User Mode Application never exits

NTDEV
1

Hi,

I have written a user mode application which has a main thread and that thread creates a child thread. The child thread makes an IOCTL call and waits in the kernel driver on a wait event. When the execution reaches the end of application, I see the app just hangs forever. Looking at the pending call stacks, I see only the child thread waiting on the event and the main thread has exited cleanly. The child thread is waiting on an event like this:

KeWaitForSingleObject(&Event,
Executive,
KernelMode,
TRUE,
NULL);

When the app is going to terminate, shouldn’t the child thread waiting on the event get alerted since I have set Alertable = TRUE? Once I receive the STATUS_ALERTED return value, I will go ahead and terminate the child thread as well. But for some reason, the child thread is not coming out of wait. Is there anything that I am missing?

2

On Jan 10, 2018, at 8:57 PM, xxxxx@gmail.com wrote:
>
> I have written a user mode application which has a main thread and that thread creates a child thread. The child thread makes an IOCTL call and waits in the kernel driver on a wait event.

That’s not a good design, for exactly this reason. Can’t you just submit an ioctl, pend it in the driver, and have the user-mode thread wait on the event?

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

3

I don?t think you understand how alertable waits and APCs are supposed to work

https://msdn.microsoft.com/en-us/library/windows/desktop/ms681951(v=vs.85).aspx

probably what you want to do is call SetEvent or CloseHandle or CancelIoEx to wake up your worker thread

you could even call ExitProcess if you really wanted to

Sent from Mailhttps: for Windows 10

________________________________
From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Wednesday, January 10, 2018 11:57:11 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] User Mode Application never exits

Hi,

I have written a user mode application which has a main thread and that thread creates a child thread. The child thread makes an IOCTL call and waits in the kernel driver on a wait event. When the execution reaches the end of application, I see the app just hangs forever. Looking at the pending call stacks, I see only the child thread waiting on the event and the main thread has exited cleanly. The child thread is waiting on an event like this:

KeWaitForSingleObject(&Event,
Executive,
KernelMode,
TRUE,
NULL);

When the app is going to terminate, shouldn’t the child thread waiting on the event get alerted since I have set Alertable = TRUE? Once I receive the STATUS_ALERTED return value, I will go ahead and terminate the child thread as well. But for some reason, the child thread is not coming out of wait. Is there anything that I am missing?


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></https:>