NTSTATUS RunTestSuite() { HOOK_TRACE_INFO hHook = { NULL }; NTSTATUS NtStatus; ULONG ACLEntries[1] = {0}; UNICODE_STRING SymbolName; KTIMER Timer; BOOLEAN HasInterface = FALSE; PFILE_OBJECT hEasyHookDrv; FORCE(EasyHookQueryInterface(EASYHOOK_INTERFACE_v_1, &Interface, &hEasyHookDrv)); HasInterface = TRUE; RtlInitUnicodeString(&SymbolName, L"KeCancelTimer"); /* The following shows how to install and remove local hooks... */ FORCE(Interface.LhInstallHook( MmGetSystemRoutineAddress(&SymbolName), KeCancelTimer_Hook, (PVOID)0x12345678, &hHook)); // won't invoke the hook handle because hooks are inactive after installation KeInitializeTimer(&Timer); KeCancelTimer(&Timer); // activate the hook for the current thread FORCE(Interface.LhSetInclusiveACL(ACLEntries, 1, &hHook)); // will be redirected into the handler... KeCancelTimer(&Timer); // this will NOT unhook the entry point. But the associated handler is never called again... Interface.LhUninstallHook(&hHook); // this will restore ALL entry points of currently rending removals issued by LhUninstallHook() Interface.LhWaitForPendingRemovals(); ObDereferenceObject(hEasyHookDrv); return STATUS_SUCCESS; ERROR_ABORT: if(HasInterface) { ObDereferenceObject(hEasyHookDrv); KdPrint(("\n[Error]: \"%S\" (code: %d)\n", Interface.RtlGetLastErrorString(), Interface.RtlGetLastError())); } else KdPrint(("\n[Error]: \"Unable to obtain EasyHook interface.\" (code: %d)\n", NtStatus)); return NtStatus; }
VOID FreeTimeouts(PC0C_IO_PORT pIoPort) { KeCancelTimer(&pIoPort->timerReadTotal); KeCancelTimer(&pIoPort->timerReadInterval); KeCancelTimer(&pIoPort->timerWriteTotal); KeCancelTimer(&pIoPort->timerClose); KeRemoveQueueDpc(&pIoPort->timerReadTotalDpc); KeRemoveQueueDpc(&pIoPort->timerReadIntervalDpc); KeRemoveQueueDpc(&pIoPort->timerWriteTotalDpc); KeRemoveQueueDpc(&pIoPort->timerCloseDpc); }
NTSTATUS FilterUnload ( IN FLT_FILTER_UNLOAD_FLAGS Flags ) { PLIST_ENTRY pListHead; PFILE_EVENT_PACKET pFileEventPacket; FltCloseCommunicationPort( fileManager.pServerPort ); if(fileManager.bReady == TRUE) { FltUnregisterFilter( fileManager.pFilter ); KeCancelTimer(&fileManager.connectionCheckerTimer); } // Free the log directory if(fileManager.logDirectory.Buffer != NULL) { ExFreePoolWithTag(fileManager.logDirectory.Buffer, FILE_POOL_TAG); fileManager.logDirectory.Buffer = NULL; } fileManager.bCollectDeletedFiles = FALSE; // Free the linked list containing all the left over file events FreeQueuedEvents(); return STATUS_SUCCESS; }
VOID NTAPI ExpDeleteTimer(IN PVOID ObjectBody) { KIRQL OldIrql; PETIMER Timer = ObjectBody; /* Check if it has a Wait List */ if (Timer->WakeTimerListEntry.Flink) { /* Lock the Wake List */ KeAcquireSpinLock(&ExpWakeListLock, &OldIrql); /* Check again, since it might've changed before we locked */ if (Timer->WakeTimerListEntry.Flink) { /* Remove it from the Wait List */ RemoveEntryList(&Timer->WakeTimerListEntry); Timer->WakeTimerListEntry.Flink = NULL; } /* Release the Wake List */ KeReleaseSpinLock(&ExpWakeListLock, OldIrql); } /* Tell the Kernel to cancel the Timer and flush all queued DPCs */ KeCancelTimer(&Timer->KeTimer); KeFlushQueuedDpcs(); }
