About the drive to read and write asynchronous time-out processing, data on the network is relatively rare, just recently encountered this problem at work, so I study a little, or find some doorways. If processing logic in full accordance with the application layer to handle read and write timeout occurs, then the driving layer blue screen problems, etc.
As far as the read and write timeout, then we will certainly think of first impression waits for a call-related events and event operations and functions, then declare several file manipulation functions let's look at the driver:
The first is the open operation
NTSTATUS ZwCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_opt_ PVOID EaBuffer,
_In_ ULONG EaLength
);The experience of the application layer, if you want to implement a timeout to read and write, we need to open the file in an asynchronous manner, and that is the default drive asynchronous open operation, if you need to synchronize open, you need to set the following values (two need to set)
DesiredAccess : the SYNCHRONIZE
the CreateOptions : FILE_SYNCHRONOUS_IO_NONALERT
Then the read and write functions, two similar
NTSTATUS ZwReadFile(
_In_ HANDLE FileHandle,
_In_opt_ HANDLE Event,
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
_In_opt_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_Out_ PVOID Buffer,
_In_ ULONG Length,
_In_opt_ PLARGE_INTEGER ByteOffset,
_In_opt_ PULONG Key
);
NTSTATUS ZwWriteFile(
_In_ HANDLE FileHandle,
_In_opt_ HANDLE Event,
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
_In_opt_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_ PVOID Buffer,
_In_ ULONG Length,
_In_opt_ PLARGE_INTEGER ByteOffset,
_In_opt_ PULONG Key
);Here the experience of the application layer, we will find the parameters on the event (Event), according to the document declaration, just the second parameter related to the event, after consult the documentation to determine the parameters can be used for asynchronous timeout wait. This time we need to create an event on creating an event driven function, we first think KeInitializeEvent , but here need is a HANDLE type, so we need to use the following method to create:
ZwCreateEvent(&g_hEvent, GENERIC_ALL, NULL, SynchronizationEvent, FALSE);Then we naturally think of that begin to search for relevant Zw wait function
status = ZwWaitForSingleObject(g_hEvent, FALSE, &time);This time if the status returns of STATUS_TIMEOUT , then read and write files on behalf of the timeout, this time we close the event handler, and then returns a file handle. If you really do, then the real time data such as return, there will be a blue screen problem.
The analysis found that because we use ZwClose function after the handle is closed, windows did not stop the operation of the document, because it is asynchronous, so the background is still returned waiting for data, if this time we destroy the resource, but the data in overtime after returning, then there will be such a memory access error 0xc0000005 blue screen. So we naturally think about whether there is a function to disable the file IO operations, the answer is yes, but it is undocumented function, function declarations are as follows:
typedef
NTSTATUS
(NTAPI *MyZwCancelIoFile)(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock);This function can be used to cancel the file IO, when we read and write timeouts, we need to cancel the file IO operations background, and then close the relevant handle. We can get the function address:
UNICODE_STRING funcname = RTL_CONSTANT_STRING(L"ZwCancelIoFile");
ZwCancelIoFile = (MyZwCancelIoFile)MmGetSystemRoutineAddress(&funcname);
if (ZwCancelIoFile == NULL)
{
return FALSE;
}~ Complete ~