0

I am trying to determine why my filter causes diskmanagement, diskmgmt.msc, to lag. It gets stuck for a lengthy period until it shows or not at all.

My investigation and conclusion has narrowed the problem down quite a lot. I will write some code which is heavily shortend for a easy read. I'm fairly certain it is sufficient to answer the question.

You see, the code below works. Result is the value which is returned. 

    if(Data->Iopb->MajorFunction == IRP_MJ_VOLUME_MOUNT)
        {
dev = diskDevice->DeviceType;
        if((FILE_DEVICE_MASS_STORAGE == dev) || (FILE_DEVICE_DISK == dev) || 
                    (FILE_DEVICE_DISK_FILE_SYSTEM == dev) || (FILE_DEVICE_VIRTUAL_DISK == dev)
                    || (FILE_DEVICE_FILE_SYSTEM == dev) || (dev >= 32768))
                    {
                        if(FLT_FSTYPE_NTFS == fs_type)
                        {
                            Result = FLT_PREOP_SUCCESS_WITH_CALLBACK; 

                        }
                        else
                        {
                            Result = FLT_PREOP_SUCCESS_NO_CALLBACK;
                        }
                    }

        }

If the "else" would be FLT_PREOP_SUCCESS_WITH_CALLBACK;, it would lag.

So, my assumption here is that there is a specific behaviour to some specific FLT_FSTYPE other than NTFS. My question is therefore, which one has specific requirements?

My PostOperation function does not do a whole lot other than logging. That function always returns FLT_POSTOP_FINISHED_PROCESSING.

Alex
  • 365
  • 4
  • 17
  • I'm going to guess it's probably a branch prediction issue, but you should profile before just guessing. – Mgetz May 08 '18 at 14:38
  • I will try to investigate that but I'm confused. I know GPUs lack branch preditions but does drivers suffer by the same thing? – Alex May 08 '18 at 15:04
  • drivers run on the CPU, so yes... they absolutely have that issue. I would suggest using [xperf/Windows Performance Analyzer](https://randomascii.wordpress.com/2012/06/19/wpaxperf-trace-analysis-reimagined/) to figure this out, without profiling you'll only ever be guessing. – Mgetz May 08 '18 at 15:09
  • also useful: https://randomascii.wordpress.com/2015/09/24/etw-central/ – Mgetz May 08 '18 at 15:10

1 Answers1

0

Okay, my issue was not caused by the enum values or with any "magic" involved. The enums decide whether or not the postOperation should run or not. Common sense say that there lies the issue. As I said, all I did there was logging stuff. And yeah, that was the problem. I use the function FltSendMessage. As i do not have a Timer and is set on NULL, it will wait indefinitely. That's where it gets stuck. My issue is then that there is an error in the communication between kernel and userland. In my case, the userland application is failing on its side. As it fails, it does not send an acknowledgement to the driver so it waits.

Alex
  • 365
  • 4
  • 17