void STDCALL flush_thread(void* context) { DEVICE_OBJECT* devobj = context; device_extension* Vcb = devobj->DeviceExtension; LARGE_INTEGER due_time; ObReferenceObject(devobj); KeInitializeTimer(&Vcb->flush_thread_timer); due_time.QuadPart = -INTERVAL * 10000; KeSetTimer(&Vcb->flush_thread_timer, due_time, NULL); while (TRUE) { KeWaitForSingleObject(&Vcb->flush_thread_timer, Executive, KernelMode, FALSE, NULL); if (!(devobj->Vpb->Flags & VPB_MOUNTED) || Vcb->removing) break; do_flush(Vcb); KeSetTimer(&Vcb->flush_thread_timer, due_time, NULL); } ObDereferenceObject(devobj); KeCancelTimer(&Vcb->flush_thread_timer); KeSetEvent(&Vcb->flush_thread_finished, 0, FALSE); PsTerminateSystemThread(STATUS_SUCCESS); }
VOID StatUnload ( IN PDRIVER_OBJECT DriverObject ) { PDEVICE_OBJECT deviceObject; PAGED_CODE(); RemoveAllHookedThunks (); KeCancelTimer (&LazyFreeTimer); LazyFreePool (NULL); // // Restore hooked addresses // *((PULONG) HalThunkForKeUpdateSystemTime) = KeUpdateSystemTimeThunk; if (HalThunkForKeUpdateRunTime) { *((PULONG) HalThunkForKeUpdateRunTime) = KeUpdateRunTimeThunk; } // // Delete the device object. // IoDeleteDevice(DriverObject->DeviceObject); return; }
NTSTATUS NTAPI BeepClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { PDEVICE_EXTENSION DeviceExtension = DeviceObject->DeviceExtension; /* Acquire the mutex and decrease reference count */ ExAcquireFastMutex(&DeviceExtension->Mutex); if (!(--DeviceExtension->ReferenceCount)) { /* Check for active timer */ if (DeviceExtension->TimerActive) { /* Cancel it */ if (KeCancelTimer(&DeviceExtension->Timer)) { /* Mark it as cancelled */ InterlockedDecrement(&DeviceExtension->TimerActive); } } /* Page the driver */ MmUnlockPagableImageSection(DeviceExtension->SectionHandle); } /* Release the lock */ ExReleaseFastMutex(&DeviceExtension->Mutex); /* Complete the request */ Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_SUCCESS; }
VOID NTAPI BeepUnload(IN PDRIVER_OBJECT DriverObject) { PDEVICE_EXTENSION DeviceExtension; PDEVICE_OBJECT DeviceObject; /* Get DO and DE */ DeviceObject = DriverObject->DeviceObject; DeviceExtension = DeviceObject->DeviceExtension; /* Check if the timer is active */ if (DeviceExtension->TimerActive) { /* Cancel it */ if (KeCancelTimer(&DeviceExtension->Timer)) { /* All done */ InterlockedDecrement(&DeviceExtension->TimerActive); } } /* Delete the object */ IoDeleteDevice(DeviceObject); }
/*! . \param [in] \param [out] \param [in,out] \pre \post \return */ NTSTATUS FlTimerThreadStop() { LARGE_INTEGER tend_timeout; DBGPRINT("[flmonflt] Stopping timer thread.\n"); tend_timeout.QuadPart = RELATIVE(SECONDS(8)); TimerThreadStopExec = TRUE; KeCancelTimer(DriverInfoData->Timer); KeSetEvent(DriverInfoData->TimerThreadSleepWakeup, 0, FALSE); DBGPRINT("[flmonflt] Waiting for thread to exit.\n"); KeWaitForSingleObject(DriverInfoData->TimerThread, Executive, KernelMode, TRUE, &tend_timeout); DBGPRINT("[flmonflt] Thread exited, dereferencing object.\n"); ObDereferenceObject(DriverInfoData->TimerThread); DBGPRINT("[flmonflt] Thread dereferenced.\n"); return STATUS_SUCCESS; }
