Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

API OpenProcess blocking

26 views

Skip to first unread message

Mathieu

unread,

Nov 11, 2009, 6:24:41 PM11/11/09

Hello
Remember that I post the question on API writefile in blocking
the framework to map a logical drive in an image file management through
a process in user-mode by an intermediate of my driver.

The writefile is not blocking any more when I'm overlapped.

But I use the API OpenProcess to get process name from a processID
retrieve via my driver.

The problem: the call to OpenProcess Windows will sometimes write to the
logical drive in question mapped in an image file managed by thread
calling in user-mode.
Windows try write on the logical letter in question during call api
OpenProcess ,in this case my driver returns him STATUS_PENDING of
IRP_MJ_WRITE because my management process image file is busy,
it is blocked on the OpenProcess API.
The command event of read / write is called once and only on one thread.

As usual I made a sample pattern for a full write request:

<kernel MODE>
Writing query IRP_MJ_WRITE
SetEvent
<User MODE>
WaitSingleForObject
Information retrieval
This is a write request
Call OpenProcess since user-mode
<kernel MODE>
Writing query IPR_MJ_WRITE
Return STATUS_PENDING for process did not finish its operation /
OpenProcess remains blocked
..
Time Out for all

The write request by the API OpenProcess FAILS recess.

Like if I use fprintf to another file other than the image file that is
my logical drive mapped.

What kernel function I must implement to avoid the API called from the
thread manager disk management does not access my logical drive.

More bizarre yet, demand IRP_MJ_WRITE OpenProcess called by the process
ID is retrieved, which is 4 (system process (kernel)), it does not
process my application that this style requires.

Apparently the problem I have on WXP.

Tests on Vista, no problem, understand.

Tested on x64 Mode with Disabling signature = No Problem.

Conclusion:
How to prevent the API call from my thread to access to access the
logical drive in question , but it's the system process ID 4 which access.

There is the option to refuse any writing on my logical letter in
question if the requesting thread is the thread management of my logical
letter running in user-mode by intermediate my driver,
the problem is the process 4 (Kernel) which access the logical drive
in question during the call OpenProcess API.

Thank You

0 new messages