static
BOOLEAN
TestZwUnload(
IN PDRIVER_OBJECT DriverObject,
IN PCUNICODE_STRING DriverRegistryPath,
IN PWCHAR NewDriverRegPath)
{
UNICODE_STRING RegPath;
NTSTATUS Status;
/* Try to unload ourself, which should fail as our Unload routine hasnt been set yet. */
Status = ZwUnloadDriver((PUNICODE_STRING)DriverRegistryPath);
ok (Status == STATUS_INVALID_DEVICE_REQUEST, "Expected NTSTATUS STATUS_INVALID_DEVICE_REQUEST, got 0x%lX\n", Status);
/* Try to unload with a Registry Path that doesnt exist */
RtlInitUnicodeString(&RegPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\deadbeef");
Status = ZwUnloadDriver(&RegPath);
ok (Status == STATUS_OBJECT_NAME_NOT_FOUND, "Expected NTSTATUS STATUS_OBJECT_NAME_NOT_FOUND, got 0x%lX\n", Status);
/* Unload the driver */
RtlInitUnicodeString(&RegPath, NewDriverRegPath);
Status = ZwUnloadDriver(&RegPath);
ok(Status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got 0x%lX\n", Status);
return NT_SUCCESS(Status);
}
void DtraceUnload(PDRIVER_OBJECT DrvObj)
{
NTSTATUS st;
LARGE_INTEGER tm;
ZwUnloadDriver(&fbtsys);
ZwUnloadDriver(&profilesys);
ZwUnloadDriver(&fttpsys);
while (dtrace_ref != 0 || dtrace_unload(DrvObj) != 0) {
tm.QuadPart = UNLOAD_RETRY_DELAY_TIME;
dprintf("dtrace.sys: Unload failed. Retry in %ds\n", abs(UNLOAD_RETRY_DELAY_TIME)/10000000);
KeDelayExecutionThread(KernelMode, FALSE, &tm);
}
PsRemoveLoadImageNotifyRoutine(ProcKernelModuleLoaded);
free_thread_list();
free_proc_list();
IoFreeWorkItem(WorkItem1);
int_freecore();
IoDeleteSymbolicLink(&deviceLink);
IoDeleteSymbolicLink(&deviceHelperLink);
IoDeleteDevice(DrvObj->DeviceObject);
}
//--------------------------------------------------------------------------------------
VOID DriverEntryContinueThread(PVOID Param)
{
LARGE_INTEGER Timeout = { 0 };
Timeout.QuadPart = RELATIVE(SECONDS(3));
DbgMsg(__FILE__, __LINE__, "Unloading old driver...\n");
NTSTATUS ns = ZwUnloadDriver(&m_RegistryPath);
if (NT_SUCCESS(ns))
{
DbgMsg(__FILE__, __LINE__, "OK\n");
}
else
{
DbgMsg(__FILE__, __LINE__, "ZwUnloadDriver() fails; status: 0x%.8x\n", ns);
}
while (true)
{
DbgPrint(__FUNCTION__"(): I'm allive!\n");
// sleep
KeDelayExecutionThread(KernelMode, FALSE, &Timeout);
}
}
NTSTATUS
AFSLoadLibrary( IN ULONG Flags,
IN UNICODE_STRING *ServicePath)
{
UNREFERENCED_PARAMETER(Flags);
NTSTATUS ntStatus = STATUS_SUCCESS;
AFSDeviceExt *pDevExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
UNICODE_STRING uniLibraryName;
AFSDeviceExt *pLibDevExt = NULL;
PFILE_OBJECT pLibraryFileObject = NULL;
PDEVICE_OBJECT pLibraryDeviceObject = NULL;
__Enter
{
//
// Wait on the load library event so we don't race with any
// other requests coming through
//
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Start load library\n",
__FUNCTION__));
ntStatus = KeWaitForSingleObject( &pDevExt->Specific.Control.LoadLibraryEvent,
Executive,
KernelMode,
FALSE,
NULL);
if( !NT_SUCCESS( ntStatus))
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_ERROR,
"AFSLoadLibrary Wait for LoadLibraryEvent failure %08lX\n",
ntStatus));
try_return( ntStatus);
}
//
// Check our current state to ensure we currently do not have a library loaded
//
if( BooleanFlagOn( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_LOADED))