VOID DriverUnload (PDRIVER_OBJECT pDriverObject) { PDEVICE_OBJECT pNextObj; DbgPrint("MWDM_DRIVER: DriverUnload | Started\n"); // Loop through each device controlled by Driver KeCancelTimer (&timer); pNextObj = pDriverObject->DeviceObject; while (pNextObj != NULL) { PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION) pNextObj->DeviceExtension; //... // UNDO whatever is done in Driver Entry // // ... delete symbolic link name //IoDeleteSymbolicLink(&pDevExt->symLinkName); pNextObj = pNextObj->NextDevice; // then delete the device using the Extension IoDeleteDevice( pDevExt->DeviceObject); } DbgPrint("MWDM_DRIVER: DriverUnload | Done\n"); return; }
//============================================================================= CMiniportWaveCyclicStream::~CMiniportWaveCyclicStream(void) /*++ Routine Description: Destructor for wavecyclicstream Arguments: Return Value: NT status code. --*/ { PAGED_CODE(); DPF_ENTER(("[CMiniportWaveCyclicStream::~CMiniportWaveCyclicStream]")); if (m_pTimer) { KeCancelTimer(m_pTimer); ExFreePoolWithTag(m_pTimer, MSVAD_POOLTAG); } if (m_pDpc) { ExFreePoolWithTag( m_pDpc, MSVAD_POOLTAG ); } // Free the DMA buffer FreeBuffer(); if (NULL != m_pMiniport) { if (m_fCapture) { m_pMiniport->m_fCaptureAllocated = FALSE; } else { m_pMiniport->m_fRenderAllocated = FALSE; } } } // ~CMiniportWaveCyclicStream
/**************************************************************************** REMARKS: Function to unregister a driver heart beat callback with the PM library. ****************************************************************************/ void PMAPI PM_unregisterHeartBeatCallback( PM_heartBeat_cb cb) { int i; // Remove heart beat callback from list for (i = 0; i < _PM_hb->numHeartBeatCallbacks; i++) { if (_PM_hb->heartBeat[i] == cb) { PM_lockSNAPAccess(-1,true); if (i < _PM_hb->numHeartBeatCallbacks-1) { RtlMoveMemory(&_PM_hb->heartBeat[i],&_PM_hb->heartBeat[i+1], sizeof(_PM_hb->heartBeat[i]) * (_PM_hb->numHeartBeatCallbacks-1 - i)); RtlMoveMemory(&_PM_hb->heartBeatData[i],&_PM_hb->heartBeatData[i+1],sizeof(_PM_hb->heartBeatData[i]) * (_PM_hb->numHeartBeatCallbacks-1 - i)); } _PM_hb->numHeartBeatCallbacks--; PM_unlockSNAPAccess(-1); break; } } // If last time called, kill periodic timer and driver thread if (_PM_hb->numHeartBeatCallbacks == 0) { PM_lockSNAPAccess(-1,true); KeCancelTimer(&_PM_hb->kTimer); // PsTerminateSystemThread can only be called within driver thread context _PM_hb->bThreadRunning = false; PM_unlockSNAPAccess(-1); } }
