile+0xa 07 0000003c`f538cf70 00007ffa`e37edffc KERNELBASE!UnlockFileEx+0x3d 08 0000003c`f538cfc0 00007ffa`ae808522 KERNELBASE!UnlockFile+0x34 09 0000003c`f538d020 00007ffa`ae8082e2 mspst32!MSProviderInit+0x6e2a 0a 0000003c`f538d060 00007ffa`ae8081d8 mspst32!MSProviderInit+0x6bea 0b 0000003c`f538d0e0 00007ffa`ae8c8950 mspst32!MSProviderInit+0x6ae0 0c 0000003c`f538d160 00000000`00000000 mspst32!PSTCrashRecovery+0x954 IopAcquireFileObjectLock is trying to acquire lock on file object and fileobject->Lock is not intialized as observed. In IRP_MJ_CREATE , we are initializing FileObject and completing it. I tried to modify behavior of IRP_MJ_CREATE by calling KeInitializeEvent( &(FileObject->Lock), SynchronizationEvent , FALSE); This helps for this BSOD,but I am not sure if this expected to do it in a shadow FileObject design. Can you please suggest about this. Thanks Pooja
  Message 5 of 6  
14 Jun 18 08:50
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 1043
List Moderator
What is the purpose of fileobject->lock structure in file system filter driver?

The Lock field is automatically initialized by the I/O Manager for synchronous file opens. I can see three possible reasons for your crash: 1. You've opened a file asychronous and then played with the File Object flags 2. You have a reference counting problem and the File Object was freed prematurely 3. The File Object became corrupt somehow You need to dig out the File Object and look at it in the debugger. What does !pool say? If you dump out the File Object (dt nt!_FILE_OBJECT address) does it look OK or like garbage? Also, make sure you turn Driver Verifier on for your driver and FltMgr.sys. This might point you to the problem much earlier. -scott OSR @OSRDrivers
  Message 6 of 6  
15 Jun 18 05:50
NtDev Geek
xxxxxx@gmail.com
Join Date: 09 Aug 2013
Posts To This List: 43
What is the purpose of fileobject->lock structure in file system filter driver?

Like you said its a shadow file object based design so I think you can do initialize it at the time of creation of a file object. did you tried without encryption ? if yes what IO mgr is sending at the first place? if IO mgr is sending it as non initialized then there is noting to worry. if he sends it initialized the your driver somehow poking it... If at all in both cases it is uninitialized then use driver verifire and try to reproduce it with verifier soon you will get to why it is coming. ./nT
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 11:16.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license