Skip to content

PDO differences in "filter" vs. "function" mode #90

Open
Open
PDO differences in "filter" vs. "function" mode#90
@forderud

Description

@forderud
forderud
opened on Feb 19, 2025

The FsContext field becomes null after removing the WdfFdoInitSetFilter call to convert the filter driver into a function driver.

Filter driver

kd> !wdfiotarget 0x000044725f30dd78
Treating handle as a KMDF handle!

WDFIOTARGET 000044725f30dd78
=========================
!wdfdevice 0x000044725ef6c358
Target Device: !devobj  0xffffbb8da031e040
Target PDO: !devobj  0xffffbb8d9f5f4060

Type: Remote target
State:  WdfIoTargetStarted

Requests pending: 0

Requests sent: 0

Requests sent with ignore-target-state: 0

Target name:  \Device\00000034
Target FileObject: dt nt!_FILE_OBJECT  0xffffbb8d9d5b5970
WDF file !handle  0xffffffff80002fac. Search for 'Object: xxxx Type: File', run '!fileobj xxxx'
Open type:  WdfIoTargetOpenByName


kd> dt nt!_FILE_OBJECT  0xffffbb8d9d5b5970
   +0x000 Type             : 0n5
   +0x002 Size             : 0n216
   +0x008 DeviceObject     : 0xffffbb8d`9f5f4060 _DEVICE_OBJECT
   +0x010 Vpb              : (null) 
   +0x018 FsContext        : 0xffffbb8d`9d6be770 Void
   +0x020 FsContext2       : (null) 
   +0x028 SectionObjectPointer : (null) 
   +0x030 PrivateCacheMap  : (null) 
   +0x038 FinalStatus      : 0n0
   +0x040 RelatedFileObject : (null) 
   +0x048 LockOperation    : 0 ''
   +0x049 DeletePending    : 0 ''
   +0x04a ReadAccess       : 0 ''
   +0x04b WriteAccess      : 0 ''
   +0x04c DeleteAccess     : 0 ''
   +0x04d SharedRead       : 0 ''
   +0x04e SharedWrite      : 0 ''
   +0x04f SharedDelete     : 0 ''
   +0x050 Flags            : 0x40000
   +0x058 FileName         : _UNICODE_STRING ""
   +0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
   +0x070 Waiters          : 0
   +0x074 Busy             : 0
   +0x078 LastLock         : (null) 
   +0x080 Lock             : _KEVENT
   +0x098 Event            : _KEVENT
   +0x0b0 CompletionContext : (null) 
   +0x0b8 IrpListLock      : 0
   +0x0c0 IrpList          : _LIST_ENTRY [ 0xffffbb8d`9d5b5a30 - 0xffffbb8d`9d5b5a30 ]
   +0x0d0 FileObjectExtension : (null) 


kd> !handle  0xffffffff80002fac

PROCESS ffffbb8d97682040
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 001aa000  ObjectTable: ffff818f8083ddc0  HandleCount: 2981.
    Image: System

Kernel handle table at ffff818f8083ddc0 with 2981 entries in use

80002fac: Object: ffffbb8d9d5b5970  GrantedAccess: 00000003 (Audit) Entry: ffff818f878f8eb0
Object: ffffbb8d9d5b5970  Type: (ffffbb8d976afe80) File
    ObjectHeader: ffffbb8d9d5b5940 (new version)
        HandleCount: 1  PointerCount: 32769

Function driver

kd> !wdfiotarget 0x000044725fc0bd38
Treating handle as a KMDF handle!

WDFIOTARGET 000044725fc0bd38
=========================
!wdfdevice 0x0000447261437ca8
Target Device: !devobj  0xffffbb8da02bba50
Target PDO: !devobj  0xffffbb8da07a14b0

Type: Remote target
State:  WdfIoTargetStarted

Requests pending: 0

Requests sent: 0

Requests sent with ignore-target-state: 0

Target name:  \Device\00000038
Target FileObject: dt nt!_FILE_OBJECT  0xffffbb8da2002340
WDF file !handle  0xffffffff80001cc8. Search for 'Object: xxxx Type: File', run '!fileobj xxxx'
Open type:  WdfIoTargetOpenByName


kd> dt nt!_FILE_OBJECT  0xffffbb8da2002340
   +0x000 Type             : 0n5
   +0x002 Size             : 0n216
   +0x008 DeviceObject     : 0xffffbb8d`a07a14b0 _DEVICE_OBJECT
   +0x010 Vpb              : (null) 
   +0x018 FsContext        : (null) 
   +0x020 FsContext2       : (null) 
   +0x028 SectionObjectPointer : (null) 
   +0x030 PrivateCacheMap  : (null) 
   +0x038 FinalStatus      : 0n0
   +0x040 RelatedFileObject : (null) 
   +0x048 LockOperation    : 0 ''
   +0x049 DeletePending    : 0 ''
   +0x04a ReadAccess       : 0 ''
   +0x04b WriteAccess      : 0 ''
   +0x04c DeleteAccess     : 0 ''
   +0x04d SharedRead       : 0 ''
   +0x04e SharedWrite      : 0 ''
   +0x04f SharedDelete     : 0 ''
   +0x050 Flags            : 0x40000
   +0x058 FileName         : _UNICODE_STRING ""
   +0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
   +0x070 Waiters          : 0
   +0x074 Busy             : 0
   +0x078 LastLock         : (null) 
   +0x080 Lock             : _KEVENT
   +0x098 Event            : _KEVENT
   +0x0b0 CompletionContext : (null) 
   +0x0b8 IrpListLock      : 0
   +0x0c0 IrpList          : _LIST_ENTRY [ 0xffffbb8d`a2002400 - 0xffffbb8d`a2002400 ]
   +0x0d0 FileObjectExtension : (null) 


kd> !handle  0xffffffff80001cc8

PROCESS ffffbb8d97682040
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 001aa000  ObjectTable: ffff818f8083ddc0  HandleCount: 2714.
    Image: System

Kernel handle table at ffff818f8083ddc0 with 2714 entries in use

80001cc8: Object: ffffbb8da2002340  GrantedAccess: 00000003 (Protected) Entry: ffff818f860f9320
Object: ffffbb8da2002340  Type: (ffffbb8d976afe80) File
    ObjectHeader: ffffbb8da2002310 (new version)
        HandleCount: 1  PointerCount: 32769

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions