Safedisc installs a kernel service called secdrv.sys. As wine is a user-space only implementation of the win32 API, we need to implement part of the windows kernel API (ntoskrnl.exe) in user-space, and emulate what can't be implemented.
Our biggest problem is the I/O Manager. The kernel services is started by StartService, which currently only supports user-space services. We need to understand how kernel services work in windows to fix that.
When a kernel service is started, it's DriverEntry routine is called with a DRIVER_OBJECT. In which thread does that happen ? Is a new kernel thread started for that ? Can DriverEntry block or must it return immediately ? If it can block, can the driver dispatch routines be called before it returns ? When it returns, if it has been started in a new kernel thread, what happens to the thread ? In which thread do the dispatch routines run when they are called from user-space ?
The MSDN documentation is not very clear about all that. I suppose it hasn't been written with windows cloners in mind :-)
Brad DeMorrow wrote:
When a kernel service is started, it's DriverEntry routine is called with a DRIVER_OBJECT. In which thread does that happen ?
Depends on the way the driver is loaded. On system start the drivers are loaded in system process context (in the first thread typical, but that mustn't be true of WinXP anymore). On demand drivers started with SCM API are loaded in context of Services thread. The driver shouldn't normally depend on that.
Is a new kernel thread started for that ?
No.
Can DriverEntry block or must it return immediately ?
Immediately.
In which thread do the dispatch routines run when they are called from user-space ?
In context of the user-space thread that called them.
Regards, Filip
Can DriverEntry block or must it return immediately ?
Immediately.
MSDN: "The only driver routines that can safely wait on events, semaphores, mutexes, or timers are those that run in a nonarbitrary thread context at IRQL PASSIVE_LEVEL, such as driver-created threads, the DriverEntry and Reinitialize routines, or dispatch routines for inherently synchronous I/O operations (such as most device I/O control requests)."
So you _can_ block in DriverEntry, but i guess most drivers don't.
G.
-
Brad DeMorrow -
Filip Navara -
Gunnar Dalsnes