Strange hang while unloading minifilter
Windows内核调试
Strange hang while unloading minifilter
zmsx
2010-04-14, 11:11 上午
当调用FltUnregisterFilter时函数不会返回。最终发现是进到
fltmgr!FltUnregisterFilter+0xac:
f722d54e e8fdf5ffff call fltmgr!FltpObjectRundownWait (f722cb50)
这个里面了。
kd> !fltkd.filter 8262dd30
FLT_FILTER: 8262dd30 "MyDrv" "370030"
FLT_OBJECT: 8262dd30 [02000001] Filter DRAINING
RundownRef : 0xf78eeb5d (1) draining
PointerCount : 0x00000002
PrimaryLink : [8251a05c-8251a05c]
Frame : 8251a000 "Frame 1"
Flags : [00000003] UnloadInProgress FilteringInitiated
DriverObject : 826144e0
FilterLink : [8251a05c-8251a05c]
PreVolumeMount : 00000000 (null)
PostVolumeMount : 00000000 (null)
FilterUnload : f7841082 MyDrv!MyUnload
InstanceSetup : f722e4b2 fltmgr!FltvInstanceSetup
InstanceQueryTeardown : f722e4d6 fltmgr!FltvInstanceQueryTeardown
InstanceTeardownStart : f722e4f4 fltmgr!FltvInstanceTeardownStart
InstanceTeardownComplete : f722e512 fltmgr!FltvInstanceTeardownComplete
ActiveOpens : (8262ddf4) mCount=0
Client Port List : (8262de20) mCount=0
VerifierExtension : 81f6cad0
Operations : 8262de50
OldDriverUnload : 00000000 (null)
SupportedContexts : (8262ddc0)
VolumeContexts : (8262ddc0)
InstanceContexts : (8262ddc4)
FileContexts : (8262ddc8)
StreamContexts : (8262ddcc)
StreamHandleContexts : (8262ddd0)
ALLOCATE_CONTEXT_NODE: 82636a08 "MyDrv" [01] LookasideList*** ERROR:
我发现 ActiveOpens 已经为0了。 不知该如何下手。希望给点提示 或者相关资料。谢谢。
Re: Strange hang while unloading minifilter
zmsx
2010-04-14, 14:58 下午
自己解了。RundownRef 的问题。 unload 时又增加了新的RundownRef , 应该是有context 没有释放。