NTSTATUS EventLogStart(PEVENT_LOG EventLog) { LARGE_INTEGER TimerDueTime; NTSTATUS Status; RtlZeroMemory(EventLog, sizeof(EVENT_LOG)); InitializeListHead(&EventLog->EventListHead); KeInitializeSpinLock(&EventLog->EventListLock); KeInitializeTimer(&EventLog->Timer); KeInitializeDpc(&EventLog->TimerDpc, EventLogTimerDpcRoutine, EventLog); SysWorkerInit(&EventLog->Worker); Status = SysWorkerStart(&EventLog->Worker); if (!NT_SUCCESS(Status)) { goto start_failed; } TimerDueTime.QuadPart = 0; KeSetTimerEx(&EventLog->Timer, TimerDueTime, 500, &EventLog->TimerDpc); return STATUS_SUCCESS; start_failed: EventLog->Stopping = 1; KeCancelTimer(&EventLog->Timer); KeFlushQueuedDpcs(); SysWorkerStop(&EventLog->Worker); EventLogFlush(EventLog); return Status; }
VOID NTAPI CmpShutdownWorkers(VOID) { /* Stop lazy flushing */ PAGED_CODE(); KeCancelTimer(&CmpLazyFlushTimer); }
VOID SrvCancelTimer ( PSRV_TIMER Timer ) /*++ Routine Description: This routine cancels a timer. Arguments: Timer -- pointer to the timer Return Value: None. --*/ { PAGED_CODE( ); // // Cancel the timer. // if ( !KeCancelTimer( &Timer->Timer ) ) { // // We were unable to cancel the timer. This means that the // timer routine has either already run or is scheduled to run. // We need to wait for the timer routine to complete before we // continue. // // We expect that if we couldn't cancel the timer (which // shouldn't happen often), then the timer routine has probably // already completed, so we call KeReadStateEvent first to avoid // the overhead of KeWaitForSingleObject. // if ( !KeReadStateEvent( &Timer->Event ) ) { KeWaitForSingleObject( &Timer->Event, UserRequest, KernelMode, // don't let kernel stack be paged FALSE, // not alertable NULL // no timeout ); } } return; } // SrvCancelTimer
void BackupRegistersDeInit(HANDLE_DEV dev) { WriteBackupRegistersToRegistry(dev); #ifdef ENABLE_TIMER_DPC KeCancelTimer(timer); KeFlushQueuedDpcs(); //wait for dpc complete SAFE_FREE_POOL(dpc, IVH_BACKUP_POOL_TAG); SAFE_FREE_POOL(timer, IVH_BACKUP_POOL_TAG); #endif }
VOID EventLogStop(PEVENT_LOG EventLog) { PSYS_WRK_ITEM WrkItem = NULL; EventLog->Stopping = 1; KeCancelTimer(&EventLog->Timer); KeFlushQueuedDpcs(); SysWorkerStop(&EventLog->Worker); EventLogFlush(EventLog); }
/** * Worker function that stops an active timer. * * Shared by RTTimerStop and RTTimerDestroy. * * @param pTimer The active timer. */ static void rtTimerNtStopWorker(PRTTIMER pTimer) { /* * Just cancel the timer, dequeue the DPCs and flush them (if this is supported). */ ASMAtomicWriteBool(&pTimer->fSuspended, true); KeCancelTimer(&pTimer->NtTimer); for (RTCPUID iCpu = 0; iCpu < pTimer->cSubTimers; iCpu++) KeRemoveQueueDpc(&pTimer->aSubTimers[iCpu].NtDpc); }
NTSTATUS LMDestroy( IN PBUFFLOCK_CONTROL BuffLockCtl ){ BOOLEAN cancelledInSystemTimerQueue; cancelledInSystemTimerQueue = KeCancelTimer(&BuffLockCtl->IoIdleTimer); if(cancelledInSystemTimerQueue == FALSE) { KDPrintM(DBG_OTHER_ERROR, ("Buffer lock IO idle timer is not cancelled in the system timer queue.\n")); } return STATUS_SUCCESS; }
NTSTATUS RemoveDPCTimer(PVOID InBuffer) { PREMOVE_DPCTIMER Temp = (PREMOVE_DPCTIMER)InBuffer; ULONG_PTR TimerObject = Temp->TimerObject; if (TimerObject&&MmIsAddressValid((PVOID)TimerObject)) { if (KeCancelTimer((PKTIMER)TimerObject)) { return STATUS_SUCCESS; } } return STATUS_UNSUCCESSFUL; }