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_VERBOSE,
"%s Library already loaded\n",
__FUNCTION__));
try_return( ntStatus = STATUS_DEVICE_NOT_READY);
}
pDevExt->Specific.Control.LibraryServicePath.Buffer = (WCHAR *)AFSExAllocatePoolWithTag( PagedPool,
ServicePath->Length,
AFS_GENERIC_MEMORY_25_TAG);
if( pDevExt->Specific.Control.LibraryServicePath.Buffer == NULL)
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_ERROR,
"AFSLoadLibrary AFS_GENERIC_MEMORY_25_TAG allocation error\n"));
try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
}
RtlZeroMemory( pDevExt->Specific.Control.LibraryServicePath.Buffer,
ServicePath->Length);
pDevExt->Specific.Control.LibraryServicePath.Length = ServicePath->Length;
pDevExt->Specific.Control.LibraryServicePath.MaximumLength = pDevExt->Specific.Control.LibraryServicePath.Length;
RtlCopyMemory( pDevExt->Specific.Control.LibraryServicePath.Buffer,
ServicePath->Buffer,
pDevExt->Specific.Control.LibraryServicePath.Length);
//
// Load the library
//
ntStatus = ZwLoadDriver( ServicePath);
if( !NT_SUCCESS( ntStatus))
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_ERROR,
"%s Failed to load library Status %08lX\n",
__FUNCTION__,
ntStatus));
try_return( ntStatus);
}
//
// Open up the control device and grab teh entry points for the library
//
RtlInitUnicodeString( &uniLibraryName,
AFS_LIBRARY_CONTROL_DEVICE_NAME);
ntStatus = IoGetDeviceObjectPointer( &uniLibraryName,
FILE_ALL_ACCESS,
&pLibraryFileObject,
&pLibraryDeviceObject);
if( !NT_SUCCESS( ntStatus))
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_ERROR,
"AFSLoadLibrary IoGetDeviceObjectPointer failure %08lX\n",
ntStatus));
try_return( ntStatus);
}
//
// We have our reference to the library device object. Grab the
// device extension and setup our callbacks
//
pLibDevExt = (AFSDeviceExt *)pLibraryDeviceObject->DeviceExtension;
//
// Save off our references
//
pDevExt->Specific.Control.LibraryFileObject = pLibraryFileObject;
pDevExt->Specific.Control.LibraryDeviceObject = pLibraryDeviceObject;
//
// Reset the state for our library
//
AFSAcquireExcl( &pDevExt->Specific.Control.LibraryStateLock,
TRUE);
SetFlag( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_LOADED);
ClearFlag( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_QUEUE_CANCELLED);
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_VERBOSE,
"%s Completed load library, processing queued requests\n",
__FUNCTION__));
AFSReleaseResource( &pDevExt->Specific.Control.LibraryStateLock);
//
// Process the queued requests
//
AFSProcessQueuedResults( FALSE);
try_exit:
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY | AFS_SUBSYSTEM_INIT_PROCESSING,
AFS_TRACE_LEVEL_VERBOSE,
"%s Library load complete Status %08lX\n",
__FUNCTION__,
ntStatus));
if( !NT_SUCCESS( ntStatus))
{
if( pDevExt->Specific.Control.LibraryServicePath.Buffer != NULL)
{
ZwUnloadDriver( &pDevExt->Specific.Control.LibraryServicePath);
ExFreePool( pDevExt->Specific.Control.LibraryServicePath.Buffer);
pDevExt->Specific.Control.LibraryServicePath.Buffer = NULL;
pDevExt->Specific.Control.LibraryServicePath.Length = 0;
pDevExt->Specific.Control.LibraryServicePath.MaximumLength = 0;
}
}
KeSetEvent( &pDevExt->Specific.Control.LoadLibraryEvent,
