Can an IOCTL be sent to a driver before it finished its DriverEntry?

28 Aug, 21

Hello, I create a device object in my driverEntry routine and wait. Can an ICOTL be sent successfully to my dispatch function before my DriverEntry is returned?

2 评论

28 Aug, 21

No. Not until the DO_DEVICE_INITIALIZING bit is cleared in the Device Object flags field. Additionally you should not wait in your DriverEntry routine - if you need to do processing then you should create a worker thread.

NTSTATUS PsCreateSystemThread(
  PHANDLE            ThreadHandle,
  ULONG              DesiredAccess,
  POBJECT_ATTRIBUTES ObjectAttributes,
  HANDLE             ProcessHandle,
  PCLIENT_ID         ClientId,
  PKSTART_ROUTINE    StartRoutine,
  PVOID              StartContext


16 Sep, 21

For the curious, you can clear that bit (devObject->Flags & DO_DEVICE_INITIALIZING) manually from DriverEntry.

This is useful if you inject a driver.