BOOLEAN KeCancelTimer_Hook(PKTIMER InTimer) { PVOID CallStack[64]; MODULE_INFORMATION Mod; ULONG MethodCount; Interface.LhBarrierPointerToModule(0, 0); Interface.LhBarrierCallStackTrace(CallStack, 64, &MethodCount); Interface.LhBarrierGetCallingModule(&Mod); return KeCancelTimer(InTimer); }
/*! . \param [in] \param [out] \param [in,out] \pre \post \return */ NTSTATUS FlTimerThreadCreate() { NTSTATUS status = STATUS_SUCCESS; HANDLE handle; OBJECT_ATTRIBUTES objectAttribs; TimerThreadStopExec = FALSE; InitializeObjectAttributes( &objectAttribs, NULL, OBJ_KERNEL_HANDLE, NULL, NULL); KeInitializeEvent(&ThreadSleepWakeup, SynchronizationEvent, FALSE); DriverInfoData->TimerThreadSleepWakeup = &ThreadSleepWakeup; KeInitializeTimer(&Timer); DriverInfoData->Timer = &Timer; status = PsCreateSystemThread(&handle, THREAD_ALL_ACCESS, &objectAttribs, NULL, NULL, (PKSTART_ROUTINE)TimerThreadExecRoutine, NULL); if (!NT_SUCCESS(status)) { KeCancelTimer(&Timer); DriverInfoData->Timer = NULL; DriverInfoData->TimerThreadSleepWakeup = NULL; DBGPRINT_ARG1("[flmonflt] PsCreateSystemThread failed: 0x%X\n", status); } else { ObReferenceObjectByHandle(handle, THREAD_ALL_ACCESS, NULL, KernelMode, &DriverInfoData->TimerThread, NULL); ZwClose(handle); DBGPRINT("[flmonflt] PsCreateSystemThread succeeded.\n"); } return status; }
static VOID ExpDeleteTimer ( IN PVOID Object ) /*++ Routine Description: This function is the delete routine for timer objects. Its function is to cancel the timer and free the spin lock associated with a timer. Arguments: Object - Supplies a pointer to an executive timer object. Return Value: None. --*/ { PETIMER ExTimer; KIRQL OldIrql; ExTimer = (PETIMER) Object; // // Remove from wake list // if (ExTimer->WakeTimerListEntry.Flink) { ExAcquireSpinLock(&ExpWakeTimerListLock, &OldIrql); if (ExTimer->WakeTimerListEntry.Flink) { RemoveEntryList(&ExTimer->WakeTimerListEntry); ExTimer->WakeTimerListEntry.Flink = NULL; } ExReleaseSpinLock(&ExpWakeTimerListLock, OldIrql); } // // Cancel the timer and free the spin lock associated with the timer. // KeCancelTimer(&ExTimer->KeTimer); return; }
/*++ ClasspStopIdleTimer Routine Description: Stop the idle timer if running. Also reset the timer counters. Arguments: FdoData - Pointer to the private fdo data Return Value: None --*/ VOID ClasspStopIdleTimer( PCLASS_PRIVATE_FDO_DATA FdoData ) { LONG timerStarted; TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_TIMER, "ClasspStopIdleTimer: Stop idle timer\n")); timerStarted = InterlockedCompareExchange(&FdoData->IdleTimerStarted, 0, 1); if (timerStarted) { (VOID)KeCancelTimer(&FdoData->IdleTimer); } return; }
VOID LlcTerminateTimerSystem( VOID ) /*++ Routine Description: This routine terminates the timer system of the data link driver. Arguments: None. Return Value: None. --*/ { ASSUME_IRQL(PASSIVE_LEVEL); DlcIsTerminating = TRUE; // // if KeCancelTimer returns FALSE then the timer was not set. Assume the DPC // is either waiting to be scheduled or is already in progress // if (!KeCancelTimer(&SystemTimer)) { // // if timer is not set, wait for DPC to complete // while (!DlcTerminated) { // // wait 40 milliseconds - period of DLC's tick // LlcSleep(40000); } } }
