tag:blogger.com,1999:blog-971876119771204189.post1573862397256388222..comments2024-03-12T22:24:25.119-07:00Comments on Of Filesystems And Other Demons: Context Usage in MinifiltersAnonymoushttp://www.blogger.com/profile/04456600991354270152noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-971876119771204189.post-47037463957184523752011-10-20T11:19:25.773-07:002011-10-20T11:19:25.773-07:00Yes, there is one reference from the underlying st...Yes, there is one reference from the underlying structure (depending on the context type). For example for a stream context there is a reference from the file system's SCB to the context. When the file system releases the SCB it will in turn release that final reference with will then release the stream context. You can actually see this in the debugger if you look at the stack when your context release callback is called. If you want to break this link you must call FltDeleteContext().Anonymoushttps://www.blogger.com/profile/04456600991354270152noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-83968750699076102112011-10-20T11:00:54.824-07:002011-10-20T11:00:54.824-07:00Alex, first of all thank you for this blog!
I am ...Alex, first of all thank you for this blog!<br /><br />I am a bit confused, in the scenario you have explained to universalkludge, when there is 1 reference to the context lesf and associated with filesystem structures, I have noticed I can´t use FltReleaseContext() as it crashes, so I guess the filesystem releases this reference.<br /><br />My question is is that right and when does it happen?<br /><br />Thanks a lot!!<br /><br />SantiIgorhttps://www.blogger.com/profile/15324631723598969966noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-90141156789532265612011-03-09T12:33:15.275-08:002011-03-09T12:33:15.275-08:00Exactly. That's what i was trying to emphasize...Exactly. That's what i was trying to emphasize as well.Anonymoushttps://www.blogger.com/profile/04456600991354270152noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-44965448399759035322011-03-09T12:07:25.189-08:002011-03-09T12:07:25.189-08:00Thank you, this re-phrase looks better to me – it ...Thank you, this re-phrase looks better to me – it emphasizes that FltDeleteContext is not used in this scenario - it is very tempting for a programmer to have every “alloc” to be matched with “delete"Anonymoushttps://www.blogger.com/profile/00272437287742428991noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-45688233498055873332011-03-08T21:05:05.492-08:002011-03-08T21:05:05.492-08:00Well, i think you're taking it a bit out of co...Well, i think you're taking it a bit out of context (probably my fault as well, i should have phrased it better). What i meant was that a filter normally sets up a context by calling first FltAllocateContext, then FltSetXxxContext and then initializes it or whatever it does and then it calls FltReleaseContext. This works because FltAllocateContext creates a context with a refcount of 1, FltSetXxxContext associates the context with some structure and increments the refcount to 2 and then FltReleaseContext() takes the refcount back to 1, so now the context is only associated with the underlying object. When that object goes away it will also call FltReleaseContext, which will decrement the refcount from 1 to 0 and as such proceed to free the context like the documentation says.<br />Does this make sense now ?Anonymoushttps://www.blogger.com/profile/04456600991354270152noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-19158294935873743302011-03-08T12:48:27.430-08:002011-03-08T12:48:27.430-08:00Alex
You stated, I quote:
"FltReleaseConte...Alex<br /><br />You stated, I quote: <br /><br />"FltReleaseContext() (which is the normal way to set up a context), the filter doesn’t need to do anything else to make sure the context goes away. It will be torn down when the underlying object is torn down."<br /><br />On the other hand, the FltReleaseContext documentation states:<br />"FltReleaseContext decrements the reference count on the given context. When the reference count reaches zero, the context is freed immediately if the caller is running at IRQL <= APC_LEVEL. If the caller is running at IRQL DISPATCH_LEVEL, a work item is scheduled to free the context."<br /><br />Can you please elaborate on this?Anonymoushttps://www.blogger.com/profile/00272437287742428991noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-78516782578732414542010-09-18T09:28:47.952-07:002010-09-18T09:28:47.952-07:00Hi Jeff,
Sorry for the delay. The symbols have b...Hi Jeff, <br /><br />Sorry for the delay. The symbols have been broken for a long time and on some OS releases the extension just doesn't work. I've tried to fix them for Win7 but it's really complicated how this works and i've been unable to do so for downlevel OSes. However, there might be something i might be able to do for this.. I'll post a blog about it if and when i get to it.<br /><br />For all the posts in the blog i've been using Win7 so they should work. However, i was also using private symbols at the time.Anonymoushttps://www.blogger.com/profile/04456600991354270152noreply@blogger.comtag:blogger.com,1999:blog-971876119771204189.post-35529902479866759082010-03-17T12:07:43.595-07:002010-03-17T12:07:43.595-07:00I have a simple question. You use fltkd all over,...I have a simple question. You use fltkd all over, but whenever I try to use it, WinDbg complains:<br /><br />"Could not read offset of field "FrameList.rList" from type fltmgr!_GLOBALS"<br /><br />Now this is on XPSP2, with symbols from Microsoft's symbol servers. What am I missing?Jeff Curlessnoreply@blogger.com