0,
FALSE);
}
return ntStatus;
}
NTSTATUS
AFSUnloadLibrary( IN BOOLEAN CancelQueue)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
AFSDeviceExt *pDevExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
LARGE_INTEGER liTimeout;
__Enter
{
//
// Wait on the load library event so we don't race with any
// other requests coming through
//
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Start unload library\n",
__FUNCTION__));
ntStatus = KeWaitForSingleObject( &pDevExt->Specific.Control.LoadLibraryEvent,
Executive,
KernelMode,
FALSE,
NULL);
if( !NT_SUCCESS( ntStatus))
{
try_return( ntStatus);
}
if( !BooleanFlagOn( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_LOADED))
{
try_return( ntStatus = STATUS_DEVICE_NOT_READY);
}
//
// Clear all outstanding requests
//
AFSAcquireExcl( &pDevExt->Specific.Control.LibraryStateLock,
TRUE);
ClearFlag( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_LOADED);
if( CancelQueue)
{
SetFlag( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_QUEUE_CANCELLED);
}
//
// We'll wait on the inflight event to be set, checking for the inflight
// request count to reach zero
//
while( pDevExt->Specific.Control.InflightLibraryRequests > 0)
{
liTimeout.QuadPart = -(AFS_ONE_SECOND);
//
// If the count is non-zero make sure the event is cleared
//
KeClearEvent( &pDevExt->Specific.Control.InflightLibraryEvent);
AFSReleaseResource( &pDevExt->Specific.Control.LibraryStateLock);
ntStatus = KeWaitForSingleObject( &pDevExt->Specific.Control.InflightLibraryEvent,
Executive,
KernelMode,
FALSE,
&liTimeout);
AFSAcquireExcl( &pDevExt->Specific.Control.LibraryStateLock,
TRUE);
if( ntStatus != STATUS_TIMEOUT &&
ntStatus != STATUS_SUCCESS)
{
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Failed request event Status %08lX\n",
__FUNCTION__,
ntStatus));
SetFlag( pDevExt->Specific.Control.LibraryState, AFS_LIBRARY_LOADED);
AFSReleaseResource( &pDevExt->Specific.Control.LibraryStateLock);
AFSProcessQueuedResults( TRUE);
try_return( ntStatus);
}
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Wait for inflight requests to complete %08lX\n",
__FUNCTION__,
pDevExt->Specific.Control.InflightLibraryRequests));
}
AFSReleaseResource( &pDevExt->Specific.Control.LibraryStateLock);
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Processing queued results\n",
__FUNCTION__));
AFSProcessQueuedResults( TRUE);
//
// Unload the current library implementation
//
if( pDevExt->Specific.Control.LibraryFileObject != NULL)
{
ObDereferenceObject( pDevExt->Specific.Control.LibraryFileObject);
}
pDevExt->Specific.Control.LibraryFileObject = NULL;
pDevExt->Specific.Control.LibraryDeviceObject = NULL;
ZwUnloadDriver( &pDevExt->Specific.Control.LibraryServicePath);
ExFreePool( pDevExt->Specific.Control.LibraryServicePath.Buffer);
pDevExt->Specific.Control.LibraryServicePath.Length = 0;
pDevExt->Specific.Control.LibraryServicePath.MaximumLength = 0;
pDevExt->Specific.Control.LibraryServicePath.Buffer = NULL;
try_exit:
AFSDbgTrace(( AFS_SUBSYSTEM_LOAD_LIBRARY,
AFS_TRACE_LEVEL_VERBOSE,
"%s Library unload complete Status %08lX\n",
__FUNCTION__,
ntStatus));
KeSetEvent( &pDevExt->Specific.Control.LoadLibraryEvent,
0,
FALSE);
}
return ntStatus;
}