VOID DokanTimeoutThread( PDokanDCB Dcb) /*++ Routine Description: checks wheter pending IRP is timeout or not each DOKAN_CHECK_INTERVAL --*/ { NTSTATUS status; KTIMER timer; PVOID pollevents[2]; LARGE_INTEGER timeout = {0}; BOOLEAN waitObj = TRUE; DDbgPrint("==> DokanTimeoutThread\n"); KeInitializeTimerEx(&timer, SynchronizationTimer); pollevents[0] = (PVOID)&Dcb->KillEvent; pollevents[1] = (PVOID)&timer; KeSetTimerEx(&timer, timeout, DOKAN_CHECK_INTERVAL, NULL); while (waitObj) { status = KeWaitForMultipleObjects(2, pollevents, WaitAny, Executive, KernelMode, FALSE, NULL, NULL); if (!NT_SUCCESS(status) || status == STATUS_WAIT_0) { DDbgPrint(" DokanTimeoutThread catched KillEvent\n"); // KillEvent or something error is occured waitObj = FALSE; } else { ReleaseTimeoutPendingIrp(Dcb); if (Dcb->UseKeepAlive) DokanCheckKeepAlive(Dcb); } } KeCancelTimer(&timer); DDbgPrint("<== DokanTimeoutThread\n"); PsTerminateSystemThread(STATUS_SUCCESS); }
VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) { PDEVICE_OBJECT tDevObj = DriverObject->DeviceObject; while(NULL != tDevObj) { PDEVICE_OBJECT tNextDevObj = tDevObj->NextDevice; UNICODE_STRING tSymbolicName; MyDeviceExtend* tDevExtend = (MyDeviceExtend*)tDevObj->DeviceExtension; KeCancelTimer(&tDevExtend->Timer); RtlInitUnicodeString(&tSymbolicName,DEVICE_SYMBOLICLINK); IoDeleteSymbolicLink(&tSymbolicName); IoDeleteDevice(tDevObj); tDevObj = tNextDevObj; } }
void TimerDpc( IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2) { if(timercount<10) { KdPrint(("MWDM_DRIVER: Entered timerDpc")); timercount+=1; } else { KeCancelTimer (&timer); timercount =0; } KdPrint(("MWDM_DRIVER: Timer Count: %d",timercount)); return; }
/** * Worker function that stops an active timer. * * Shared by RTTimerStop and RTTimerDestroy. * * @param pTimer The active timer. */ static void rtTimerNtStopWorker(PRTTIMER pTimer) { /* * Just cancel the timer, dequeue the DPCs and flush them (if this is supported). */ ASMAtomicWriteBool(&pTimer->fSuspended, true); KeCancelTimer(&pTimer->NtTimer); for (RTCPUID iCpu = 0; iCpu < pTimer->cSubTimers; iCpu++) KeRemoveQueueDpc(&pTimer->aSubTimers[iCpu].NtDpc); /* * I'm a bit uncertain whether this should be done during RTTimerStop * or only in RTTimerDestroy()... Linux and Solaris will wait AFAIK, * which is why I'm keeping this here for now. */ if (g_pfnrtNtKeFlushQueuedDpcs) g_pfnrtNtKeFlushQueuedDpcs(); }
NTSTATUS StopIoIdleTimer( PBUFFLOCK_CONTROL BuffLockCtl ){ BOOLEAN cancelledInSystemTimerQueue; if(BuffLockCtl->BufferLockConrol == FALSE) { return STATUS_SUCCESS; } // Clear IO idle state. BuffLockCtl->IoIdle = FALSE; cancelledInSystemTimerQueue = KeCancelTimer(&BuffLockCtl->IoIdleTimer); if(cancelledInSystemTimerQueue == FALSE) { KDPrintM(DBG_OTHER_INFO, ("Buffer lock IO idle timer is not canceled in the system timer queue.\n")); } return STATUS_SUCCESS; }